tkishel/https_file.pp

## https_file.pp
# PUP-7814: HTTPS file sources with non-puppet-trusted certs cannot be used

# TODO: Rewrite to accept and pass other File resource attributes to the resulting file.
# TODO: Identify a dependable alternative to grep on Windows.

define https_file (
  String                $cert,
  String                $path    = $name,
  String                $temp    = "${path}.download",
  Pattern[/^https/]     $source,
  Enum[present, absent] $ensure  = present,
) {

  if ($facts['os']['family'] == 'windows') {
    fail("Classification Error: https_file is not yet compatible with Windows.")
  }

  if ($facts['os']['family'] == 'windows') {
    $curl_command = "${::env_windows_installdir}\\bin\\curl"
  } else {
    $curl_command = '/opt/puppetlabs/puppet/bin/curl'
  }

  if ($ensure == present) {

    if $cert {
      $cacert = "--cacert ${cert}"
    } else {
      $cacert = ''
    }

    # Executing curl as the `command` would download the file and trigger an event during each run.
    # With these parameters, curl will only download the file (to the `$temp` file) if the remote file is newer than the local file, or the local file does not exist.
    # When the file is downloaded via `onlyif`, the exec triggers the `command` which copies the temp file to `$path`.

    exec { "https_file_${name}" :
      onlyif  => "${curl_command} ${cacert} --fail --remote-time --show-error --time-cond ${path} --write-out '%{http_code}' --output ${temp} ${source} | grep 200",
      command => "cp -f -p ${path}.download ${path}",
      path    => '/usr/bin:/usr/sbin:/bin',
    }

  } else {

    $paths = [$path, $temp]

    file { $paths :
      ensure => absent,
    }

  }

}
	# PUP-7814: HTTPS file sources with non-puppet-trusted certs cannot be used

	# TODO: Rewrite to accept and pass other File resource attributes to the resulting file.
	# TODO: Identify a dependable alternative to grep on Windows.

	define https_file (
	String $cert,
	String $path = $name,
	String $temp = "${path}.download",
	Pattern[/^https/] $source,
	Enum[present, absent] $ensure = present,
	) {

	if ($facts['os']['family'] == 'windows') {
	fail("Classification Error: https_file is not yet compatible with Windows.")
	}

	if ($facts['os']['family'] == 'windows') {
	$curl_command = "${::env_windows_installdir}\\bin\\curl"
	} else {
	$curl_command = '/opt/puppetlabs/puppet/bin/curl'
	}

	if ($ensure == present) {

	if $cert {
	$cacert = "--cacert ${cert}"
	} else {
	$cacert = ''
	}

	# Executing curl as the `command` would download the file and trigger an event during each run.
	# With these parameters, curl will only download the file (to the `$temp` file) if the remote file is newer than the local file, or the local file does not exist.
	# When the file is downloaded via `onlyif`, the exec triggers the `command` which copies the temp file to `$path`.

	exec { "https_file_${name}" :
	onlyif => "${curl_command} ${cacert} --fail --remote-time --show-error --time-cond ${path} --write-out '%{http_code}' --output ${temp} ${source} \| grep 200",
	command => "cp -f -p ${path}.download ${path}",
	path => '/usr/bin:/usr/sbin:/bin',
	}

	} else {

	$paths = [$path, $temp]

	file { $paths :
	ensure => absent,
	}

	}

	}