knife-ec2 0.11.0.rc.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b9614eea778e1b96eac6b905998953099a1e117e
-  data.tar.gz: 05fbdb2db4d97a775228b2b16cab1dd283408413
+  metadata.gz: 75bf2719d93fe8ea9a23838a6c3a92abc4375c87
+  data.tar.gz: 7a8cdeb7c6bfcc590423ec6e03ee884b4f63a4a7
 SHA512:
-  metadata.gz: d51710f175d77d528c12720bc1b3251f95f28c8b4f47292bfa66dc735b1b6f5c051532d4b50577dbe1566e91f5e7002fdfc005c9bc57f9b45e98f71be589d85b
-  data.tar.gz: fb3c50cb5f6832cc8bb9cbbd22b163ee89d5664c236a860ce05a0e446f13df8c569a9ae57f649af855ed8d26e5d5cd997ed421fc3c19c9f7214ccbb02e26fb54
+  metadata.gz: 01625b07776e0684ec359140a62d513d5bc4df03754a0ef09f23133efb9ee2a2b5bfa52cabc53c4af07b121f4ed43e5a0fd1bdddde4ff9abfc93fe51e65b34e4
+  data.tar.gz: 2e2ea55c71a4989cf3a31da873723372d0d4370801e984f102ddc99536c9b45bcc9a6018955f4f3e701c13a4872f8abaee5c9659685d1a28415ae1af402e1052

data/.gitignore

@@ -34,4 +34,8 @@ Icon?
 *.swo
 
 Gemfile.lock
+Guardfile
 .rspec
+
+.rvmrc
+.rbenv-gemsets

data/.travis.yml

@@ -1,4 +1,8 @@
+language: ruby
+sudo: false
+
 rvm:
-  - 1.9.3
   - 2.0.0
+  - 2.1
+  - 2.2
 script: bundle exec rspec --color --format progress

data/CHANGELOG.md

@@ -4,7 +4,8 @@ Note: this log contains only changes from knife-ec2 release 0.8.0 and later
 -- it does not contain the changes from prior releases. To view change history
 prior to release 0.8.0, please visit the [source repository](https://github.com/opscode/knife-ec2/commits).
 
-## Latest release: 0.11.0 (2015-05-21)
+## Latest release: 0.11.0 (2015-08-24)
+* [knife-ec2:#330](https://github.com/chef/knife-ec2/pull/330) Modification for attribute precedence issue
 * [knife-ec2:#293](https://github.com/chef/knife-ec2/pull/293) s3_source: Lazy load fog library
 * [knife-ec2:#284](https://github.com/chef/knife-ec2/pull/284) Enable Spot Pricing
 * [knife-ec2:#280](https://github.com/chef/knife-ec2/pull/280) Support for EBS volume encryption in knife-ec2 server create options
@@ -12,6 +13,7 @@ prior to release 0.8.0, please visit the [source repository](https://github.com/
 * [knife-ec2:#268](https://github.com/chef/knife-ec2/pull/268) Updated gemspec to use fog v1.25
 * [knife-ec2:#265](https://github.com/chef/knife-ec2/pull/265) showing error message for incorrect option input
 * [knife-ec2:#261](https://github.com/chef/knife-ec2/pull/261) Remove 'em-winrm' gem dependency
+* [KNIFE-464](https://tickets.opscode.com/browse/KNIFE-464) Support EC2 STS, i.e. AWS Federation tokens for authentication
 
 ## Release: 0.10.0.rc.1 (2014-10-08)
 * [Issue:#237](https://github.com/opscode/knife-ec2/issues/237) Provide a way to the validation key and data bag secret from S3
@@ -23,7 +25,6 @@ prior to release 0.8.0, please visit the [source repository](https://github.com/
 * [KNIFE-422](https://tickets.opscode.com/browse/KNIFE-422) Knife ec2 server create doesn't respect identity file of gateway server from ssh\_config
 
 ## Release: 0.8.0 (2014-03-10)
-
 * [KNIFE-458](https://tickets.opscode.com/browse/KNIFE-458) Docs: Increase detail about necessary
   options for VPC instance creation
 * [KNIFE-456](https://tickets.opscode.com/browse/KNIFE-456) Documentation for :aws\_credential\_file difficult to read

data/DOC_CHANGES.md

@@ -37,19 +37,32 @@ a data bag secret file -- this option can be used in place of the
 This option allows the validation key to be specified as a URL. It takes a URL
 as an argument.
 
+## Option `--aws-session-token`
+The option `--aws-session-token` was added for all knife-ec2 subcommands to
+allow support for federation use cases utilizing EC2 STS tokens.
+
 ## SSH Gateway from SSH Config
 Any available SSH Gateway settings in your SSH configuration file are now used
 by default. This includes using any SSH keys specified for the target host.
 This allows simpler command-line usage of the knife plugin with less of a need
 for complex command line invocations.
 
-## Pass separate SSH Gateway key
-You can pass an SSH key to be used for authenticating to the SSH Gateway with
-the --ssh-gateway-identity option.
-
 ## Support Spot Instances
 You can now request a spot instance at a specific price.
 
 ### Option `--spot-price`
 This option allows the maximum desired spot price to be specified. It takes a
 price in US dollars.
+
+## Pass separate SSH Gateway key
+You can pass an SSH key to be used for authenticating to the SSH Gateway with
+the --ssh-gateway-identity option.
+
+### options
+
+```
+--aws-session-token
+```
+
+Your AWS Session Token, for use with AWS STS Federation or Session Tokens.
+This option is available for all subcommands.

data/README.md

@@ -1,21 +1,29 @@
 Knife EC2
 =========
-[![Gem Version](https://badge.fury.io/rb/knife-ec2.png)](http://badge.fury.io/rb/knife-ec2)
-[![Build Status](https://travis-ci.org/opscode/knife-ec2.png?branch=master)](https://travis-ci.org/opscode/knife-ec2)
-[![Dependency Status](https://gemnasium.com/opscode/knife-ec2.png)](https://gemnasium.com/opscode/knife-ec2)
+[![Gem Version](https://badge.fury.io/rb/knife-ec2.svg)](http://badge.fury.io/rb/knife-ec2)
+[![Build Status](https://travis-ci.org/chef/knife-ec2.svg?branch=master)](https://travis-ci.org/chef/knife-ec2)
+[![Dependency Status](https://gemnasium.com/chef/knife-ec2.svg)](https://gemnasium.com/chef/knife-ec2)
 
 This is the official Chef Knife plugin for EC2. This plugin gives knife the ability to create, bootstrap, and manage EC2 instances.
 
-* Documentation: <http://docs.opscode.com/plugin_knife_ec2.html>
-* Source: <http://github.com/opscode/knife-ec2/tree/master>
-* Tickets/Issues: <http://tickets.opscode.com/browse/KNIFE>
+* Documentation: <http://docs.chef.io/plugin_knife_ec2.html>
+* Source: <http://github.com/chef/knife-ec2/tree/master>
+* Issues: <https://github.com/chef/knife-ec2/issues>
 * IRC: `#chef` and `#chef-hacking` on Freenode
-* Mailing list: <http://lists.opscode.com>
+* Mailing list: <http://lists.chef.io>
 
 Note: Documentation needs to be updated in chef docs
 
 Installation
 ------------
+
+If you're using [ChefDK](http://downloads.chef.io/chef-dk/), simply install the
+Gem:
+
+```bash
+chef gem install knife-ec2
+```
+
 If you're using bundler, simply add Chef and Knife EC2 to your `Gemfile`:
 
 ```ruby
@@ -48,6 +56,8 @@ If your `knife.rb` file will be checked into a SCM system (ie readable by others
 ```ruby
 knife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']
 knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']
+# Optional if you're using Amazon's STS
+knife[:aws_session_token] = ENV['AWS_SESSION_TOKEN']
 ```
 
 You also have the option of passing your AWS API Key/Secret into the individual knife subcommands using the `-A` (or `--aws-access-key-id`) `-K` (or `--aws-secret-access-key`) command options
@@ -82,7 +92,8 @@ Additionally the following options may be set in your `knife.rb`:
 - flavor
 - image
 - availability_zone
-- aws_ssh_key_id
+- ssh_key_name
+- aws_session_token
 - region
 - distro
 - template_file
@@ -108,15 +119,19 @@ knife-ec2 now includes the ability to retrieve the encrypted data bag secret and
 }
 ```
 
+### Supported URL format
+- `http` or `https` based: 'http://provisioning.bucket.com/chef/my-validator.pem'
+- `s3` based:  's3://chef/my-validator.pem'
+
 ### Use the following configuration options in `knife.rb` to set the source URLs:
 ```ruby
-knife[:validation_key_url] = 's3://provisioning.bucket.com/chef/my-validator.pem'
-knife[:s3_secret] = 's3://provisioning.bucket.com/chef/encrypted_data_bag_secret'
+knife[:validation_key_url] = 'http://provisioning.bucket.com/chef/my-validator.pem'
+knife[:s3_secret] = 'http://provisioning.bucket.com/chef/encrypted_data_bag_secret'
 ```
 
 ### Alternatively, URLs can be passed directly on the command line:
-- Validation Key: `--validation-key-url s3://provisioning.bucket.com/chef/my-validator.pem`
-- Encrypted Data Bag Secret: `--s3-secret s3://provisioning.bucket.com/chef/encrypted_data_bag_secret`
+- Validation Key: `--validation-key-url s3://chef/my-validator.pem`
+- Encrypted Data Bag Secret: `--s3-secret s3://chef/encrypted_data_bag_secret`
 
 Subcommands
 -----------
@@ -136,7 +151,7 @@ Provisions a new server in the Amazon EC2 and then perform a Chef bootstrap
     # `--spot-price` option lets you specify the spot pricing
     knife ec2 server create -I ami-173d747e -G windows -f m1.medium --user-data ~/your-user-data-file -x '.\a_local_user' -P 'yourpassword' --ssh-key your-public-key-id --spot-price price-in-USD
 
-View additional information on configuring Windows images for bootstrap in the documentation for [knife-windows](http://docs.opscode.com/plugin_knife_windows.html).
+View additional information on configuring Windows images for bootstrap in the documentation for [knife-windows](http://docs.chef.io/plugin_knife_windows.html).
 
 #### `knife ec2 server delete`
 Deletes an existing server in the currently configured AWS account. **By default, this does not delete the associated node and client objects from the Chef server. To do so, add the `--purge` flag**
@@ -146,10 +161,10 @@ Outputs a list of all servers in the currently configured AWS account. **Note, t
 
 License and Authors
 -------------------
-- Author:: Adam Jacob (<adam@getchef.com>)
+- Author:: Adam Jacob (<adam@chef.io>)
 
 ```text
-Copyright 2009-2014 Opscode, Inc.
+Copyright 2009-2015 Chef Software, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/RELEASE_NOTES.md

@@ -32,7 +32,7 @@ https://github.com/opscode/knife-ec2
 
 ## Issues fixed in knife-ec2 0.11.0
 
-* Update `fog` gem dependency to `fog v1.25`
+* Update `fog` gem dependency to `fog v1.29`
 * Remove 'em-winrm' gem dependency
 * [knife-ec2:#273](https://github.com/chef/knife-ec2/pull/273) Remove -s option for data bag secret and subnets
 * [knife-ec2:#265](https://github.com/chef/knife-ec2/pull/265) showing error message for incorrect option input

data/Rakefile

@@ -30,15 +30,15 @@ begin
   require 'rdoc/task'
 
   RDoc::Task.new do |rdoc|
-    rdoc.title = "Chef Ruby API Documentation"
-    rdoc.main = "README.rdoc"
+    rdoc.title = 'Chef Ruby API Documentation'
+    rdoc.main = 'README.rdoc'
     rdoc.options << '--fmt' << 'shtml' # explictly set shtml generator
     rdoc.template = 'direct' # lighter template
-    rdoc.rdoc_files.include("README.rdoc", "LICENSE", "spec/tiny_server.rb", "lib/**/*.rb")
-    rdoc.rdoc_dir = "rdoc"
+    rdoc.rdoc_files.include('README.rdoc', 'LICENSE', 'spec/tiny_server.rb', 'lib/**/*.rb')
+    rdoc.rdoc_dir = 'rdoc'
   end
 rescue LoadError
-  puts "sdoc is not available. (sudo) gem install sdoc to generate rdoc documentation."
+  puts 'sdoc is not available. (sudo) gem install sdoc to generate rdoc documentation.'
 end
 
 begin
@@ -46,7 +46,7 @@ begin
 
   task :default => :spec
 
-  desc "Run all specs in spec directory"
+  desc 'Run all specs in spec directory'
   RSpec::Core::RakeTask.new(:spec) do |t|
     t.pattern = 'spec/unit/**/*_spec.rb'
   end
@@ -54,4 +54,3 @@ begin
 rescue LoadError
   STDERR.puts "\n*** RSpec not available. (sudo) gem install rspec to run unit tests. ***\n\n"
 end
-

data/knife-ec2.gemspec

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-$:.push File.expand_path('../lib', __FILE__)
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
 require 'knife-ec2/version'
 
 Gem::Specification.new do |s|
@@ -8,23 +8,21 @@ Gem::Specification.new do |s|
   s.authors      = ['Adam Jacob', 'Seth Chisamore']
   s.email        = ['adam@opscode.com', 'schisamo@opscode.com']
   s.homepage     = 'https://github.com/opscode/knife-ec2'
-  s.summary      = %q{EC2 Support for Chef's Knife Command}
+  s.summary      = "EC2 Support for Chef's Knife Command"
   s.description  = s.summary
   s.license      = 'Apache-2.0'
 
   s.files        = `git ls-files`.split("\n")
   s.test_files   = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables  = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.executables  = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
 
-  s.add_dependency 'fog',           '~> 1.25.0'
+  s.add_dependency 'fog',           '~> 1.29.0'
   s.add_dependency 'knife-windows', '>= 0.8.2'
 
-  s.add_development_dependency 'mixlib-config', '~> 2.0'
-  s.add_development_dependency 'chef',          '>= 11.16.2', '< 12'
-  s.add_development_dependency 'rspec',         '~> 2.14'
-  s.add_development_dependency 'rake',          '~> 10.1'
-  s.add_development_dependency 'sdoc',          '~> 0.3'
+  s.add_development_dependency 'chef',  '~> 12.0', '>= 12.2.1'
+  s.add_development_dependency 'rspec', '~> 3.0'
+  s.add_development_dependency 'rake',  '~> 10.1'
+  s.add_development_dependency 'sdoc',  '~> 0.3'
 
   s.require_paths = ['lib']
 end
-

data/lib/chef/knife/ec2_base.rb

@@ -51,6 +51,11 @@ class Chef
             :description => "Your AWS API Secret Access Key",
             :proc => Proc.new { |key| Chef::Config[:knife][:aws_secret_access_key] = key }
 
+          option :aws_session_token,
+            :long => "--aws-session-token TOKEN",
+            :description => "Your AWS Session Token, for use with AWS STS Federation or Session Tokens",
+            :proc => Proc.new { |key| Chef::Config[:knife][:aws_session_token] = key }
+
           option :region,
             :long => "--region REGION",
             :description => "Your AWS region",
@@ -75,6 +80,7 @@ class Chef
         else
           connection_settings[:aws_access_key_id] = locate_config_value(:aws_access_key_id)
           connection_settings[:aws_secret_access_key] = locate_config_value(:aws_secret_access_key)
+          connection_settings[:aws_session_token] = locate_config_value(:aws_session_token)
         end
         @connection ||= begin
           connection = Fog::Compute.new(connection_settings)

data/lib/chef/knife/ec2_server_create.rb

@@ -105,7 +105,7 @@ class Chef
         :short => "-S KEY",
         :long => "--ssh-key KEY",
         :description => "The AWS SSH key id",
-        :proc => Proc.new { |key| Chef::Config[:knife][:aws_ssh_key_id] = key }
+        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_key_name] = key }
 
       option :ssh_user,
         :short => "-x USERNAME",
@@ -158,15 +158,23 @@ class Chef
       option :distro,
         :short => "-d DISTRO",
         :long => "--distro DISTRO",
-        :description => "Bootstrap a distro using a template; default is 'chef-full'",
-        :proc => Proc.new { |d| Chef::Config[:knife][:distro] = d },
-        :default => "chef-full"
+        :description => "Bootstrap a distro using a template. [DEPRECATED] Use --bootstrap-template option instead.",
+        :proc        => Proc.new { |v|
+          Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use --bootstrap-template option instead.")
+          v
+        }
 
       option :template_file,
         :long => "--template-file TEMPLATE",
-        :description => "Full path to location of template to use",
-        :proc => Proc.new { |t| Chef::Config[:knife][:template_file] = t },
-        :default => false
+        :description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
+        :proc        => Proc.new { |v|
+          Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use -t / --bootstrap-template option instead.")
+          v
+        }
+
+      option :bootstrap_template,
+        :long => "--bootstrap-template TEMPLATE",
+        :description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
 
       option :ebs_size,
         :long => "--ebs-size SIZE",
@@ -302,6 +310,81 @@ class Chef
         :description => "The maximum hourly USD price for the instance",
         :default => nil
 
+      option :spot_request_type,
+        :long => "--spot-request-type TYPE",
+        :description => "The Spot Instance request type. Possible values are 'one-time' and 'persistent', default value is 'one-time'",
+        :default => "one-time"
+
+      option :aws_connection_timeout,
+        :long => "--aws-connection-timeout MINUTES",
+        :description => "The maximum time in minutes to wait to for aws connection. Default is 10 min",
+        :proc => proc {|t| t = t.to_i * 60; Chef::Config[:aws_connection_timeout] = t},
+        :default => 600
+
+      option :node_ssl_verify_mode,
+        :long        => "--node-ssl-verify-mode [peer|none]",
+        :description => "Whether or not to verify the SSL cert for all HTTPS requests.",
+        :proc        => Proc.new { |v|
+          valid_values = ["none", "peer"]
+          unless valid_values.include?(v)
+            raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
+          end
+        }
+
+      option :node_verify_api_cert,
+        :long        => "--[no-]node-verify-api-cert",
+        :description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
+        :boolean     => true
+
+      option :bootstrap_no_proxy,
+        :long => "--bootstrap-no-proxy [NO_PROXY_URL|NO_PROXY_IP]",
+        :description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
+        :proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
+
+      option :bootstrap_url,
+        :long        => "--bootstrap-url URL",
+        :description => "URL to a custom installation script",
+        :proc        => Proc.new { |u| Chef::Config[:knife][:bootstrap_url] = u }
+
+      option :bootstrap_install_command,
+        :long        => "--bootstrap-install-command COMMANDS",
+        :description => "Custom command to install chef-client",
+        :proc        => Proc.new { |ic| Chef::Config[:knife][:bootstrap_install_command] = ic }
+
+      option :bootstrap_wget_options,
+        :long        => "--bootstrap-wget-options OPTIONS",
+        :description => "Add options to wget when installing chef-client",
+        :proc        => Proc.new { |wo| Chef::Config[:knife][:bootstrap_wget_options] = wo }
+
+      option :bootstrap_curl_options,
+        :long        => "--bootstrap-curl-options OPTIONS",
+        :description => "Add options to curl when install chef-client",
+        :proc        => Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
+
+      option :bootstrap_vault_file,
+        :long        => '--bootstrap-vault-file VAULT_FILE',
+        :description => 'A JSON file with a list of vault(s) and item(s) to be updated'
+
+      option :bootstrap_vault_json,
+        :long        => '--bootstrap-vault-json VAULT_JSON',
+        :description => 'A JSON string with the vault(s) and item(s) to be updated'
+
+      option :bootstrap_vault_item,
+        :long        => '--bootstrap-vault-item VAULT_ITEM',
+        :description => 'A single vault and item to update as "vault:item"',
+        :proc        => Proc.new { |i|
+          (vault, item) = i.split(/:/)
+          Chef::Config[:knife][:bootstrap_vault_item] ||= {}
+          Chef::Config[:knife][:bootstrap_vault_item][vault] ||= []
+          Chef::Config[:knife][:bootstrap_vault_item][vault].push(item)
+          Chef::Config[:knife][:bootstrap_vault_item]
+        }
+
+      option :use_sudo_password,
+        :long => "--use-sudo-password",
+        :description => "Execute the bootstrap via sudo with password",
+        :boolean => false
+
       def run
         $stdout.sync = true
 
@@ -317,6 +400,14 @@ class Chef
           msg_pair("Spot Request ID", spot_request.id)
           msg_pair("Spot Request Type", spot_request.request_type)
           msg_pair("Spot Price", spot_request.price)
+
+          wait_msg = "Do you want to wait for Spot Instance Request fulfillment? (Y/N) \n"
+          wait_msg += "Y - Wait for Spot Instance request fulfillment\n"
+          wait_msg += "N - Do not wait for Spot Instance request fulfillment. "
+          wait_msg += ui.color("[WARN :: Request would be alive on AWS ec2 side but execution of Chef Bootstrap on the target instance will get skipped.]\n", :red, :bold)
+          wait_msg += ui.color("\n[WARN :: For any of the above mentioned choices, (Y) - if the instance does not get allocated before the command itself times-out or (N) - user decides to exit, then in both cases user needs to manually bootstrap the instance in future after it gets allocated.]\n\n", :cyan, :bold)
+          confirm(wait_msg)
+
           print ui.color("Waiting for Spot Request fulfillment:  ", :cyan)
           spot_request.wait_for do
             @spinner ||= %w{| / - \\}
@@ -365,7 +456,7 @@ class Chef
         print "\n#{ui.color("Waiting for EC2 to create the instance", :magenta)}"
 
         # wait for instance to come up before acting against it
-        @server.wait_for { print "."; ready? }
+        @server.wait_for(locate_config_value(:aws_connection_timeout)) { print "."; ready? }
 
         puts("\n")
 
@@ -406,8 +497,6 @@ class Chef
         if is_image_windows?
           protocol = locate_config_value(:bootstrap_protocol)
           protocol ||= 'winrm'
-          # Set distro to windows-chef-client-msi
-          config[:distro] = "windows-chef-client-msi" if (config[:distro].nil? || config[:distro] == "chef-full")
           if protocol == 'winrm'
             load_winrm_deps
             print "\n#{ui.color("Waiting for winrm access to become available", :magenta)}"
@@ -495,6 +584,10 @@ class Chef
         msg_pair("JSON Attributes",config[:json_attributes]) unless !config[:json_attributes] || config[:json_attributes].empty?
       end
 
+      def default_bootstrap_template
+        is_image_windows? ? 'windows-chef-client-msi' : 'chef-full'
+      end
+
       def validation_key_path
         @validation_key_path ||= begin
           if URI(Chef::Config[:knife][:validation_key_url]).scheme == 'file'
@@ -536,8 +629,9 @@ class Chef
       def bootstrap_common_params(bootstrap)
         bootstrap.config[:run_list] = config[:run_list]
         bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
-        bootstrap.config[:distro] = locate_config_value(:distro)
-        bootstrap.config[:template_file] = locate_config_value(:template_file)
+        bootstrap.config[:distro] = locate_config_value(:distro) || default_bootstrap_template
+        # setting bootstrap_template value to template_file for backward compatibility
+        bootstrap.config[:template_file] = locate_config_value(:template_file) || locate_config_value(:bootstrap_template)
         bootstrap.config[:environment] = locate_config_value(:environment)
         bootstrap.config[:prerelease] = config[:prerelease]
         bootstrap.config[:first_boot_attributes] = locate_config_value(:json_attributes) || {}
@@ -545,6 +639,17 @@ class Chef
         bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
         bootstrap.config[:secret] = s3_secret || locate_config_value(:secret)
         bootstrap.config[:secret_file] = locate_config_value(:secret_file)
+        bootstrap.config[:node_ssl_verify_mode] = locate_config_value(:node_ssl_verify_mode)
+        bootstrap.config[:node_verify_api_cert] = locate_config_value(:node_verify_api_cert)
+        bootstrap.config[:bootstrap_no_proxy] = locate_config_value(:bootstrap_no_proxy)
+        bootstrap.config[:bootstrap_url] = locate_config_value(:bootstrap_url)
+        bootstrap.config[:bootstrap_install_command] = locate_config_value(:bootstrap_install_command)
+        bootstrap.config[:bootstrap_wget_options] = locate_config_value(:bootstrap_wget_options)
+        bootstrap.config[:bootstrap_curl_options] = locate_config_value(:bootstrap_curl_options)
+        bootstrap.config[:bootstrap_vault_file] = locate_config_value(:bootstrap_vault_file)
+        bootstrap.config[:bootstrap_vault_json] = locate_config_value(:bootstrap_vault_json)
+        bootstrap.config[:bootstrap_vault_item] = locate_config_value(:bootstrap_vault_item)
+        bootstrap.config[:use_sudo_password] = locate_config_value(:use_sudo_password)
         # Modify global configuration state to ensure hint gets set by
         # knife-bootstrap
         Chef::Config[:knife][:hints] ||= {}
@@ -593,6 +698,7 @@ class Chef
         bootstrap = Chef::Knife::Bootstrap.new
         bootstrap.name_args = [ssh_host]
         bootstrap.config[:ssh_user] = config[:ssh_user]
+        bootstrap.config[:ssh_password] = locate_config_value(:ssh_password)
         bootstrap.config[:ssh_port] = config[:ssh_port]
         bootstrap.config[:ssh_gateway] = config[:ssh_gateway]
         bootstrap.config[:identity_file] = config[:identity_file]
@@ -614,7 +720,13 @@ class Chef
       end
 
       def validate!
-        super([:image, :aws_ssh_key_id, :aws_access_key_id, :aws_secret_access_key])
+        if Chef::Config[:knife].keys.include? :aws_ssh_key_id
+          Chef::Config[:knife][:ssh_key_name] = Chef::Config[:knife][:aws_ssh_key_id] if !Chef::Config[:knife][:ssh_key_name]
+          Chef::Config[:knife].delete(:aws_ssh_key_id)
+          ui.warn("Use of aws_ssh_key_id option in knife.rb config is deprecated, use ssh_key_name option instead.")
+        end
+
+        super([:image, :ssh_key_name, :aws_access_key_id, :aws_secret_access_key])
 
         if ami.nil?
           ui.error("You have not provided a valid image (AMI) value.")
@@ -675,17 +787,38 @@ class Chef
           ui.error("Invalid value type for knife[:security_group_ids] in knife configuration file (i.e knife.rb). Type should be array. e.g - knife[:security_group_ids] = ['sgroup1']")
           exit 1
         end
+        if locate_config_value(:ebs_encrypted)
+          error_message = ""
+          errors = []
+          # validation for flavor and ebs_encrypted
+          if !locate_config_value(:flavor)
+            ui.error("--ebs-encrypted option requires valid flavor to be specified.")
+            exit 1
+          elsif (locate_config_value(:ebs_encrypted) and ! %w(m3.medium  m3.large  m3.xlarge m3.2xlarge c4.large c4.xlarge
+                                             c4.2xlarge c4.4xlarge c4.8xlarge c3.large c3.xlarge c3.2xlarge
+                                             c3.4xlarge c3.8xlarge cr1.8xlarge r3.large r3.xlarge r3.2xlarge
+                                             r3.4xlarge r3.8xlarge i2.xlarge i2.2xlarge i2.4xlarge i2.8xlarge g2.2xlarge).include?(locate_config_value(:flavor)))
+            ui.error("--ebs-encrypted option is not supported for #{locate_config_value(:flavor)} flavor.")
+            exit 1
+          end
 
-        if (locate_config_value(:ebs_encrypted) and !locate_config_value(:flavor))
-          ui.error("--ebs_encrypted option requires valid flavor to be specified.")
-          exit 1
-        elsif (locate_config_value(:ebs_encrypted) and ! %w(m3.medium  m3.large  m3.xlarge m3.2xlarge c4.large c4.xlarge
-                                           c4.2xlarge c4.4xlarge c4.8xlarge c3.large c3.xlarge c3.2xlarge
-                                           c3.4xlarge c3.8xlarge cr1.8xlarge r3.large r3.xlarge r3.2xlarge
-                                           r3.4xlarge r3.8xlarge i2.xlarge i2.2xlarge i2.4xlarge i2.8xlarge g2.2xlarge).include?(locate_config_value(:flavor)))
-          ui.error("--ebs_encrypted option is not supported for #{locate_config_value(:flavor)} flavor.")
-          exit 1
+          # validation for ebs_size and ebs_volume_type and ebs_encrypted
+          if !locate_config_value(:ebs_size)
+            errors << "--ebs-encrypted option requires valid --ebs-size to be specified."
+          elsif locate_config_value(:ebs_volume_type) == "gp2" and ! locate_config_value(:ebs_size).to_i.between?(1, 16384)
+            errors << "--ebs-size should be in between 1-16384 for 'gp2' ebs volume type."
+          elsif locate_config_value(:ebs_volume_type) == "io1" and ! locate_config_value(:ebs_size).to_i.between?(4, 16384)
+            errors << "--ebs-size should be in between 4-16384 for 'io1' ebs volume type."
+          elsif locate_config_value(:ebs_volume_type) == "standard" and ! locate_config_value(:ebs_size).to_i.between?(1, 1024)
+            errors << "--ebs-size should be in between 1-1024 for 'standard' ebs volume type."
+          end
+
+          if errors.each{|e| error_message = "#{error_message} #{e}"}.any?
+            ui.error(error_message)
+            exit 1
+          end
         end
+
       end
 
       def tags
@@ -711,9 +844,10 @@ class Chef
           :groups => config[:security_groups],
           :security_group_ids => locate_config_value(:security_group_ids),
           :flavor_id => locate_config_value(:flavor),
-          :key_name => Chef::Config[:knife][:aws_ssh_key_id],
+          :key_name => locate_config_value(:ssh_key_name),
           :availability_zone => locate_config_value(:availability_zone),
-          :price => locate_config_value(:spot_price)
+          :price => locate_config_value(:spot_price),
+          :request_type => locate_config_value(:spot_request_type)
         }
         server_def[:subnet_id] = locate_config_value(:subnet_id) if vpc_mode?
         server_def[:private_ip_address] = locate_config_value(:private_ip_address) if vpc_mode?
@@ -722,11 +856,11 @@ class Chef
         server_def[:tenancy] = "dedicated" if vpc_mode? and locate_config_value(:dedicated_instance)
         server_def[:associate_public_ip] = locate_config_value(:associate_public_ip) if vpc_mode? and config[:associate_public_ip]
 
-        if Chef::Config[:knife][:aws_user_data]
+        if locate_config_value(:aws_user_data)
           begin
-            server_def.merge!(:user_data => File.read(Chef::Config[:knife][:aws_user_data]))
+            server_def.merge!(:user_data => File.read(locate_config_value(:aws_user_data)))
           rescue
-            ui.warn("Cannot read #{Chef::Config[:knife][:aws_user_data]}: #{$!.inspect}. Ignoring option.")
+            ui.warn("Cannot read #{locate_config_value(:aws_user_data)}: #{$!.inspect}. Ignoring option.")
           end
         end
 
@@ -912,7 +1046,7 @@ class Chef
 
       def associate_eip(elastic_ip)
         connection.associate_address(server.id, elastic_ip.public_ip, nil, elastic_ip.allocation_id)
-        @server.wait_for { public_ip_address == elastic_ip.public_ip }
+        @server.wait_for(locate_config_value(:aws_connection_timeout)) { public_ip_address == elastic_ip.public_ip }
       end
 
       def ssh_override_winrm