choria-mcorpc-support 0.0.1

data/lib/mcollective/ssl.rb

@@ -0,0 +1,285 @@
+require 'openssl'
+require 'base64'
+require 'digest/sha1'
+
+module MCollective
+  # A class that assists in encrypting and decrypting data using a
+  # combination of RSA and AES
+  #
+  # Data will be AES encrypted for speed, the Key used in # the AES
+  # stage will be encrypted using RSA
+  #
+  #   ssl = SSL.new(public_key, private_key, passphrase)
+  #
+  #   data = File.read("largefile.dat")
+  #
+  #   crypted_data = ssl.encrypt_with_private(data)
+  #
+  #   pp crypted_data
+  #
+  # This will result in a hash of data like:
+  #
+  #   crypted = {:key  => "crd4NHvG....=",
+  #              :data => "XWXlqN+i...=="}
+  #
+  # The key and data will all be base 64 encoded already by default
+  # you can pass a 2nd parameter as false to encrypt_with_private and
+  # counterparts that will prevent the base 64 encoding
+  #
+  # You can pass the data hash into ssl.decrypt_with_public which
+  # should return your original data
+  #
+  # There are matching methods for using a public key to encrypt
+  # data to be decrypted using a private key
+  class SSL
+    attr_reader :public_key_file, :private_key_file, :ssl_cipher
+
+    def initialize(pubkey=nil, privkey=nil, passphrase=nil, cipher=nil)
+      @public_key_file = pubkey
+      @private_key_file = privkey
+
+      @public_key  = read_key(:public, pubkey)
+      @private_key = read_key(:private, privkey, passphrase)
+
+      @ssl_cipher = "aes-256-cbc"
+      @ssl_cipher = Config.instance.ssl_cipher if Config.instance.ssl_cipher
+      @ssl_cipher = cipher if cipher
+
+      raise "The supplied cipher '#{@ssl_cipher}' is not supported" unless OpenSSL::Cipher.ciphers.include?(@ssl_cipher)
+    end
+
+    # Encrypts supplied data using AES and then encrypts using RSA
+    # the key and IV
+    #
+    # Return a hash with everything optionally base 64 encoded
+    def encrypt_with_public(plain_text, base64=true)
+      crypted = aes_encrypt(plain_text)
+
+      if base64
+        key = base64_encode(rsa_encrypt_with_public(crypted[:key]))
+        data = base64_encode(crypted[:data])
+      else
+        key = rsa_encrypt_with_public(crypted[:key])
+        data = crypted[:data]
+      end
+
+      {:key => key, :data => data}
+    end
+
+    # Encrypts supplied data using AES and then encrypts using RSA
+    # the key and IV
+    #
+    # Return a hash with everything optionally base 64 encoded
+    def encrypt_with_private(plain_text, base64=true)
+      crypted = aes_encrypt(plain_text)
+
+      if base64
+        key = base64_encode(rsa_encrypt_with_private(crypted[:key]))
+        data = base64_encode(crypted[:data])
+      else
+        key = rsa_encrypt_with_private(crypted[:key])
+        data = crypted[:data]
+      end
+
+      {:key => key, :data => data}
+    end
+
+    # Decrypts data, expects a hash as create with crypt_with_public
+    def decrypt_with_private(crypted, base64=true)
+      raise "Crypted data should include a key" unless crypted.include?(:key)
+      raise "Crypted data should include data" unless crypted.include?(:data)
+
+      if base64
+        key = rsa_decrypt_with_private(base64_decode(crypted[:key]))
+        aes_decrypt(key, base64_decode(crypted[:data]))
+      else
+        key = rsa_decrypt_with_private(crypted[:key])
+        aes_decrypt(key, crypted[:data])
+      end
+    end
+
+    # Decrypts data, expects a hash as create with crypt_with_private
+    def decrypt_with_public(crypted, base64=true)
+      raise "Crypted data should include a key" unless crypted.include?(:key)
+      raise "Crypted data should include data" unless crypted.include?(:data)
+
+      if base64
+        key = rsa_decrypt_with_public(base64_decode(crypted[:key]))
+        aes_decrypt(key, base64_decode(crypted[:data]))
+      else
+        key = rsa_decrypt_with_public(crypted[:key])
+        aes_decrypt(key, crypted[:data])
+      end
+    end
+
+    # Use the public key to RSA encrypt data
+    def rsa_encrypt_with_public(plain_string)
+      raise "No public key set" unless @public_key
+
+      @public_key.public_encrypt(plain_string)
+    end
+
+    # Use the private key to RSA decrypt data
+    def rsa_decrypt_with_private(crypt_string)
+      raise "No private key set" unless @private_key
+
+      @private_key.private_decrypt(crypt_string)
+    end
+
+    # Use the private key to RSA encrypt data
+    def rsa_encrypt_with_private(plain_string)
+      raise "No private key set" unless @private_key
+
+      @private_key.private_encrypt(plain_string)
+    end
+
+    # Use the public key to RSA decrypt data
+    def rsa_decrypt_with_public(crypt_string)
+      raise "No public key set" unless @public_key
+
+      @public_key.public_decrypt(crypt_string)
+    end
+
+    # encrypts a string, returns a hash of key, iv and data
+    def aes_encrypt(plain_string)
+      cipher = OpenSSL::Cipher.new(ssl_cipher)
+      cipher.encrypt
+
+      key = cipher.random_key
+
+      cipher.key = key
+      cipher.pkcs5_keyivgen(key)
+      encrypted_data = cipher.update(plain_string) + cipher.final
+
+      {:key => key, :data => encrypted_data}
+    end
+
+    # decrypts a string given key, iv and data
+    def aes_decrypt(key, crypt_string)
+      cipher = OpenSSL::Cipher.new(ssl_cipher)
+
+      cipher.decrypt
+      cipher.key = key
+      cipher.pkcs5_keyivgen(key)
+      decrypted_data = cipher.update(crypt_string) + cipher.final
+    end
+
+    # Signs a string using the private key
+    def sign(string, base64=false)
+      sig = @private_key.sign(OpenSSL::Digest::SHA1.new, string)
+
+      base64 ? base64_encode(sig) : sig
+    end
+
+    # Using the public key verifies that a string was signed using the private key
+    def verify_signature(signature, string, base64=false)
+      signature = base64_decode(signature) if base64
+
+      @public_key.verify(OpenSSL::Digest::SHA1.new, signature, string)
+    end
+
+    # base 64 encode a string
+    def base64_encode(string)
+      SSL.base64_encode(string)
+    end
+
+    def self.base64_encode(string)
+      Base64.encode64(string)
+    end
+
+    # base 64 decode a string
+    def base64_decode(string)
+      SSL.base64_decode(string)
+    end
+
+    def self.base64_decode(string)
+      # The Base 64 character set is A-Z a-z 0-9 + / =
+      # Also allow for whitespace, but raise if we get anything else
+      if string !~ /^[A-Za-z0-9+\/=\s]+$/
+        raise ArgumentError, 'invalid base64'
+      end
+      Base64.decode64(string)
+    end
+
+    def md5(string)
+      SSL.md5(string)
+    end
+
+    def self.md5(string)
+      Digest::MD5.hexdigest(string)
+    end
+
+    # Creates a RFC 4122 version 5 UUID. If string is supplied it will produce repeatable
+    # UUIDs for that string else a random 128bit string will be used from OpenSSL::BN
+    #
+    # Code used with permission from:
+    #    https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/uuid.rb
+    #
+    def self.uuid(string=nil)
+      string ||= OpenSSL::Random.random_bytes(16).unpack('H*').shift
+
+      uuid_name_space_dns = [0x6b, 0xa7, 0xb8, 0x10, 0x9d, 0xad, 0x11, 0xd1, 0x80, 0xb4, 0x00, 0xc0, 0x4f, 0xd4, 0x30, 0xc8].map {|b| b.chr}.join
+
+      sha1 = Digest::SHA1.new
+      sha1.update(uuid_name_space_dns)
+      sha1.update(string)
+
+      # first 16 bytes..
+      bytes = sha1.digest[0, 16].bytes.to_a
+
+      # version 5 adjustments
+      bytes[6] &= 0x0f
+      bytes[6] |= 0x50
+
+      # variant is DCE 1.1
+      bytes[8] &= 0x3f
+      bytes[8] |= 0x80
+
+      bytes = [4, 2, 2, 2, 6].collect do |i|
+        bytes.slice!(0, i).pack('C*').unpack('H*')
+      end
+
+      bytes.join('-')
+    end
+
+    # Reads either a :public or :private key from disk, uses an
+    # optional passphrase to read the private key
+    def read_key(type, key=nil, passphrase=nil)
+      return key if key.nil?
+
+      raise "Could not find key #{key}" unless File.exist?(key)
+      raise "#{type} key file '#{key}' is empty" if File.zero?(key)
+
+      if type == :public
+        begin
+          key = OpenSSL::PKey::RSA.new(File.read(key))
+        rescue OpenSSL::PKey::RSAError
+          key = OpenSSL::X509::Certificate.new(File.read(key)).public_key
+        end
+
+        # Ruby < 1.9.3 had a bug where it does not correctly clear the
+        # queue of errors while reading a key.  It tries various ways
+        # to read the key and each failing attempt pushes an error onto
+        # the queue.  With pubkeys only the 3rd attempt pass leaving 2
+        # stale errors on the error queue.
+        #
+        # In 1.9.3 they fixed this by simply discarding the errors after
+        # every attempt.  So we simulate this fix here for older rubies
+        # as without it we get SSL_read errors from the Stomp+TLS sessions
+        #
+        # We do this only on 1.8 relying on 1.9.3 to do the right thing
+        # and we do not support 1.9 less than 1.9.3
+        #
+        # See  http://bugs.ruby-lang.org/issues/4550
+        OpenSSL.errors if Util.ruby_version =~ /^1.8/
+
+        return key
+      elsif type == :private
+        return OpenSSL::PKey::RSA.new(File.read(key), passphrase)
+      else
+        raise "Can only load :public or :private keys"
+      end
+    end
+
+  end
+end

data/lib/mcollective/util.rb

@@ -0,0 +1,579 @@
+module MCollective
+  # Some basic utility helper methods useful to clients, agents, runner etc.
+  module Util
+    # Finds out if this MCollective has an agent by the name passed
+    #
+    # If the passed name starts with a / it's assumed to be regex
+    # and will use regex to match
+    def self.has_agent?(agent)
+      agent = Regexp.new(agent.gsub("\/", "")) if agent.match("^/")
+
+      if agent.is_a?(Regexp)
+        if Agents.agentlist.grep(agent).size > 0
+          return true
+        else
+          return false
+        end
+      else
+        return Agents.agentlist.include?(agent)
+      end
+
+      false
+    end
+
+    # On windows ^c can't interrupt the VM if its blocking on
+    # IO, so this sets up a dummy thread that sleeps and this
+    # will have the end result of being interruptable at least
+    # once a second.  This is a common pattern found in Rails etc
+    def self.setup_windows_sleeper
+      Thread.new { loop { sleep 1 } } if Util.windows?
+    end
+
+    # Checks if this node has a configuration management class by parsing the
+    # a text file with just a list of classes, recipes, roles etc.  This is
+    # ala the classes.txt from puppet.
+    #
+    # If the passed name starts with a / it's assumed to be regex
+    # and will use regex to match
+    def self.has_cf_class?(klass)
+      klass = Regexp.new(klass.gsub("\/", "")) if klass.match("^/")
+      cfile = Config.instance.classesfile
+
+      Log.debug("Looking for configuration management classes in #{cfile}")
+
+      begin
+        File.readlines(cfile).each do |k|
+          if klass.is_a?(Regexp)
+            return true if k.chomp.match(klass)
+          else
+            return true if k.chomp == klass
+          end
+        end
+      rescue Exception => e
+        Log.warn("Parsing classes file '#{cfile}' failed: #{e.class}: #{e}")
+      end
+
+      false
+    end
+
+    # Gets the value of a specific fact, mostly just a duplicate of MCollective::Facts.get_fact
+    # but it kind of goes with the other classes here
+    def self.get_fact(fact)
+      Facts.get_fact(fact)
+    end
+
+    # Compares fact == value,
+    #
+    # If the passed value starts with a / it's assumed to be regex
+    # and will use regex to match
+    def self.has_fact?(fact, value, operator)
+
+      Log.debug("Comparing #{fact} #{operator} #{value}")
+      Log.debug("where :fact = '#{fact}', :operator = '#{operator}', :value = '#{value}'")
+
+      fact = Facts[fact]
+      return false if fact.nil?
+
+      fact = fact.clone
+      case fact
+      when Array
+        return fact.any? { |element| test_fact_value(element, value, operator)}
+      when Hash
+        return fact.keys.any? { |element| test_fact_value(element, value, operator)}
+      else
+        return test_fact_value(fact, value, operator)
+      end
+    end
+
+    def self.test_fact_value(fact, value, operator)
+      if operator == '=~'
+        # to maintain backward compat we send the value
+        # as /.../ which is what 1.0.x needed.  this strips
+        # off the /'s which is what we need here
+        if value =~ /^\/(.+)\/$/
+          value = $1
+        end
+
+        return true if fact.match(Regexp.new(value))
+
+      elsif operator == "=="
+        return true if fact == value
+
+      elsif ['<=', '>=', '<', '>', '!='].include?(operator)
+        # Yuk - need to type cast, but to_i and to_f are overzealous
+        if value =~ /^[0-9]+$/ && fact =~ /^[0-9]+$/
+          fact = Integer(fact)
+          value = Integer(value)
+        elsif value =~ /^[0-9]+.[0-9]+$/ && fact =~ /^[0-9]+.[0-9]+$/
+          fact = Float(fact)
+          value = Float(value)
+        end
+
+        return true if eval("fact #{operator} value")
+      end
+
+      false
+    end
+    private_class_method :test_fact_value
+
+    # Checks if the configured identity matches the one supplied
+    #
+    # If the passed name starts with a / it's assumed to be regex
+    # and will use regex to match
+    def self.has_identity?(identity)
+      identity = Regexp.new(identity.gsub("\/", "")) if identity.match("^/")
+
+      if identity.is_a?(Regexp)
+        return Config.instance.identity.match(identity)
+      else
+        return true if Config.instance.identity == identity
+      end
+
+      false
+    end
+
+    # Checks if the passed in filter is an empty one
+    def self.empty_filter?(filter)
+      filter == empty_filter || filter == {}
+    end
+
+    # Creates an empty filter
+    def self.empty_filter
+      {"fact"     => [],
+       "cf_class" => [],
+       "agent"    => [],
+       "identity" => [],
+       "compound" => []}
+    end
+
+    # Returns the PuppetLabs mcollective path for windows
+    def self.windows_prefix
+      require 'win32/dir'
+      prefix = File.join(Dir::COMMON_APPDATA, "PuppetLabs", "mcollective")
+    end
+
+    # Picks a config file defaults to ~/.mcollective
+    # else /etc/mcollective/client.cfg
+    def self.config_file_for_user
+      # the set of acceptable config files
+      config_paths = []
+
+      # user dotfile
+      begin
+        # File.expand_path will raise if HOME isn't set, catch it
+        user_path = File.expand_path("~/.mcollective")
+        config_paths << user_path
+      rescue Exception
+      end
+
+      # standard locations
+      if self.windows?
+        config_paths << File.join(self.windows_prefix, 'etc', 'client.cfg')
+      else
+        config_paths << '/etc/puppetlabs/mcollective/client.cfg'
+        config_paths << '/etc/mcollective/client.cfg'
+      end
+
+      # use the first readable config file, or if none are the first listed
+      found = config_paths.find_index { |file| File.readable?(file) } || 0
+      return config_paths[found]
+    end
+
+    # Creates a standard options hash
+    def self.default_options
+      {:verbose           => false,
+       :disctimeout       => nil,
+       :timeout           => 5,
+       :config            => config_file_for_user,
+       :collective        => nil,
+       :discovery_method  => nil,
+       :discovery_options => Config.instance.default_discovery_options,
+       :filter            => empty_filter}
+    end
+
+    def self.make_subscriptions(agent, type, collective=nil)
+      config = Config.instance
+
+      raise("Unknown target type #{type}") unless [:broadcast, :directed, :reply].include?(type)
+
+      if collective.nil?
+        config.collectives.map do |c|
+          {:agent => agent, :type => type, :collective => c}
+        end
+      else
+        raise("Unknown collective '#{collective}' known collectives are '#{config.collectives.join ', '}'") unless config.collectives.include?(collective)
+
+        [{:agent => agent, :type => type, :collective => collective}]
+      end
+    end
+
+    # Helper to subscribe to a topic on multiple collectives or just one
+    def self.subscribe(targets)
+      connection = PluginManager["connector_plugin"]
+
+      targets = [targets].flatten
+
+      targets.each do |target|
+        connection.subscribe(target[:agent], target[:type], target[:collective])
+      end
+    end
+
+    # Helper to unsubscribe to a topic on multiple collectives or just one
+    def self.unsubscribe(targets)
+      connection = PluginManager["connector_plugin"]
+
+      targets = [targets].flatten
+
+      targets.each do |target|
+        connection.unsubscribe(target[:agent], target[:type], target[:collective])
+      end
+    end
+
+    # Wrapper around PluginManager.loadclass
+    def self.loadclass(klass)
+      PluginManager.loadclass(klass)
+    end
+
+    # Parse a fact filter string like foo=bar into the tuple hash thats needed
+    def self.parse_fact_string(fact)
+      if fact =~ /^([^ ]+?)[ ]*=>[ ]*(.+)/
+        return {:fact => $1, :value => $2, :operator => '>=' }
+      elsif fact =~ /^([^ ]+?)[ ]*=<[ ]*(.+)/
+        return {:fact => $1, :value => $2, :operator => '<=' }
+      elsif fact =~ /^([^ ]+?)[ ]*(<=|>=|<|>|!=|==|=~)[ ]*(.+)/
+        return {:fact => $1, :value => $3, :operator => $2 }
+      elsif fact =~ /^(.+?)[ ]*=[ ]*\/(.+)\/$/
+        return {:fact => $1, :value => "/#{$2}/", :operator => '=~' }
+      elsif fact =~ /^([^= ]+?)[ ]*=[ ]*(.+)/
+        return {:fact => $1, :value => $2, :operator => '==' }
+      else
+        raise "Could not parse fact #{fact} it does not appear to be in a valid format"
+      end
+    end
+
+    # Escapes a string so it's safe to use in system() or backticks
+    #
+    # Taken from Shellwords#shellescape since it's only in a few ruby versions
+    def self.shellescape(str)
+      return "''" if str.empty?
+
+      str = str.dup
+
+      # Process as a single byte sequence because not all shell
+      # implementations are multibyte aware.
+      str.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1")
+
+      # A LF cannot be escaped with a backslash because a backslash + LF
+      # combo is regarded as line continuation and simply ignored.
+      str.gsub!(/\n/, "'\n'")
+
+      return str
+    end
+
+    def self.windows?
+      !!(RbConfig::CONFIG['host_os'] =~ /mswin|win32|dos|mingw|cygwin/i)
+    end
+
+    # Return color codes, if the config color= option is false
+    # just return a empty string
+    def self.color(code)
+      colorize = Config.instance.color
+
+      colors = {:red => "",
+                :green => "",
+                :yellow => "",
+                :cyan => "",
+                :bold => "",
+                :reset => ""}
+
+      if colorize
+        return colors[code] || ""
+      else
+        return ""
+      end
+    end
+
+    # Helper to return a string in specific color
+    def self.colorize(code, msg)
+      "%s%s%s" % [ color(code), msg, color(:reset) ]
+    end
+
+    # Returns the current ruby version as per RUBY_VERSION, mostly
+    # doing this here to aid testing
+    def self.ruby_version
+      RUBY_VERSION
+    end
+
+    def self.mcollective_version
+      MCollective::VERSION
+    end
+
+    # Returns an aligned_string of text relative to the size of the terminal
+    # window. If a line in the string exceeds the width of the terminal window
+    # the line will be chopped off at the whitespace chacter closest to the
+    # end of the line and prepended to the next line, keeping all indentation.
+    #
+    # The terminal size is detected by default, but custom line widths can
+    # passed. All strings will also be left aligned with 5 whitespace characters
+    # by default.
+    def self.align_text(text, console_cols = nil, preamble = 5)
+      unless console_cols
+        console_cols = terminal_dimensions[0]
+
+        # if unknown size we default to the typical unix default
+        console_cols = 80 if console_cols == 0
+      end
+
+      console_cols -= preamble
+
+      # Return unaligned text if console window is too small
+      return text if console_cols <= 0
+
+      # If console is 0 this implies unknown so we assume the common
+      # minimal unix configuration of 80 characters
+      console_cols = 80 if console_cols <= 0
+
+      text = text.split("\n")
+      piece = ''
+      whitespace = 0
+
+      text.each_with_index do |line, i|
+        whitespace = 0
+
+        while whitespace < line.length && line[whitespace].chr == ' '
+          whitespace += 1
+        end
+
+        # If the current line is empty, indent it so that a snippet
+        # from the previous line is aligned correctly.
+        if line == ""
+          line = (" " * whitespace)
+        end
+
+        # If text was snipped from the previous line, prepend it to the
+        # current line after any current indentation.
+        if piece != ''
+          # Reset whitespaces to 0 if there are more whitespaces than there are
+          # console columns
+          whitespace = 0 if whitespace >= console_cols
+
+          # If the current line is empty and being prepended to, create a new
+          # empty line in the text so that formatting is preserved.
+          if text[i + 1] && line == (" " * whitespace)
+            text.insert(i + 1, "")
+          end
+
+          # Add the snipped text to the current line
+          line.insert(whitespace, "#{piece} ")
+        end
+
+        piece = ''
+
+        # Compare the line length to the allowed line length.
+        # If it exceeds it, snip the offending text from the line
+        # and store it so that it can be prepended to the next line.
+        if line.length > (console_cols + preamble)
+          reverse = console_cols
+
+          while line[reverse].chr != ' '
+            reverse -= 1
+          end
+
+          piece = line.slice!(reverse, (line.length - 1)).lstrip
+        end
+
+        # If a snippet exists when all the columns in the text have been
+        # updated, create a new line and append the snippet to it, using
+        # the same left alignment as the last line in the text.
+        if piece != '' && text[i+1].nil?
+          text[i+1] = "#{' ' * (whitespace)}#{piece}"
+          piece = ''
+        end
+
+        # Add the preamble to the line and add it to the text
+        line = ((' ' * preamble) + line)
+        text[i] = line
+      end
+
+      text.join("\n")
+    end
+
+    # Figures out the columns and lines of the current tty
+    #
+    # Returns [0, 0] if it can't figure it out or if you're
+    # not running on a tty
+    def self.terminal_dimensions(stdout = STDOUT, environment = ENV)
+      return [0, 0] unless stdout.tty?
+
+      return [80, 40] if Util.windows?
+
+      if environment["COLUMNS"] && environment["LINES"]
+        return [environment["COLUMNS"].to_i, environment["LINES"].to_i]
+
+      elsif environment["TERM"] && command_in_path?("tput")
+        return [`tput cols`.to_i, `tput lines`.to_i]
+
+      elsif command_in_path?('stty')
+        return `stty size`.scan(/\d+/).map {|s| s.to_i }
+      else
+        return [0, 0]
+      end
+    rescue
+      [0, 0]
+    end
+
+    # Checks in PATH returns true if the command is found
+    def self.command_in_path?(command)
+      found = ENV["PATH"].split(File::PATH_SEPARATOR).map do |p|
+        File.exist?(File.join(p, command))
+      end
+
+      found.include?(true)
+    end
+
+    # compare two software versions as commonly found in
+    # package versions.
+    #
+    # returns 0 if a == b
+    # returns -1 if a < b
+    # returns 1 if a > b
+    #
+    # Code originally from Puppet
+    def self.versioncmp(version_a, version_b)
+      vre = /[-.]|\d+|[^-.\d]+/
+      ax = version_a.scan(vre)
+      bx = version_b.scan(vre)
+
+      while (ax.length>0 && bx.length>0)
+        a = ax.shift
+        b = bx.shift
+
+        if( a == b )                 then next
+        elsif (a == '-' && b == '-') then next
+        elsif (a == '-')             then return -1
+        elsif (b == '-')             then return 1
+        elsif (a == '.' && b == '.') then next
+        elsif (a == '.' )            then return -1
+        elsif (b == '.' )            then return 1
+        elsif (a =~ /^\d+$/ && b =~ /^\d+$/) then
+          if( a =~ /^0/ or b =~ /^0/ ) then
+            return a.to_s.upcase <=> b.to_s.upcase
+          end
+          return a.to_i <=> b.to_i
+        else
+          return a.upcase <=> b.upcase
+        end
+      end
+
+      version_a <=> version_b;
+    end
+
+    # we should really use Pathname#absolute? but it's not in all the
+    # ruby versions we support and it comes down to roughly this
+    def self.absolute_path?(path, separator=File::SEPARATOR, alt_separator=File::ALT_SEPARATOR)
+      if alt_separator
+        path_matcher = /^([a-zA-Z]:){0,1}[#{Regexp.quote alt_separator}#{Regexp.quote separator}]/
+      else
+        path_matcher = /^#{Regexp.quote separator}/
+      end
+
+      !!path.match(path_matcher)
+    end
+
+    # Converts a string into a boolean value
+    # Strings matching 1,y,yes,true or t will return TrueClass
+    # Any other value will return FalseClass
+    def self.str_to_bool(val)
+      clean_val = val.to_s.strip
+      if clean_val =~ /^(1|yes|true|y|t)$/i
+        return  true
+      elsif clean_val =~ /^(0|no|false|n|f)$/i
+        return false
+      else
+        raise("Cannot convert string value '#{clean_val}' into a boolean.")
+      end
+    end
+
+    # Looks up the template directory and returns its full path
+    def self.templatepath(template_file)
+      config_dir = File.dirname(Config.instance.configfile)
+      template_path = File.join(config_dir, template_file)
+      return template_path if File.exists?(template_path)
+
+      template_path = File.join("/etc/mcollective", template_file)
+      return template_path
+    end
+
+    # subscribe to the direct addressing queue
+    def self.subscribe_to_direct_addressing_queue
+      subscribe(make_subscriptions("mcollective", :directed))
+    end
+
+    # Get field size for printing
+    def self.field_size(elements, min_size=40)
+      max_length = elements.max_by { |e| e.length }.length
+      max_length > min_size ? max_length : min_size
+    end
+
+    # Calculate number of fields for printing
+    def self.field_number(field_size, max_size=90)
+      number = (max_size/field_size).to_i
+      (number == 0) ? 1 : number
+    end
+    
+    def self.get_hidden_input_on_windows()
+      require 'Win32API'
+      # Hook into getch from crtdll. Keep reading all keys till return
+      # or newline is hit.
+      # If key is backspace or delete, then delete the character and update
+      # the buffer.
+      input = ''
+      while char = Win32API.new("crtdll", "_getch", [ ], "I").Call do
+        break if char == 10 || char == 13 # return or newline
+        if char == 127 || char == 8 # backspace and delete
+          if input.length > 0
+            input.slice!(-1, 1)
+          end
+        else
+          input << char.chr
+        end
+      end
+      char = ''
+      input
+    end
+
+    def self.get_hidden_input_on_unix()
+      unless $stdin.tty?
+        raise 'Could not hook to stdin to hide input. If using SSH, try using -t flag while connecting to server.'
+      end
+      unless system 'stty -echo -icanon'
+        raise 'Could not hide input using stty command.'
+      end
+      input = $stdin.gets
+      ensure
+        unless system 'stty echo icanon'
+          raise 'Could not enable echoing of input. Try executing `stty echo icanon` to debug.'
+        end
+      input
+    end
+
+    def self.get_hidden_input(message='Please enter data: ')
+      unless message.nil?
+        print message
+      end
+      if versioncmp(ruby_version, '1.9.3') >= 0
+        require 'io/console'
+        input = $stdin.noecho(&:gets)
+      else
+        # Use hacks to get hidden input on Ruby <1.9.3
+        if self.windows?
+          input = self.get_hidden_input_on_windows()
+        else
+          input = self.get_hidden_input_on_unix()
+        end
+      end
+      input.chomp! if input
+      input
+    end
+  end
+end