knife-ec2 0.15.0 → 0.16.0

data/lib/knife-ec2/version.rb

@@ -1,6 +1,6 @@
-module Knife
-  module Ec2
-    VERSION = "0.15.0"
-    MAJOR, MINOR, TINY = VERSION.split('.')
-  end
-end
+module Knife
+  module Ec2
+    VERSION = "0.16.0"
+    MAJOR, MINOR, TINY = VERSION.split('.')
+  end
+end

data/spec/spec_helper.rb

@@ -5,6 +5,7 @@ require 'chef/knife/ec2_server_create'
 require 'chef/knife/ec2_server_delete'
 require 'chef/knife/ec2_server_list'
 require 'chef/knife/ec2_ami_list'
+require 'chef/knife/ec2_flavor_list'
 
 # Clear config between each example
 # to avoid dependencies between examples

data/spec/unit/ec2_ami_list_spec.rb

@@ -32,7 +32,7 @@
                                          "deleteOnTermination"=>"true",
                                          "volumeType"=>"standard",
                                          "encrypted"=>"false"}],
-              'description'         => "DC for Quan",
+              'description'         => "window winrm",
               'hypervisor'          => "xen",
               'imageId'             => "ami-4ace6d23",
               'imageLocation'       => "microsoft/Windows_Server-2008-R2-SP1-English-64Bit-WebMatrix_Hosting-2012.06.12",
@@ -80,7 +80,7 @@
                                          "deleteOnTermination"=>"true",
                                          "volumeType"=>"standard",
                                          "encrypted"=>"false"}],
-              'description'         => "DC for Quan",
+              'description'         => "ubuntu 14.04",
               'hypervisor'          => "xen",
               'imageId'             => "ami-4ace6d29",
               'imageOwnerAlias'     => "aws-marketplace",
@@ -133,7 +133,7 @@
             allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
             expect(knife_ec2_ami_list).to receive(:validate!)
             images = ec2_connection.describe_images.body['imagesSet']
-            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name"]
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
             output_column_count = output_column.length
             images.each do |image|
               output_column << image["imageId"].to_s
@@ -141,6 +141,7 @@
               output_column << image["architecture"].to_s
               output_column << image["blockDeviceMapping"].first["volumeSize"].to_s
               output_column << image["name"].split(/\W+/).first
+              output_column << image["description"]
             end
             expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
             knife_ec2_ami_list.run
@@ -192,7 +193,7 @@
             allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
             images = ec2_connection.describe_images.body['imagesSet']
             expect(knife_ec2_ami_list).to receive(:validate!)
-            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name"]
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
             output_column_count = output_column.length
             images.each do |image|
               output_column << image["imageId"].to_s
@@ -200,6 +201,7 @@
               output_column << image["architecture"].to_s
               output_column << image["blockDeviceMapping"].first["volumeSize"].to_s
               output_column << image["name"].split(/\W+/).first
+              output_column << image["description"]
             end
             expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
             knife_ec2_ami_list.run
@@ -212,13 +214,14 @@
             allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
             window_image = ec2_connection.describe_images.body['imagesSet'].first
             expect(knife_ec2_ami_list).to receive(:validate!)
-            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name"]
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
             output_column_count = output_column.length
             output_column << window_image["imageId"]
             output_column << window_image["platform"]
             output_column << window_image["architecture"]
             output_column << window_image["blockDeviceMapping"].first["volumeSize"].to_s
             output_column << window_image["name"].split(/\W+/).first
+            output_column << window_image["description"]
             expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
             knife_ec2_ami_list.run
           end
@@ -230,13 +233,14 @@
             allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
             ubuntu_image = ec2_connection.describe_images.body['imagesSet'][1]
             expect(knife_ec2_ami_list).to receive(:validate!)
-            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name"]
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
             output_column_count = output_column.length
             output_column << ubuntu_image["imageId"]
             output_column << ubuntu_image["name"].split(/\W+/).first
             output_column << ubuntu_image["architecture"]
             output_column << ubuntu_image["blockDeviceMapping"].first["volumeSize"].to_s
             output_column << ubuntu_image["name"].split(/\W+/).first
+            output_column << ubuntu_image["description"]
             expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
             knife_ec2_ami_list.run
           end
@@ -248,13 +252,14 @@
             allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
             expect(knife_ec2_ami_list).to receive(:validate!)
             fedora_image = ec2_connection.describe_images.body['imagesSet'].last
-            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name"]
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
             output_column_count = output_column.length
             output_column << fedora_image["imageId"]
             output_column << fedora_image["name"].split(/\W+/).first
             output_column << fedora_image["architecture"]
             output_column << fedora_image["blockDeviceMapping"].first["volumeSize"].to_s
             output_column << fedora_image["name"].split(/\W+/).first
+            output_column << fedora_image["description"]
             expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
             knife_ec2_ami_list.run
           end
@@ -265,7 +270,86 @@
             knife_ec2_ami_list.config[:platform] = 'xyz'
             knife_ec2_ami_list.config[:use_iam_profile] = true
             knife_ec2_ami_list.config[:owner] = true
-            expect{ knife_ec2_ami_list.validate! }.to raise_error "Invalid platform: #{knife_ec2_ami_list.config[:platform]}. Allowed platforms are: ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco, amazon, nessus."
+            expect{ knife_ec2_ami_list.validate! }.to raise_error "Invalid platform: #{knife_ec2_ami_list.config[:platform]}. Allowed platforms are: windows, ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco, amazon, nessus."
+          end
+        end
+      end
+
+      context 'when --search is passed' do
+        before do
+          allow(knife_ec2_ami_list.ui).to receive(:warn)
+          allow(knife_ec2_ami_list).to receive(:custom_warnings!)
+        end
+
+        context 'When search key word is present in description' do
+          it 'shows only AMIs List that have 14.04 in description' do
+            knife_ec2_ami_list.config[:search] = '14.04'
+            allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
+            image = ec2_connection.describe_images.body['imagesSet'][2]
+            expect(knife_ec2_ami_list).to receive(:validate!)
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
+            output_column_count = output_column.length
+            output_column << image["imageId"]
+            output_column << image["name"].split(/\W+/).first
+            output_column << image["architecture"]
+            output_column << image["blockDeviceMapping"].first["volumeSize"].to_s
+            output_column << image["name"].split(/\W+/).first
+            output_column << image["description"]
+            expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
+            knife_ec2_ami_list.run
+          end
+        end
+
+        context 'When user pass platform and search keyword' do
+          it 'shows only AMIs List that have 14.04 in description and platform is ubuntu' do
+            knife_ec2_ami_list.config[:platform] = 'ubuntu'
+            knife_ec2_ami_list.config[:search] = 'Quan'
+            allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
+            ubuntu_image = ec2_connection.describe_images.body['imagesSet'][1]
+            expect(knife_ec2_ami_list).to receive(:validate!)
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
+            output_column_count = output_column.length
+            output_column << ubuntu_image["imageId"]
+            output_column << ubuntu_image["name"].split(/\W+/).first
+            output_column << ubuntu_image["architecture"]
+            output_column << ubuntu_image["blockDeviceMapping"].first["volumeSize"].to_s
+            output_column << ubuntu_image["name"].split(/\W+/).first
+            output_column << ubuntu_image["description"]
+            expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
+            knife_ec2_ami_list.run
+          end
+        end
+
+        context 'When user pass owner, platform and search keyword' do
+          it 'shows only AMIs List that owner microsoft platform windows and search keyword is winrm' do
+            knife_ec2_ami_list.config[:owner] = 'microsoft'
+            knife_ec2_ami_list.config[:platform] = 'windows'
+            knife_ec2_ami_list.config[:search] = 'winrm'
+            allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
+            ubuntu_image = ec2_connection.describe_images.body['imagesSet'].first
+            expect(knife_ec2_ami_list).to receive(:validate!)
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
+            output_column_count = output_column.length
+            output_column << ubuntu_image["imageId"]
+            output_column << ubuntu_image["platform"]
+            output_column << ubuntu_image["architecture"]
+            output_column << ubuntu_image["blockDeviceMapping"].first["volumeSize"].to_s
+            output_column << ubuntu_image["name"].split(/\W+/).first
+            output_column << ubuntu_image["description"]
+            expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
+            knife_ec2_ami_list.run
+          end
+        end
+
+        context 'When search key word is not present in description' do
+          it 'Fetch no AMI' do
+            knife_ec2_ami_list.config[:search] = 'Not present'
+            allow(ec2_connection).to receive(:describe_images).and_return(@describe_images_format)
+            expect(knife_ec2_ami_list).to receive(:validate!)
+            output_column = ["AMI ID", "Platform", "Architecture", "Size", "Name", "Description"]
+            output_column_count = output_column.length
+            expect(knife_ec2_ami_list.ui).to receive(:list).with(output_column,:uneven_columns_across, output_column_count)
+            knife_ec2_ami_list.run
           end
         end
       end

data/spec/unit/ec2_flavor_list_spec.rb

@@ -15,7 +15,6 @@
 
 require File.expand_path('../../spec_helper', __FILE__)
 require 'fog/aws'
-require 'chef/knife/ec2_flavor_list'
 
 describe Chef::Knife::Ec2FlavorList do
 
@@ -24,7 +23,7 @@ describe Chef::Knife::Ec2FlavorList do
     let(:ec2_connection) { double(Fog::Compute::AWS) }
     before do
       allow(knife_flavor_list).to receive(:connection).and_return(ec2_connection)
-      @flavor1 = double("flavor1", :name => "High-CPU Medium", :architecture => "32-bit-bit", :id => "c1.medium", :bits => "32-bit", :cores => "5", :disk => "1740.8 GB", :ram => "350 GB", :ebs_optimized_available => "false", :instance_store_volumes => "0")
+      @flavor1 = double("flavor1", :name => "High-CPU Medium", :architecture => "32", :id => "c1.medium", :bits => "32", :cores => "5", :ram => "1740.8", :disk => "350", :ebs_optimized_available => "false", :instance_store_volumes => "0")
 
       allow(ec2_connection).to receive(:flavors).and_return([@flavor1])
 
@@ -39,18 +38,29 @@ describe Chef::Knife::Ec2FlavorList do
       knife_flavor_list.run
     end
 
+    context 'when region is not specified' do
+      it 'shows warning that default region will be will be used' do
+        knife_flavor_list.config.delete(:region)
+        Chef::Config[:knife].delete(:region)
+        ec2_flavors = double(:sort_by => [])
+        allow(ec2_connection).to receive(:flavors).and_return(ec2_flavors)
+        allow(knife_flavor_list).to receive(:validate!)
+        expect(knife_flavor_list.ui).to receive(:warn).with("No region was specified in knife.rb or as an argument. The default region, us-east-1, will be used:")
+        knife_flavor_list.run
+      end
+    end
 
     context '--format option' do
       context 'when format=summary' do
         before do
-	  @output_s=["ID", "Name", "Architecture", "RAM", "Disk", "Cores", "c1.medium", "High-CPU Medium", "32-bit-bit", "350 GB", "1740.8 GB GB", "5"]
+          @output_s=["ID", "Name", "Architecture", "RAM", "Disk", "Cores", "c1.medium", "High-CPU Medium", "32-bit", "1740.8", "350 GB", "5"]
           knife_flavor_list.config[:format] = 'summary'
           allow(knife_flavor_list.ui).to receive(:warn)
           allow(knife_flavor_list).to receive(:validate!)
         end
 
         it 'shows the output in summary format' do
-          expect(knife_flavor_list.ui).to receive(:list).with(@output_s,:columns_across,6)
+          expect(knife_flavor_list.ui).to receive(:list).with(@output_s, :uneven_columns_across, 6)
           knife_flavor_list.run
         end
       end

data/spec/unit/ec2_server_create_spec.rb

@@ -46,7 +46,8 @@ describe Chef::Knife::Ec2ServerCreate do
                            :public_ip_address => '75.101.253.10',
                            :private_dns_name => 'ip-10-251-75-20.ec2.internal',
                            :private_ip_address => '10.251.75.20',
-                           :root_device_type => 'not_ebs' } }
+                           :root_device_type => 'not_ebs',
+                           :block_device_mapping => [{'volumeId' => "456"}]  } }
 
   let (:server) { double(:id => "i-123" ) }
 
@@ -80,6 +81,7 @@ describe Chef::Knife::Ec2ServerCreate do
     end
 
     allow(ec2_connection).to receive(:tags).and_return double('create', :create => true)
+    allow(ec2_connection).to receive(:volume_tags).and_return double('create', :create => true)
     allow(ec2_connection).to receive_message_chain(:images, :get).and_return double('ami', :root_device_type => 'not_ebs', :platform => 'linux')
     allow(ec2_connection).to receive(:addresses).and_return [double('addesses', {
             :domain => 'standard',
@@ -281,7 +283,6 @@ describe Chef::Knife::Ec2ServerCreate do
       # default value of config[:ssh_password] is nil
       knife_ec2_create.config[:winrm_password] = "winrm_password"
       knife_ec2_create.config[:ssh_password] = nil
-
       expect(new_ec2_server).to receive(:wait_for).and_return(true)
       knife_ec2_create.run
       expect(knife_ec2_create.config[:ssh_password]).to eq("winrm_password")
@@ -455,6 +456,8 @@ describe Chef::Knife::Ec2ServerCreate do
       allow(ec2_servers).to receive(:create).and_return(new_ec2_server)
       allow(knife_ec2_create).to receive(:puts)
       allow(knife_ec2_create).to receive(:print)
+      allow(knife_ec2_create.ui).to receive(:error)
+      allow(knife_ec2_create.ui).to receive(:msg)
     end
 
     it "sets the Name tag to the instance id by default" do
@@ -490,6 +493,25 @@ describe Chef::Knife::Ec2ServerCreate do
 
   end
 
+  describe "when setting volume tags" do
+    before do
+      expect(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
+      allow(knife_ec2_create).to receive(:bootstrap_for_linux_node).and_return double("bootstrap", :run => true)
+      allow(ec2_connection).to receive(:servers).and_return(ec2_servers)
+      allow(ec2_servers).to receive(:create).and_return(new_ec2_server)
+      allow(new_ec2_server).to receive(:wait_for).and_return(true)
+      allow(knife_ec2_create.ui).to receive(:error)
+    end
+
+    it "sets the volume tags as specified when given --volume-tags Key=Value" do
+      knife_ec2_create.config[:volume_tags] = ["VolumeTagKey=TestVolumeTagValue"]
+      expect(ec2_connection.tags).to receive(:create).with(:key => "VolumeTagKey",
+                                                        :value => "TestVolumeTagValue",
+                                                        :resource_id => new_ec2_server.block_device_mapping.first['volumeId'])
+      knife_ec2_create.run
+    end
+  end
+
   # This shared examples group can be used to house specifications that
   # are common to both the Linux and Windows bootstraping process. This
   # would remove a lot of testing duplication that is currently present.
@@ -1588,13 +1610,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
         EOH
       end
 
@@ -1607,7 +1655,7 @@ netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Local
       before do
         knife_ec2_create.config[:winrm_user] = ".\\ec2"
         @ssl_config_data = <<-EOH
-net user /add ec2 ec2@123;
+net user /add ec2 ec2@123 ;
 net localgroup Administrators /add ec2;
 
 If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
@@ -1620,13 +1668,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
         EOH
 
       end
@@ -1680,7 +1754,35 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
@@ -1694,7 +1796,7 @@ netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Local
       end
 
       it 'returns false' do
-        expect(knife_ec2_create.ssl_config_data_already_exist?).to eq(true)
+        expect(knife_ec2_create.ssl_config_data_already_exist?).to eq(false)
       end
     end
 
@@ -1747,13 +1849,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
         EOH
         knife_ec2_create.config[:aws_user_data] = @user_user_data
@@ -1797,13 +1925,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
         EOH
         knife_ec2_create.config[:aws_user_data] = @user_user_data
@@ -1840,13 +1994,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
         EOH
         end
@@ -1865,13 +2045,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
         EOH
         knife_ec2_create.config[:aws_user_data] = @user_user_data
@@ -1952,13 +2158,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
 <script>
 
@@ -1996,13 +2228,39 @@ $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public
 If (-Not $vm_name) {
   $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
 }
-New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name
+
+$name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
+$name.Encode("CN=$vm_name", 0)
+$key = new-object -com "X509Enrollment.CX509PrivateKey.1"
+$key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
+$key.KeySpec = 1
+$key.Length = 2048
+$key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
+$key.MachineContext = 1
+$key.Create()
+$serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
+$serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
+$ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
+$ekuoids.add($serverauthoid)
+$ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
+$ekuext.InitializeEncode($ekuoids)
+$cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
+$cert.InitializeFromPrivateKey(2, $key, "")
+$cert.Subject = $name
+$cert.Issuer = $cert.Subject
+$cert.NotBefore = get-date
+$cert.NotAfter = $cert.NotBefore.AddYears(10)
+$cert.X509Extensions.Add($ekuext)
+$cert.Encode()
+$enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
+$enrollment.InitializeFromRequest($cert)
+$certdata = $enrollment.CreateRequest(0)
+$enrollment.InstallResponse(2, $certdata, 0, "")
+
 $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
 $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
 iex $create_listener_cmd
-
 netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
-
 </powershell>
         EOH
       end
@@ -2330,4 +2588,44 @@ netstat > c:\\netstat_data.txt
     end
   end
 
+  describe 'Handle password greater than 14 characters' do
+    before do
+      allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
+      knife_ec2_create.config[:winrm_user] = "domain\\ec2"
+      knife_ec2_create.config[:winrm_password] = "LongPassword@123"
+    end
+
+     context 'when user enters Y after prompt' do
+      before do
+        allow(STDIN).to receive_message_chain(:gets, :chomp => "Y")
+      end
+      it 'user addition command is executed forcefully' do
+        expect(knife_ec2_create.ui).to receive(:warn).with('The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):')
+        knife_ec2_create.validate!
+        expect(knife_ec2_create.instance_variable_get(:@allow_long_password)).to eq ("/yes")
+      end
+    end
+
+    context 'when user enters n after prompt' do
+      before do
+        allow(STDIN).to receive_message_chain(:gets, :chomp => "N")
+      end
+      it 'operation exits' do
+        expect(knife_ec2_create.ui).to receive(:warn).with('The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):')
+        expect{ knife_ec2_create.validate! }.to raise_error("Exiting as operation with password greater than 14 characters not accepted")
+      end
+    end
+
+    context 'when user enters xyz instead of (Y/N) after prompt' do
+      before do
+        allow(STDIN).to receive_message_chain(:gets, :chomp => "xyz")
+      end
+      it 'operation exits' do
+        expect(knife_ec2_create.ui).to receive(:warn).with('The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):')
+        expect{ knife_ec2_create.validate! }.to raise_error("The input provided is incorrect.")
+      end
+    end
+
+  end
+
 end