mbailey-chef 0.9.12.1

data/lib/chef/resources.rb

@@ -0,0 +1,64 @@
+#
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/resource/apt_package'
+require 'chef/resource/bash'
+require 'chef/resource/breakpoint'
+require 'chef/resource/cookbook_file'
+require 'chef/resource/cron'
+require 'chef/resource/csh'
+require 'chef/resource/deploy'
+require 'chef/resource/deploy_revision'
+require 'chef/resource/directory'
+require 'chef/resource/dpkg_package'
+require 'chef/resource/easy_install_package'
+require 'chef/resource/env'
+require 'chef/resource/erl_call'
+require 'chef/resource/execute'
+require 'chef/resource/file'
+require 'chef/resource/freebsd_package'
+require 'chef/resource/gem_package'
+require 'chef/resource/git'
+require 'chef/resource/group'
+require 'chef/resource/http_request'
+require 'chef/resource/ifconfig'
+require 'chef/resource/link'
+require 'chef/resource/log'
+require 'chef/resource/macports_package'
+require 'chef/resource/mdadm'
+require 'chef/resource/mount'
+require 'chef/resource/ohai'
+require 'chef/resource/package'
+require 'chef/resource/pacman_package'
+require 'chef/resource/perl'
+require 'chef/resource/portage_package'
+require 'chef/resource/python'
+require 'chef/resource/remote_directory'
+require 'chef/resource/remote_file'
+require 'chef/resource/rpm_package'
+require 'chef/resource/route'
+require 'chef/resource/ruby'
+require 'chef/resource/ruby_block'
+require 'chef/resource/scm'
+require 'chef/resource/script'
+require 'chef/resource/service'
+require 'chef/resource/subversion'
+require 'chef/resource/template'
+require 'chef/resource/timestamped_deploy'
+require 'chef/resource/user'
+require 'chef/resource/yum_package'

data/lib/chef/rest/auth_credentials.rb

@@ -0,0 +1,78 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/exceptions'
+require 'mixlib/authentication/signedheaderauth'
+
+class Chef
+  class REST
+    class AuthCredentials
+      attr_reader :key_file, :client_name, :key, :raw_key
+
+      def initialize(client_name=nil, key_file=nil)
+        @client_name, @key_file = client_name, key_file
+        load_signing_key if sign_requests?
+      end
+
+      def sign_requests?
+        !!key_file
+      end
+
+      def signature_headers(request_params={})
+        raise ArgumentError, "Cannot sign the request without a client name, check that :node_name is assigned" if client_name.nil?
+        Chef::Log.debug("Signing the request as #{client_name}")
+
+        # params_in = {:http_method => :GET, :path => "/clients", :body => "", :host => "localhost"}
+        request_params             = request_params.dup
+        request_params[:timestamp] = Time.now.utc.iso8601
+        request_params[:user_id]   = client_name
+        host = request_params.delete(:host) || "localhost"
+
+        sign_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(request_params)
+        signed =  sign_obj.sign(key).merge({:host => host})
+        signed.inject({}){|memo, kv| memo["#{kv[0].to_s.upcase}"] = kv[1];memo}
+      end
+
+      private
+
+      def load_signing_key
+        begin
+          @raw_key = IO.read(key_file).strip
+        rescue SystemCallError, IOError => e
+          Chef::Log.fatal "Failed to read the private key #{key_file}: #{e.inspect}, #{e.backtrace}"
+          raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key_file}, which you told me to use to sign requests!"
+        end
+        assert_valid_key_format!(@raw_key)
+        @key = OpenSSL::PKey::RSA.new(@raw_key)
+      end
+
+      def assert_valid_key_format!(raw_key)
+        unless (raw_key =~ /\A-----BEGIN RSA PRIVATE KEY-----$/) && (raw_key =~ /^-----END RSA PRIVATE KEY-----\Z/)
+          msg = "The file #{key_file} does not contain a correctly formatted private key.\n"
+          msg << "The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'"
+          raise Chef::Exceptions::InvalidPrivateKey, msg
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/rest/cookie_jar.rb

@@ -0,0 +1,31 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'singleton'
+
+class Chef
+  class REST
+    class CookieJar < Hash
+      include Singleton
+    end
+  end
+end

data/lib/chef/rest/rest_request.rb

@@ -0,0 +1,188 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'uri'
+require 'net/http'
+require 'chef/rest/cookie_jar'
+require 'chef/version'
+
+class Chef
+  class REST
+    class RESTRequest
+      attr_reader :method, :url, :headers, :http_client, :http_request
+
+      def initialize(method, url, req_body, base_headers={})
+        @method, @url = method, url
+        @request_body = nil
+        @cookies = CookieJar.instance
+        configure_http_client
+        build_headers(base_headers)
+        configure_http_request(req_body)
+      end
+
+      def host
+        @url.host
+      end
+
+      def port
+        @url.port
+      end
+
+      def query
+        @url.query
+      end
+
+      def path
+        @url.path.empty? ? "/" : @url.path
+      end
+
+      def call
+        hide_net_http_bug do
+          http_client.request(http_request) do |response|
+            store_cookie(response)
+            yield response if block_given?
+            response
+          end
+        end
+      end
+
+      def config
+        Chef::Config
+      end
+
+      private
+
+      def hide_net_http_bug
+        yield
+      rescue NoMethodError => e
+        # http://redmine.ruby-lang.org/issues/show/2708
+        # http://redmine.ruby-lang.org/issues/show/2758
+        if e.to_s =~ /#{Regexp.escape(%q|undefined method `closed?' for nil:NilClass|)}/
+          Chef::Log.debug("rescued error in http connect, re-raising as Errno::ECONNREFUSED to hide bug in net/http")
+          Chef::Log.debug("#{e.class.name}: #{e.to_s}")
+          Chef::Log.debug(e.backtrace.join("\n"))
+          raise Errno::ECONNREFUSED, "Connection refused attempting to contact #{url.scheme}://#{host}:#{port}"
+        else
+          raise
+        end
+      end
+
+      def store_cookie(response)
+        if response['set-cookie']
+          @cookies["#{host}:#{port}"] = response['set-cookie']
+        end
+      end
+
+      def build_headers(headers)
+        @headers = headers.dup
+        # TODO: need to set accept somewhere else
+        # headers.merge!('Accept' => "application/json") unless raw
+        @headers['X-Chef-Version'] = ::Chef::VERSION
+
+        if @cookies.has_key?("#{host}:#{port}")
+          @headers['Cookie'] = @cookies["#{host}:#{port}"]
+        end
+      end
+
+      #adapted from buildr/lib/buildr/core/transports.rb
+      def proxy_uri
+        proxy = Chef::Config["#{url.scheme}_proxy"]
+        proxy = URI.parse(proxy) if String === proxy
+        excludes = Chef::Config[:no_proxy].to_s.split(/\s*,\s*/).compact
+        excludes = excludes.map { |exclude| exclude =~ /:\d+$/ ? exclude : "#{exclude}:*" }
+        return proxy unless excludes.any? { |exclude| File.fnmatch(exclude, "#{host}:#{port}") }
+      end
+
+      def configure_http_client
+        http_proxy = proxy_uri
+        if http_proxy.nil?
+          @http_client = Net::HTTP.new(host, port)
+        else
+          Chef::Log.debug("using #{http_proxy.host}:#{http_proxy.port} for proxy")
+          user = Chef::Config["#{url.scheme}_proxy_user"]
+          pass = Chef::Config["#{url.scheme}_proxy_pass"]
+          @http_client = Net::HTTP.Proxy(http_proxy.host, http_proxy.port, user, pass).new(host, port)
+        end
+        if url.scheme == "https"
+          @http_client.use_ssl = true
+          if config[:ssl_verify_mode] == :verify_none
+            @http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          elsif config[:ssl_verify_mode] == :verify_peer
+            @http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          end
+          if config[:ssl_ca_path]
+            unless ::File.exist?(config[:ssl_ca_path])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
+            end
+            @http_client.ca_path = config[:ssl_ca_path]
+          elsif config[:ssl_ca_file]
+            unless ::File.exist?(config[:ssl_ca_file])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
+            end
+            @http_client.ca_file = config[:ssl_ca_file]
+          end
+          if (config[:ssl_client_cert] || config[:ssl_client_key])
+            unless (config[:ssl_client_cert] && config[:ssl_client_key])
+              raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
+            end
+            unless ::File.exists?(config[:ssl_client_cert])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
+            end
+            unless ::File.exists?(config[:ssl_client_key])
+              raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
+            end
+            @http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
+            @http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
+          end
+        end
+
+        @http_client.read_timeout = config[:rest_timeout]
+      end
+
+
+      def configure_http_request(request_body=nil)
+        req_path = "#{path}"
+        req_path << "?#{query}" if query
+
+        @http_request = case method.to_s.downcase
+        when "get"
+          Net::HTTP::Get.new(req_path, headers)
+        when "post"
+          Net::HTTP::Post.new(req_path, headers)
+        when "put"
+          Net::HTTP::Put.new(req_path, headers)
+        when "delete"
+          Net::HTTP::Delete.new(req_path, headers)
+        when "head"
+          Net::HTTP::Head.new(req_path, headers)
+        else
+          raise ArgumentError, "You must provide :GET, :PUT, :POST, :DELETE or :HEAD as the method"
+        end
+
+        @http_request.body = request_body if (request_body && @http_request.request_body_permitted?)
+        # Optionally handle HTTP Basic Authentication
+        @http_request.basic_auth(url.user, url.password) if url.user
+      end
+
+    end
+  end
+end

data/lib/chef/rest.rb

@@ -0,0 +1,394 @@
+#--
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'net/https'
+require 'uri'
+require 'json'
+require 'tempfile'
+require 'chef/api_client'
+require 'chef/rest/auth_credentials'
+require 'chef/rest/rest_request'
+require 'chef/monkey_patches/string'
+
+class Chef
+  # == Chef::REST
+  # Chef's custom REST client with built-in JSON support and RSA signed header
+  # authentication.
+  class REST
+    attr_reader :auth_credentials
+    attr_accessor :url, :cookies, :sign_on_redirect, :redirect_limit
+
+    # Create a REST client object. The supplied +url+ is used as the base for
+    # all subsequent requests. For example, when initialized with a base url
+    # http://localhost:4000, a call to +get_rest+ with 'nodes' will make an
+    # HTTP GET request to http://localhost:4000/nodes
+    def initialize(url, client_name=Chef::Config[:node_name], signing_key_filename=Chef::Config[:client_key], options={})
+      @url = url
+      @cookies = CookieJar.instance
+      @default_headers = options[:headers] || {}
+      @auth_credentials = AuthCredentials.new(client_name, signing_key_filename)
+      @sign_on_redirect, @sign_request = true, true
+      @redirects_followed = 0
+      @redirect_limit = 10
+    end
+
+    def signing_key_filename
+      @auth_credentials.key_file
+    end
+
+    def client_name
+      @auth_credentials.client_name
+    end
+
+    def signing_key
+      @auth_credentials.raw_key
+    end
+
+    # Register the client
+    def register(name=Chef::Config[:node_name], destination=Chef::Config[:client_key])
+      if (File.exists?(destination) &&  !File.writable?(destination))
+        raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination} - check permissions?"
+      end
+      nc = Chef::ApiClient.new
+      nc.name(name)
+
+      catch(:done) do
+        retries = config[:client_registration_retries] || 5
+        0.upto(retries) do |n|
+          begin
+            response = nc.save(true, true)
+            Chef::Log.debug("Registration response: #{response.inspect}")
+            raise Chef::Exceptions::CannotWritePrivateKey, "The response from the server did not include a private key!" unless response.has_key?("private_key")
+            # Write out the private key
+            file = ::File.open(destination, File::WRONLY|File::EXCL|File::CREAT, 0600)
+            file.print(response["private_key"])
+            file.close
+            throw :done
+          rescue IOError
+            raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination}"
+          rescue Net::HTTPFatalError => e
+            Chef::Log.warn("Failed attempt #{n} of #{retries+1} on client creation")
+            raise unless e.response.code == "500"
+          end
+        end
+      end
+
+      true
+    end
+
+    # Send an HTTP GET request to the path
+    #
+    # Using this method to +fetch+ a file is considered deprecated.
+    #
+    # === Parameters
+    # path:: The path to GET
+    # raw:: Whether you want the raw body returned, or JSON inflated.  Defaults
+    #   to JSON inflated.
+    def get_rest(path, raw=false, headers={})
+      if raw
+        streaming_request(create_url(path), headers)
+      else
+        api_request(:GET, create_url(path), headers)
+      end
+    end
+
+    # Send an HTTP DELETE request to the path
+    def delete_rest(path, headers={})
+      api_request(:DELETE, create_url(path), headers)
+    end
+
+    # Send an HTTP POST request to the path
+    def post_rest(path, json, headers={})
+      api_request(:POST, create_url(path), headers, json)
+    end
+
+    # Send an HTTP PUT request to the path
+    def put_rest(path, json, headers={})
+      api_request(:PUT, create_url(path), headers, json)
+    end
+
+    # Streams a download to a tempfile, then yields the tempfile to a block.
+    # After the download, the tempfile will be closed and unlinked.
+    # If you rename the tempfile, it will not be deleted.
+    # Beware that if the server streams infinite content, this method will
+    # stream it until you run out of disk space.
+    def fetch(path, headers={})
+      streaming_request(create_url(path), headers) {|tmp_file| yield tmp_file }
+    end
+
+    def create_url(path)
+      if path =~ /^(http|https):\/\//
+        URI.parse(path)
+      else
+        URI.parse("#{@url}/#{path}")
+      end
+    end
+
+    def sign_requests?
+      auth_credentials.sign_requests? && @sign_request
+    end
+
+    # ==== DEPRECATED
+    # Use +api_request+ instead
+    #--
+    # Actually run an HTTP request.  First argument is the HTTP method,
+    # which should be one of :GET, :PUT, :POST or :DELETE.  Next is the
+    # URL, then an object to include in the body (which will be converted with
+    # .to_json). The limit argument is unused, it is present for backwards
+    # compatibility. Configure the redirect limit with #redirect_limit=
+    # instead.
+    #
+    # Typically, you won't use this method -- instead, you'll use one of
+    # the helper methods (get_rest, post_rest, etc.)
+    #
+    # Will return the body of the response on success.
+    def run_request(method, url, headers={}, data=false, limit=nil, raw=false)
+      json_body = data ? data.to_json : nil
+      headers = build_headers(method, url, headers, json_body, raw)
+
+      tf = nil
+
+      retriable_rest_request(method, url, json_body, headers) do |rest_request|
+
+        res = rest_request.call do |response|
+          if raw
+            tf = stream_to_tempfile(url, response)
+          else
+            response.read_body
+          end
+        end
+
+        if res.kind_of?(Net::HTTPSuccess)
+          if res['content-type'] =~ /json/
+            response_body = res.body.chomp
+            JSON.parse(response_body)
+          else
+            if method == :HEAD
+              true
+            elsif raw
+              tf
+            else
+              res.body
+            end
+          end
+        elsif res.kind_of?(Net::HTTPFound) or res.kind_of?(Net::HTTPMovedPermanently)
+          follow_redirect {run_request(:GET, create_url(res['location']), {}, false, nil, raw)}
+        elsif res.kind_of?(Net::HTTPNotModified)
+          false
+        else
+          if res['content-type'] =~ /json/
+            exception = JSON.parse(res.body)
+            msg = "HTTP Request Returned #{res.code} #{res.message}: "
+            msg << (exception["error"].respond_to?(:join) ? exception["error"].join(", ") : exception["error"].to_s)
+            Chef::Log.warn(msg)
+          end
+          res.error!
+        end
+      end
+    end
+
+    # Runs an HTTP request to a JSON API. File Download not supported.
+    def api_request(method, url, headers={}, data=false)
+      json_body = data ? data.to_json : nil
+      headers = build_headers(method, url, headers, json_body)
+
+      retriable_rest_request(method, url, json_body, headers) do |rest_request|
+        response = rest_request.call {|r| r.read_body}
+
+        if response.kind_of?(Net::HTTPSuccess)
+          if response['content-type'] =~ /json/
+            JSON.parse(response.body.chomp)
+          else
+            Chef::Log.warn("Expected JSON response, but got content-type '#{response['content-type']}'")
+            response.body
+          end
+        elsif redirect_location = redirected_to(response)
+          follow_redirect {api_request(:GET, create_url(redirect_location))}
+        else
+          if response['content-type'] =~ /json/
+            exception = JSON.parse(response.body)
+            msg = "HTTP Request Returned #{response.code} #{response.message}: "
+            msg << (exception["error"].respond_to?(:join) ? exception["error"].join(", ") : exception["error"].to_s)
+            Chef::Log.warn(msg)
+          end
+          response.error!
+        end
+      end
+    end
+
+    # Makes a streaming download request. <b>Doesn't speak JSON.</b>
+    # Streams the response body to a tempfile. If a block is given, it's
+    # passed to Tempfile.open(), which means that the tempfile will automatically
+    # be unlinked after the block is executed.
+    #
+    # If no block is given, the tempfile is returned, which means it's up to
+    # you to unlink the tempfile when you're done with it.
+    def streaming_request(url, headers, &block)
+      headers = build_headers(:GET, url, headers, nil, true)
+      retriable_rest_request(:GET, url, nil, headers) do |rest_request|
+        tempfile = nil
+        response = rest_request.call do |r| 
+          if block_given? && r.kind_of?(Net::HTTPSuccess)
+            begin
+              tempfile = stream_to_tempfile(url, r, &block)
+              yield tempfile
+            ensure
+              tempfile.close!
+            end
+          else
+            tempfile = stream_to_tempfile(url, r)
+          end
+        end
+        if response.kind_of?(Net::HTTPSuccess)
+          tempfile
+        elsif redirect_location = redirected_to(response)
+          # TODO: test tempfile unlinked when following redirects.
+          tempfile && tempfile.close!
+          follow_redirect {streaming_request(create_url(redirect_location), {}, &block)}
+        else
+          tempfile && tempfile.close!
+          response.error!
+        end
+      end
+    end
+
+    def retriable_rest_request(method, url, req_body, headers)
+      rest_request = Chef::REST::RESTRequest.new(method, url, req_body, headers)
+
+      Chef::Log.debug("Sending HTTP Request via #{method} to #{url.host}:#{url.port}#{rest_request.path}")
+
+      http_attempts = 0
+
+      begin
+        http_attempts += 1
+
+        res = yield rest_request
+
+      rescue Errno::ECONNREFUSED
+        if http_retry_count - http_attempts + 1 > 0
+          Chef::Log.error("Connection refused connecting to #{url.host}:#{url.port} for #{rest_request.path}, retry #{http_attempts}/#{http_retry_count}")
+          sleep(http_retry_delay)
+          retry
+        end
+        raise Errno::ECONNREFUSED, "Connection refused connecting to #{url.host}:#{url.port} for #{rest_request.path}, giving up"
+      rescue Timeout::Error
+        if http_retry_count - http_attempts + 1 > 0
+          Chef::Log.error("Timeout connecting to #{url.host}:#{url.port} for #{rest_request.path}, retry #{http_attempts}/#{http_retry_count}")
+          sleep(http_retry_delay)
+          retry
+        end
+        raise Timeout::Error, "Timeout connecting to #{url.host}:#{url.port} for #{rest_request.path}, giving up"
+      rescue Net::HTTPServerException
+        if res.kind_of?(Net::HTTPForbidden)
+          if http_retry_count - http_attempts + 1 > 0
+            Chef::Log.error("Received 403 Forbidden against #{url.host}:#{url.port} for #{rest_request.path}, retry #{http_attempts}/#{http_retry_count}")
+            sleep(http_retry_delay)
+            retry
+          end
+        end
+        raise
+      end
+    end
+
+    def authentication_headers(method, url, json_body=nil)
+      request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"}
+      request_params[:body] ||= ""
+      auth_credentials.signature_headers(request_params)
+    end
+
+    def http_retry_delay
+      config[:http_retry_delay]
+    end
+
+    def http_retry_count
+      config[:http_retry_count]
+    end
+
+    def config
+      Chef::Config
+    end
+
+    def follow_redirect
+      raise Chef::Exceptions::RedirectLimitExceeded if @redirects_followed >= redirect_limit
+      @redirects_followed += 1
+      Chef::Log.debug("Following redirect #{@redirects_followed}/#{redirect_limit}")
+      if @sign_on_redirect
+        yield
+      else
+        @sign_request = false
+        yield
+      end
+    ensure
+      @redirects_followed = 0
+      @sign_request = true
+    end
+
+    private
+
+    def redirected_to(response)
+      if response.kind_of?(Net::HTTPFound) || response.kind_of?(Net::HTTPMovedPermanently)
+        response['location']
+      else
+        nil
+      end
+    end
+
+    def build_headers(method, url, headers={}, json_body=false, raw=false)
+      headers                 = @default_headers.merge(headers)
+      headers['Accept']       = "application/json" unless raw
+      headers["Content-Type"] = 'application/json' if json_body
+      headers['Content-Length'] = json_body.bytesize.to_s if json_body
+      headers.merge!(authentication_headers(method, url, json_body)) if sign_requests?
+      headers
+    end
+
+    def stream_to_tempfile(url, response)
+      tf = Tempfile.open("chef-rest")
+      if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+        tf.binmode #required for binary files on Windows platforms
+      end
+      Chef::Log.debug("Streaming download from #{url.to_s} to tempfile #{tf.path}")
+      # Stolen from http://www.ruby-forum.com/topic/166423
+      # Kudos to _why!
+      size, total = 0, response.header['Content-Length'].to_i
+      response.read_body do |chunk|
+        tf.write(chunk)
+        size += chunk.size
+        if Chef::Log.verbose
+          if size == 0
+            Chef::Log.debug("#{url.path} done (0 length file)")
+          elsif total == 0
+            Chef::Log.debug("#{url.path} (zero content length or no Content-Length header)")
+          else
+            Chef::Log.debug("#{url.path}" + " %d%% done (%d of %d)" % [(size * 100) / total, size, total])
+          end
+        end
+      end
+      tf.close
+      tf
+    rescue Exception
+      tf.close!
+      raise
+    end
+
+  end
+end