commit f9301e15b50379c819a3a28ccf93aa2a890c1086
author Ivan Berezovskiy <iberezovskiy@mirantis.com> Mon Jul 22 13:14:14 2019 +0400
committer Ivan Berezovskiy <iberezovskiy@mirantis.com> Mon Jul 22 13:43:54 2019 +0400
tree fd816181c830c9f1e2384c8e488a2a851386e173
parent 6335da50e8b98a18183776d5838a0d473a50a6c8

Ability to get file from secured source

PROD-31387

Change-Id: Ica1c58f89d962fb4c3a8bc63f207f664ee39c1e5

README.rst

diff --git a/README.rst b/README.rst
index a14ae15..c315aee 100644
--- a/README.rst
+++ b/README.rst
@@ -546,6 +546,28 @@
           /tmp/test.txt:
             contents_grains: motd
 
+Ensure presence of file by specifying its secured source:
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        file:
+          /tmp/test.txt:
+            secured_source:
+              protocol: http #optional
+              user: foo
+              password: bar
+              url: example.com/test.txt
+            secured_hash: #optional
+              url: example.com/test.txt.md5
+            user: root #optional
+            group: root #optional
+            mode: 700 #optional
+            dir_mode: 700 #optional
+            encoding: utf-8 #optional
+            makedirs: true #optional
+
 Ensure presence of file to be serialized through one of the
 serializer modules (see:
 https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):

linux/system/file.sls

diff --git a/linux/system/file.sls b/linux/system/file.sls
index 1ae9906..61d1b57 100644
--- a/linux/system/file.sls
+++ b/linux/system/file.sls
@@ -42,7 +42,24 @@
       {%- endif %}
     {%- else %}
   file.managed:
-    {%- if file.source is defined %}
+    {%- if file.secured_source is defined %}
+      {%- set file_source = file.secured_source.get('protocol', 'http') + '://' +
+                            file.secured_source.get('user') + ':' +
+                            file.secured_source.get('password') + '@' +
+                            file.secured_source.get('url') %}
+    - source: {{ file_source }}
+      {%- if file.secured_hash is defined %}
+      {%- set file_hash = file.secured_hash.get('protocol', file.secured_source.get('protocol', 'http')) + '://' +
+                          file.secured_hash.get('user', file.secured_source.get('user')) + ':' +
+                          file.secured_hash.get('password', file.secured_source.get('password')) + '@' +
+                          file.secured_hash.get('url', file.secured_source.get('url')) %}
+    - source_hash: {{ file_hash }}
+      {%- elif file.hash is defined %}
+    - source_hash: {{ file.hash }}
+      {%- else %}
+    - skip_verify: True
+      {%- endif %}
+    {%- elif file.source is defined %}
     - source: {{ file.source }}
     {%- if file.hash is defined %}
     - source_hash: {{ file.hash }}

tests/pillar/system.sls

diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index d5a953e..1ca26c4 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -19,6 +19,15 @@
       sample2.txt:
         name: /tmp/sample2.txt
         source: http://techslides.com/demos/samples/sample.txt
+      sample3.tar.gz:
+        name: /tmp/sample3.tar.gz
+        secured_source:
+          protocol: http #optional
+          user: username
+          password: password
+          url: wordpress.org/latest.tar.gz
+        secured_hash: #optional
+          url: wordpress.org/latest.tar.gz.md5
       test2:
         name: /tmp/test2.txt
         contents: |