(PUP-10639) Accept optional If-Modified-Since

Allow the If-Modified-Since header to be specified when calling the
/puppet-ca/v1/certificate endpoint. By default, it is omitted, such as when the
agent receives its own certificate. If the header is included and it hasn't been
modified (as determined by puppetserver), then the method will raise a
ResponseError with HTTP 304.

Author: joshcooper

lib/puppet/http/service/ca.rb

@@ -28,16 +28,21 @@ def initialize(client, session, server, port)
   # Submit a GET request to retrieve the named certificate from the server.
   #
   # @param [String] name name of the certificate to request
+  # @param [Time] if_modified_since If not nil, only download the cert if it has
+  #   been modified since the specified time.
   # @param [Puppet::SSL::SSLContext] ssl_context
   #
   # @return [Array<Puppet::HTTP::Response, String>] An array containing the
   #   request response and the stringified body of the request response
   #
   # @api public
-  def get_certificate(name, ssl_context: nil)
+  def get_certificate(name, if_modified_since: nil, ssl_context: nil)
+    headers = add_puppet_headers(HEADERS)
+    headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since
+
     response = @client.get(
       with_base_url("/certificate/#{name}"),
-      headers: add_puppet_headers(HEADERS),
+      headers: headers,
       options: {ssl_context: ssl_context}
     )
 

spec/unit/http/service/ca_spec.rb

@@ -95,6 +95,18 @@
         expect(err.response.code).to eq(404)
       end
     end
+
+    it 'raises a 304 response error if it is unmodified' do
+      stub_request(:get, url).to_return(status: [304, 'Not Modified'])
+
+      expect {
+        subject.get_certificate('ca', if_modified_since: Time.now)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq("Not Modified")
+        expect(err.response.code).to eq(304)
+      end
+    end
   end
 
   context 'when getting CRLs' do