Last active
May 18, 2018 16:01
-
-
Save tkishel/808548da41d751645a7426157c9daa59 to your computer and use it in GitHub Desktop.
Workaround for PUP-7814
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PUP-7814: HTTPS file sources with non-puppet-trusted certs cannot be used | |
# TODO: Rewrite to accept and pass other File resource attributes to the resulting file. | |
# TODO: Identify a dependable alternative to grep on Windows. | |
define https_file ( | |
String $cert, | |
String $path = $name, | |
String $temp = "${path}.download", | |
Pattern[/^https/] $source, | |
Enum[present, absent] $ensure = present, | |
) { | |
if ($facts['os']['family'] == 'windows') { | |
fail("Classification Error: https_file is not yet compatible with Windows.") | |
} | |
if ($facts['os']['family'] == 'windows') { | |
$curl_command = "${::env_windows_installdir}\\bin\\curl" | |
} else { | |
$curl_command = '/opt/puppetlabs/puppet/bin/curl' | |
} | |
if ($ensure == present) { | |
if $cert { | |
$cacert = "--cacert ${cert}" | |
} else { | |
$cacert = '' | |
} | |
# Executing curl as the `command` would download the file and trigger an event during each run. | |
# With these parameters, curl will only download the file (to the `$temp` file) if the remote file is newer than the local file, or the local file does not exist. | |
# When the file is downloaded via `onlyif`, the exec triggers the `command` which copies the temp file to `$path`. | |
exec { "https_file_${name}" : | |
onlyif => "${curl_command} ${cacert} --fail --remote-time --show-error --time-cond ${path} --write-out '%{http_code}' --output ${temp} ${source} | grep 200", | |
command => "cp -f -p ${path}.download ${path}", | |
path => '/usr/bin:/usr/sbin:/bin', | |
} | |
} else { | |
$paths = [$path, $temp] | |
file { $paths : | |
ensure => absent, | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given:
Download the file:
Just once: