puppet azure windows profile including puppet agent installation from a PE master

azure_puppet_client.pp

class profile::azure_puppet_client (
  Hash $machines,    # will lookup profile::azure_puppet_client::machines hash from hiera
  Hash $credentials, # will lookup profile::azure_puppet_client::credentials hash from hiera
) {

  # packages required as dependencies of the ruby gems
  $packages = ['gcc', 'gcc-c++', 'ruby-devel', 'zlib-devel',]
  package {$packages:
    ensure => present,
  }

  # install required ruby gems
  $puppet_gems = {
    'retries'              => '0.0.5',
    'azure'                => '0.7.7',
    'azure_mgmt_compute'   => '0.3.1',
    'azure_mgmt_storage'   => '0.3.1',
    'azure_mgmt_resources' => '0.3.1',
    'azure_mgmt_network'   => '0.3.1',
    'hocon'                => '1.1.3',
  }
  $puppet_gem_names = keys($puppet_gems)
 
  $puppet_gems.each |$gem, $version| {
    package {$gem:
      ensure   => $version,
      provider => 'puppet_gem',
      require  => [
        Package[$packages],
      ],
    }
  }

  #manage credential file
  file {'azure_credentials':
    ensure => file,
    path   => '/etc/puppetlabs/puppet/azure.conf',
    owner  => 'root',
    group  => 'root',
    mode   => '0640',
    content => epp('profile/azure_puppet_client/credentials.epp', {
     'config' => $credentials,
    }),
  }
  
  $machines.each |$machine, $details| {
    $machine_ensure = pick($details['ensure'], 'running')
    $machine_name   = split($machine, "[.]")[0]

    $attributes = delete($details, ['ensure', 'name'])

    # https://gist.github.com/jessereynolds/3001bed2ce0db8f115ea8fbaf05d51d4
    $install_wrapper_url = "https://gist.githubusercontent.com/jessereynolds/3001bed2ce0db8f115ea8fbaf05d51d4/raw/2cf34142d49c522a3310765d172cb2b37ed01efe/puppet_agent_install_wrapper.ps1"
    $install_command     = "powershell -ExecutionPolicy Unrestricted -File puppet_agent_install_wrapper.ps1 agent:certname=${machine}"

    azure_vm {$machine:
      ensure               => $machine_ensure,
      name                 => $machine_name,
      * => $attributes,
      dns_servers          => hiera('dnsclient::nameservers', 
        ['8.8.8.8', '8.8.4.4']),
      extensions           => {
        'config-app' => {
           'auto_upgrade_minor_version' => true,
           'publisher'                  => 'Microsoft.Compute',
           'type'                       => 'CustomScriptExtension',
           'type_handler_version'       => '1.8',
           'settings'                   => {
             'fileUris'         => [$install_wrapper_url],
             'commandToExecute' => $install_command,
           },
         },
      },
      require              => [
        File['azure_credentials'],
        Package[$puppet_gem_names],
      ],
    }
  }
}

credentials.epp

azure: {
<% $config.each |$key, $value| { -%> 
 <%=$key%>: "<%=$value%>"
<% } -%>
}

hiera-eyaml-azure-vms.yaml

profile::azure_puppet_client::credentials:
  subscription_id: "redacted"
  tenant_id: "redacted"
  client_id: "redacted"
  client_secret: >
    ENC[PKCS7,someencryptedvalue]


profile::azure_puppet_client::default_password: >
  ENC[PKCS7,someencryptedvalue]

profile::azure_puppet_client::machines:

  azuretestvm001.example:
    ensure: absent
    location: australiasoutheast
    image: 'MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest'
    user: 'azureuser'
    password: "%{hiera('profile::azure_puppet_client::default_password')}"
    size: Standard_DS1_v2
    resource_group: someresourcegroupname
    virtual_network_name: somevirtualnetworkname
    virtual_network_address_space: 10.1.1.0/20
    subnet_name: somesubnetname
    subnet_address_prefix: 10.1.2.0/24