RubyGems - knife-windows - Versions diffs - 1.0.0.rc.1 → 1.0.0.rc.2 - Mend

knife-windows 1.0.0.rc.1 → 1.0.0.rc.2

Files changed (50) hide show

checksums.yaml +4 -4
data/.gitignore +5 -5
data/.travis.yml +20 -20
data/CHANGELOG.md +75 -74
data/DOC_CHANGES.md +323 -323
data/Gemfile +12 -12
data/LICENSE +201 -201
data/README.md +393 -292
data/RELEASE_NOTES.md +79 -74
data/Rakefile +21 -16
data/appveyor.yml +42 -42
data/ci.gemfile +15 -15
data/features/knife_help.feature +20 -20
data/features/support/env.rb +5 -5
data/knife-windows.gemspec +28 -28
data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +247 -241
data/lib/chef/knife/bootstrap_windows_base.rb +388 -368
data/lib/chef/knife/bootstrap_windows_ssh.rb +110 -110
data/lib/chef/knife/bootstrap_windows_winrm.rb +102 -113
data/lib/chef/knife/core/windows_bootstrap_context.rb +361 -362
data/lib/chef/knife/knife_windows_base.rb +33 -0
data/lib/chef/knife/windows_cert_generate.rb +155 -155
data/lib/chef/knife/windows_cert_install.rb +68 -68
data/lib/chef/knife/windows_helper.rb +36 -36
data/lib/chef/knife/windows_listener_create.rb +107 -107
data/lib/chef/knife/winrm.rb +212 -191
data/lib/chef/knife/winrm_base.rb +118 -125
data/lib/chef/knife/winrm_knife_base.rb +218 -201
data/lib/chef/knife/winrm_session.rb +80 -71
data/lib/chef/knife/winrm_shared_options.rb +47 -47
data/lib/chef/knife/wsman_endpoint.rb +44 -44
data/lib/chef/knife/wsman_test.rb +96 -96
data/lib/knife-windows/path_helper.rb +234 -234
data/lib/knife-windows/version.rb +6 -6
data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -0
data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -0
data/spec/assets/win_template_unrendered.txt +246 -0
data/spec/functional/bootstrap_download_spec.rb +216 -140
data/spec/spec_helper.rb +87 -72
data/spec/unit/knife/bootstrap_options_spec.rb +146 -146
data/spec/unit/knife/bootstrap_template_spec.rb +92 -92
data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +240 -161
data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +151 -101
data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
data/spec/unit/knife/winrm_session_spec.rb +55 -46
data/spec/unit/knife/winrm_spec.rb +504 -376
data/spec/unit/knife/wsman_test_spec.rb +175 -175
metadata +28 -8

data/spec/unit/knife/windows_listener_create_spec.rb CHANGED Viewed

@@ -1,76 +1,76 @@
-#
-# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
-# Copyright:: Copyright (c) 2014 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-require 'chef/knife/windows_listener_create'
-describe Chef::Knife::WindowsListenerCreate do
-  context "on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-    it "creates winrm listener" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      @listener.run
-    end
-    it "raise an error on command failure" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:basic_auth] = true
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect($?).to receive(:exitstatus).and_return(100)
-      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
-      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-    it "creates winrm listener with cert install option" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:cert_install] = true
-      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
-      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
-      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
-      allow(@listener).to receive(:puts)
-      @listener.run
-    end
-  end
-  context "not on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(false)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-    it "exits with an error" do
-      expect(@listener.ui).to receive(:error)
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-  end
-end
+#
+# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
+# Copyright:: Copyright (c) 2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+require 'chef/knife/windows_listener_create'
+describe Chef::Knife::WindowsListenerCreate do
+  context "on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+    it "creates winrm listener" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      @listener.run
+    end
+    it "raise an error on command failure" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:basic_auth] = true
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect($?).to receive(:exitstatus).and_return(100)
+      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
+      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+    it "creates winrm listener with cert install option" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:cert_install] = true
+      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
+      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
+      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
+      allow(@listener).to receive(:puts)
+      @listener.run
+    end
+  end
+  context "not on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(false)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+    it "exits with an error" do
+      expect(@listener.ui).to receive(:error)
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+  end
+end

data/spec/unit/knife/winrm_session_spec.rb CHANGED Viewed

@@ -1,47 +1,56 @@
-#
-# Author:: Steven Murawski <smurawski@chef.io>
-# Copyright:: Copyright (c) 2015 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-Chef::Knife::Winrm.load_deps
-describe Chef::Knife::WinrmSession do
-  describe "#relay_command" do
-    before do
-      @service_mock = Object.new
-      @service_mock.define_singleton_method(:open_shell){}
-      @service_mock.define_singleton_method(:run_command){}
-      @service_mock.define_singleton_method(:cleanup_command){}
-      @service_mock.define_singleton_method(:get_command_output){|t,y| {}}
-      @service_mock.define_singleton_method(:close_shell){}
-      allow(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-      allow(WinRM::WinRMWebService).to receive(:new).and_return(@service_mock)
-      @session = Chef::Knife::WinrmSession.new({transport: :plaintext})
-    end
-    it "run command and display commands output" do
-      expect(@service_mock).to receive(:open_shell).ordered
-      expect(@service_mock).to receive(:run_command).ordered
-      expect(@service_mock).to receive(:get_command_output).ordered.and_return({})
-      expect(@service_mock).to receive(:cleanup_command).ordered
-      expect(@service_mock).to receive(:close_shell).ordered
-      @session.relay_command("cmd.exe echo 'hi'")
-    end
-  end
+#
+# Author:: Steven Murawski <smurawski@chef.io>
+# Copyright:: Copyright (c) 2015 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+Chef::Knife::Winrm.load_deps
+describe Chef::Knife::WinrmSession do
+  let(:winrm_service) { double('WinRMWebService') }
+  let(:options) { { transport: :plaintext } }
+  before do
+    allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+    allow(winrm_service).to receive(:set_timeout)
+  end
+  subject { Chef::Knife::WinrmSession.new(options) }
+  describe "#initialize" do
+    context "when using sspinegotiate transport" do
+      let(:options) { { transport: :sspinegotiate } }
+      it "uses winrm-s" do
+        expect(Chef::Knife::WinrmSession).to receive(:load_windows_specific_gems)
+        subject
+      end
+    end
+  end
+  describe "#relay_command" do
+    it "run command and display commands output" do
+      expect(winrm_service).to receive(:open_shell).ordered
+      expect(winrm_service).to receive(:run_command).ordered
+      expect(winrm_service).to receive(:get_command_output).ordered.and_return({})
+      expect(winrm_service).to receive(:cleanup_command).ordered
+      expect(winrm_service).to receive(:close_shell).ordered
+      subject.relay_command("cmd.exe echo 'hi'")
+    end
+  end
 end

data/spec/unit/knife/winrm_spec.rb CHANGED Viewed

@@ -1,376 +1,504 @@
-#
-# Author:: Bryan McLellan <btm@opscode.com>
-# Copyright:: Copyright (c) 2013 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-Chef::Knife::Winrm.load_deps
-describe Chef::Knife::Winrm do
-  before(:all) do
-    @original_config = Chef::Config.hash_dup
-    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
-  end
-  after(:all) do
-    Chef::Config.configuration = @original_config
-    Chef::Config[:knife] = @original_knife_config if @original_knife_config
-  end
-  before do
-    @knife = Chef::Knife::Winrm.new
-    @knife.config[:attribute] = "fqdn"
-    @node_foo = Chef::Node.new
-    @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
-    @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
-    @node_bar = Chef::Node.new
-    @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
-    @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
-    @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
-  end
-  describe "#configure_session" do
-    before do
-      @query = double("Chef::Search::Query")
-    end
-    context "when there are some hosts found but they do not have an attribute to connect with" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        @node_foo.automatic_attrs[:fqdn] = nil
-        @node_bar.automatic_attrs[:fqdn] = nil
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-      it "raises a specific error (KNIFE-222)" do
-        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
-        expect(@knife).to receive(:exit).with(10)
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-    context "when there are nested attributes" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-      it "uses the nested attributes (KNIFE-276)" do
-        @knife.config[:attribute] = "ec2.public_hostname"
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-    describe Chef::Knife::Winrm do
-      context "when configuring the WinRM transport" do
-        before(:all) do
-          @winrm_session = Object.new
-          @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
-        end
-        after(:each) do
-          Chef::Config.configuration = @original_config
-          Chef::Config[:knife] = @original_knife_config if @original_knife_config
-        end
-        context "on windows workstations" do
-          let(:winrm_command_windows_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword',  'echo helloworld'])        }
-          it "defaults to negotiate when on a Windows host" do
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(winrm_command_windows_http).to receive(:load_windows_specific_gems)
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :sspinegotiate)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_windows_http.configure_chef
-            winrm_command_windows_http.configure_session
-          end
-        end
-        context "on non-windows workstations" do
-          before do
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-          end
-          let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
-          it "defaults to the http uri scheme" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          it "sets the operation timeout and verifes default" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            expect(@winrm_session).to receive(:set_timeout).with(1800)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          it "sets the user specified winrm port" do
-            Chef::Config[:knife] = {winrm_port: "5988"}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
-          it "sets operation timeout and verify 10 Minute timeout" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            expect(@winrm_session).to receive(:set_timeout).with(600)
-            winrm_command_timeout.configure_chef
-            winrm_command_timeout.configure_session
-          end
-          let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
-          it "uses the https uri scheme if the ssl transport is specified" do
-            Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          it "uses the winrm port '5986' by default for ssl transport" do
-            Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          it "defaults to validating the server when the ssl transport is used" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
-          it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_verify_peer.configure_chef
-            winrm_command_verify_peer.configure_session
-          end
-          let(:winrm_command_no_verify) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
-          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            winrm_command_no_verify.configure_chef
-            winrm_command_no_verify.configure_session
-          end
-          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            expect(winrm_command_no_verify).to receive(:warn_no_ssl_peer_verification)
-            winrm_command_no_verify.configure_chef
-            winrm_command_no_verify.configure_session
-          end
-          let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
-          it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_ca_trust.configure_chef
-            winrm_command_ca_trust.configure_session
-          end
-        end
-      end
-      context "when executing the run command which sets the process exit code" do
-        before(:each) do
-          Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-          @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
-        end
-        after(:each) do
-          Chef::Config.configuration = @original_config
-          Chef::Config[:knife] = @original_knife_config if @original_knife_config
-        end
-        it "returns with 0 if the command succeeds" do
-          allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-          return_code = @winrm.run
-          expect(return_code).to be_zero
-        end
-        it "exits with exact exit status if the command fails and returns config is set to 0" do
-          command_status = 510
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          @winrm.config[:returns] = "0"
-          Chef::Config[:knife][:returns] = [0]
-          allow(@winrm).to receive(:relay_winrm_command)
-          allow(@winrm.ui).to receive(:error)
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_code).and_return(command_status)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-        end
-        it "exits with non-zero status if the command fails and returns config is set to 0" do
-          command_status = 1
-          @winrm.config[:returns] = "0,53"
-          Chef::Config[:knife][:returns] = [0,53]
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          allow(@winrm.ui).to receive(:error)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_code).and_return(command_status)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-        end
-        it "exits with a zero status if the command returns an expected non-zero status" do
-          command_status = 53
-          Chef::Config[:knife][:returns] = [0,53]
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-          exit_code = @winrm.run
-          expect(exit_code).to be_zero
-        end
-        it "exits with a zero status if the command returns an expected non-zero status" do
-          command_status = 53
-          @winrm.config[:returns] = '0,53'
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-          exit_code = @winrm.run
-          expect(exit_code).to be_zero
-        end
-        it "exits with 100 if command execution raises an exception other than 401" do
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
-          allow(@winrm.ui).to receive(:error)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-        end
-        it "exits with 100 if command execution raises a 401" do
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-          allow(@winrm.ui).to receive(:info)
-          allow(@winrm.ui).to receive(:error)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-        end
-        it "exits with 0 if command execution raises a 401 and suppress_auth_failure is set to true" do
-          @winrm.config[:suppress_auth_failure] = true
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-          exit_code = @winrm.run_with_pretty_exceptions
-          expect(exit_code).to eq(401)
-        end
-        context "when winrm_authentication_protocol specified" do
-          before do
-            Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-            allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-          end
-          it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            allow(@winrm).to receive(:require).with('winrm-s').and_return(true)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification => false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:sspinegotiate, :disable_sspi=>false, :host=>"localhost"})
-            exit_code = @winrm.run
-          end
-          it "does not have winrm opts transport set to sspinegotiate for unix" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-            allow(@winrm).to receive(:exit)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification=>false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:plaintext, :disable_sspi=>true, :host=>"localhost"})
-            exit_code = @winrm.run
-          end
-          it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            allow(@winrm.ui).to receive(:warn)
-            expect(@winrm).to receive(:require).with('winrm-s').and_call_original
-            @winrm.run
-          end
-          it "raises an error if value is other than [basic, negotiate, kerberos]" do
-            @winrm.config[:winrm_authentication_protocol] = "invalid"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm.ui).to receive(:error)
-            expect { @winrm.run }.to raise_error(SystemExit)
-          end
-          it "skips the winrm monkey patch for 'basic' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "basic"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "skips the winrm monkey patch for 'kerberos' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "kerberos"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            @winrm.config[:winrm_transport] = "ssl"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "basic"
-            @winrm.config[:winrm_transport] = "ssl"
-            @winrm.config[:winrm_port] = "5986"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5986", :no_ssl_peer_verification=>false, :basic_auth_only=>true, :operation_timeout=>1800, :transport=>:ssl, :disable_sspi=>true, :host=>"localhost"})
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "prints a warning and exits on linux for unencrypted negotiate authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            @winrm.config[:winrm_transport] = "plaintext"
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            expect(@winrm.ui).to receive(:warn).twice
-            expect { @winrm.run }.to raise_error(SystemExit)
-          end
-        end
-      end
-    end
-  end
-end
+#
+# Author:: Bryan McLellan <btm@opscode.com>
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+Chef::Knife::Winrm.load_deps
+describe Chef::Knife::Winrm do
+  before(:all) do
+    @original_config = Chef::Config.hash_dup
+    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
+  end
+  after do
+    Chef::Config.configuration = @original_config
+    Chef::Config[:knife] = @original_knife_config if @original_knife_config
+  end
+  describe "#resolve_target_nodes" do
+    before do
+      @knife = Chef::Knife::Winrm.new
+      @knife.config[:attribute] = "fqdn"
+      @node_foo = Chef::Node.new
+      @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
+      @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
+      @node_bar = Chef::Node.new
+      @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
+      @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
+      @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
+      @query = double("Chef::Search::Query")
+    end
+    context "when there are some hosts found but they do not have an attribute to connect with" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        @node_foo.automatic_attrs[:fqdn] = nil
+        @node_bar.automatic_attrs[:fqdn] = nil
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+      it "raises a specific error (KNIFE-222)" do
+        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
+        expect(@knife).to receive(:exit).with(10)
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+    context "when there are nested attributes" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+      it "uses the nested attributes (KNIFE-276)" do
+        @knife.config[:attribute] = "ec2.public_hostname"
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+  end
+  describe "#configure_session" do
+    let(:winrm_user) { 'testuser' }
+    let(:transport) { 'plaintext' }
+    let(:protocol) { 'basic' }
+    let(:knife_args) do
+      [
+        '-m', 'localhost',
+        '-x', winrm_user,
+        '-P', 'testpassword',
+        '-t', transport,
+        '--winrm-authentication-protocol', protocol,
+        'echo helloworld'
+      ]
+    end
+    let(:winrm_session) { double('winrm_session') }
+    let(:winrm_service) { double('WinRMWebService') }
+    before do
+      allow(winrm_service).to receive(:set_timeout)
+    end
+    subject { Chef::Knife::Winrm.new(knife_args) }
+    context "when configuring the WinRM user name" do
+      context "when basic auth is used" do
+        let(:protocol) { 'basic' }
+        it "passes user name as given in options" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:user]).to eq(winrm_user)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+      context "when negotiate auth is used" do
+        let(:protocol) { 'negotiate' }
+        context "when user is prefixed with realm" do
+          let(:winrm_user) { "my_realm\\myself" }
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+        context "when user realm is included via email format" do
+          let(:winrm_user) { "myself@my_realm.com" }
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+        context "when a local user is given" do
+          it "prefixes user with the dot (local) realm" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(".\\#{winrm_user}")
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+      end
+    end
+    context "when configuring the WinRM transport" do
+      before(:all) do
+        @winrm_session = Object.new
+        @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
+      end
+      context "kerberos option is set" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser',
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          '--kerberos-realm', 'realm',
+          'echo helloworld'
+        ]) }
+        it "sets the transport to kerberos" do
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :kerberos, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+      context "kerberos option is set but nil" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser',
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          'echo helloworld'
+        ]) }
+        it "sets the transport to plaintext" do
+          winrm_command_http.config[:kerberos_realm] = nil
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :plaintext, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+      context "on windows workstations" do
+        let(:protocol) { 'negotiate' }
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(true)
+        end
+        it "defaults to negotiate when on a Windows host" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:transport]).to eq(:sspinegotiate)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+      context "on non-windows workstations" do
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(false)
+        end
+        let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
+        it "defaults to the http uri scheme" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        it "sets the operation timeout and verifes default" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(1800)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        it "sets the user specified winrm port" do
+          Chef::Config[:knife] = {winrm_port: "5988"}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
+        it "sets operation timeout and verify 10 Minute timeout" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(600)
+          winrm_command_timeout.configure_chef
+          winrm_command_timeout.configure_session
+        end
+        let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
+        it "uses the https uri scheme if the ssl transport is specified" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        it "uses the winrm port '5986' by default for ssl transport" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        it "defaults to validating the server when the ssl transport is used" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
+        it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_verify_peer.configure_chef
+          winrm_command_verify_peer.configure_session
+        end
+        context "when setting verify_none" do
+          let(:transport) { 'ssl' }
+          before { knife_args << '--winrm-ssl-verify-mode' << 'verify_none' }
+          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            subject.configure_chef
+            subject.configure_session
+          end
+          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            expect(subject).to receive(:warn_no_ssl_peer_verification)
+            subject.configure_chef
+            subject.configure_session
+          end
+          context "when transport is plaintext" do
+            let(:transport) { 'plaintext' }
+            it "does not print warning re ssl server validation" do
+              expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+              expect(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+              expect(subject).to_not receive(:warn_no_ssl_peer_verification)
+              subject.configure_chef
+              subject.configure_session
+            end
+          end
+        end
+        let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
+        it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_ca_trust.configure_chef
+          winrm_command_ca_trust.configure_session
+        end
+      end
+    end
+  end
+  describe "#run" do
+    before(:each) do
+      Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+      @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
+    end
+    it "returns with 0 if the command succeeds" do
+      allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      return_code = @winrm.run
+      expect(return_code).to be_zero
+    end
+    it "exits with exact exit status if the command fails and returns config is set to 0" do
+      command_status = 510
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      @winrm.config[:returns] = "0"
+      Chef::Config[:knife][:returns] = [0]
+      allow(@winrm).to receive(:relay_winrm_command)
+      allow(@winrm.ui).to receive(:error)
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+    it "exits with non-zero status if the command fails and returns config is set to 0" do
+      command_status = 1
+      @winrm.config[:returns] = "0,53"
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      allow(@winrm.ui).to receive(:error)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      @winrm.config[:returns] = '0,53'
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+    it "exits with 100 and no hint if command execution raises an exception other than 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
+      allow(@winrm.ui).to receive(:error)
+      expect(@winrm.ui).to_not receive(:info)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+    it "exits with 100 if command execution raises a 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:info)
+      allow(@winrm.ui).to receive(:error)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+    it "exits with 0 if command execution raises a 401 and suppress_auth_failure is set to true" do
+      @winrm.config[:suppress_auth_failure] = true
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      exit_code = @winrm.run_with_pretty_exceptions
+      expect(exit_code).to eq(401)
+    end
+    it "prints a hint on failure for negotiate authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "negotiate"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      allow(Chef::Knife::WinrmSession).to receive(:new)
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMAuthorizationError.new)
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_NOT_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+    it "prints a hint on failure for basic authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "basic"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+    context "when winrm_authentication_protocol specified" do
+      before do
+        Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+        allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      end
+      it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification => false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:sspinegotiate, :disable_sspi=>false, :host=>"localhost"})
+        exit_code = @winrm.run
+      end
+      it "does not have winrm opts transport set to sspinegotiate for unix" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        allow(@winrm).to receive(:exit)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification=>false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:plaintext, :disable_sspi=>true, :host=>"localhost"})
+        exit_code = @winrm.run
+      end
+      it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        allow(@winrm.ui).to receive(:warn)
+        @winrm.run
+      end
+      it "raises an error if value is other than [basic, negotiate, kerberos]" do
+        @winrm.config[:winrm_authentication_protocol] = "invalid"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm.ui).to receive(:error)
+        expect { @winrm.run }.to raise_error(SystemExit)
+      end
+      it "skips the winrm monkey patch for 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "skips the winrm monkey patch for 'kerberos' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "kerberos"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "ssl"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        @winrm.config[:winrm_transport] = "ssl"
+        @winrm.config[:winrm_port] = "5986"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5986", :no_ssl_peer_verification=>false, :basic_auth_only=>true, :operation_timeout=>1800, :transport=>:ssl, :disable_sspi=>true, :host=>"localhost"})
+        @winrm.run
+      end
+      it "prints a warning on linux for unencrypted negotiate authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "plaintext"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        expect(@winrm.ui).to receive(:warn).once
+        expect { @winrm.run }.to_not raise_error(SystemExit)
+      end
+    end
+  end
+end