Forge Home

blob

Downloads objects from Azure blob storage

20,788 downloads

514 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.3.13 (latest)
  • 0.3.12
  • 0.3.11
  • 0.3.10
  • 0.3.9 (deleted)
  • 0.3.8
  • 0.3.7
  • 0.3.6 (deleted)
  • 0.3.5
  • 0.3.4 (deleted)
  • 0.3.3 (deleted)
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.15
  • 0.2.13 (deleted)
  • 0.2.12 (deleted)
  • 0.2.11 (deleted)
  • 0.2.9 (deleted)
  • 0.2.8 (deleted)
  • 0.2.7 (deleted)
  • 0.2.6 (deleted)
  • 0.2.5 (deleted)
  • 0.2.4 (deleted)
  • 0.2.3 (deleted)
  • 0.2.1 (deleted)
  • 0.2.0 (deleted)
  • 0.1.10
  • 0.1.9 (deleted)
  • 0.1.8
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Mar 2nd 2022
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
  • Puppet >= 6 < 7.4.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'czembower-blob', '0.3.13'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add czembower-blob
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install czembower-blob --version 0.3.13

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

czembower/blob — version 0.3.13 Mar 2nd 2022

puppet-blob

Table of Contents

  1. Description
  2. Usage
  3. Limitations

Description

A simple Puppet module that downloads objects from Azure blob storage, using the Client ID parameter associated with a User-Assigned Managed Identity as the authentication mechanism.

Optionally, the downloaded object can be unzipped, and permissions of the object and/or unzipped files can be managed by specifying the 'mode' parameter.

For convenience, a 'client_id' custom fact is provided as a means to source the Azure User-Assigned Managed Identity client-id value from an Azure Tag 'clientId'

  • client_id - the value of the 'clientId' tag, if it exists.

Usage

blob { '/tmp/myBlob.zip':
  ensure    => present,
  account   => 'myBlobStorageAccountName',
  client_id => 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
  blob_path => 'myStorageContainer/myBlob.zip',
  mode      => '0644',
  unzip     => true,
  creates   => '/tmp/myBlob'
}

Optionally, the client_id parameter can be sourced from an included custom fact that reads the client_id from an Azure tag named "clientId" if it exists:

blob { '/tmp/myBlob.txt':
  ensure    => present,
  account   => 'myBlobStorageAccountName',
  client_id => $facts['client_id'],
  blob_path => 'myStorageContainer/myBlob.txt',
}

This method facilitates integration with infrastructure-as-code tools (e.g. Terraform) such that a compute resource, managed identity, and access controls can all be defined programatically, without commiting sensitive data to your repository.

Microsoft azcopy can optionally be used to provide increased performance:

blob { '/tmp/veryLargeFile.zip':
  ensure    => present,
  account   => 'myBlobStorageAccountName',
  client_id => $facts['client_id'],
  blob_path => 'myStorageContainer/veryLargeFile.zip',
  azcopy    => true
}

Parameters

  • ensure: Whether object should be present/absent on the local filesystem (default: present)
  • path: [string] Where to store the object on the local system (optional - implied by resource name)
  • account: [string] Azure Storage Account name (required)
  • client_id: [string] The Client ID of the associated user-assigned managed identity (required)
  • blob_path: [string] Path to the object in the form of [container]/[path]/[to]/[object] (required)
  • mode: [string] Permissions that should be applied to the file after downloading (optional - default: undef)
  • unzip: [bool] Whether to unzip downloaded Blob object (optional - default: false)
  • creates: [string] File object created by the unzip process - controls mode/presence of extracted data, and will additionally purge the original zip archive after extraction (optional - default: undef)
  • azcopy: [bool] Utilize the azcopy utility (recommended for large file transfers (optional - default: false)
  • mkdir: [bool] Controls the creation of the target directory for unzipped objects (optional - default: true)

If 'mode' is defined and 'unzip' is selected, extracted files will be managed recursively. This is useful for directories.

On Windows systems, if 'creates' is specified, the value must be the full path to a single file that is extracted from the archive. In this case, any management of file permissions should be handled with the Acl module (or similar) instead.

Leaving azcopy => false (default) will utilize Ruby standard library Net/Http to handle download operations. This is perfectly suitable for common use, but in the case of large file transfers (over several GB), it is recommended to enable the azcopy option. Doing so will result in installation of the latest version of azcopy available from Microsoft at the following paths:

  • Linux: /opt/azcopy/bin/azcopy
  • Windows: C:/ProgramData/azcopy/bin/azcopy.exe

Limitations

This module currently only supports User-Assigned Managed Identity as the authentication mechanism. This requires the Puppet client system to be a machine running within the Azure environment with appropriately scoped access permission. Alternate methods require sensitive credentials to be present in the manifest. In contrast, the 'client ID' method is bound to a verified identity and therefore carries a considerably lower risk factor.

Please open an issue at the Project URL if you would like to see support for alternative authentication methods.