Using file.managed for downloading a file in Salt

Question

salt.states.file.managed takes source_hash as an argument to verify a downloaded file. This blocks me from using file.managed for a file on an online server I don't have control over. The file also changes regularly. My configuration looks like this.

download_stuff:
  file.managed:
    - name: localfile.tar.gz
    - source: http://someserver.net/onlinefile.tar.gz
    - source_hash: ???

I don't want to use cmd.run with Curl or wget because this would always download the file, even when it's already on the local machine.

I would like the know if one of the options below is possible/exists:

• online md5 calculation service. Is there any way of getting an md5 hash of the file, using a free web service? I'm thinking of something like http://md5service.net?url={url-to-file}.
• salt-internal conversion or workaround. Is it possible to handle this in Salt? Maybe by leaving out source_hash somehow?
• alternative state. Is there another state in Salt for doing something like this, without losing the benefit of only downloading the file when needed?

Answer 1

If you can't control the other server, please make sure that you can trust it to download its content. Not using a hash will prevent you from detecting partial or corrupted downloads. There's also no way to work with a file that has changed on the remote server.

Nevertheless you could use a state like this to circumvent the hashcode. The creates part will prevent a second download once the file has been downloaded:

bootstrap:
  cmd.run:
    - name: curl -L https://bootstrap.saltstack.com -o /etc/salt/cloud.deploy.d/bootstrap-salt.sh
    - creates: /etc/salt/cloud.deploy.d/bootstrap-salt.sh