RubyGems - knife-windows - Versions diffs - 1.0.0.rc.1 → 1.0.0.rc.2 - Mend

knife-windows 1.0.0.rc.1 → 1.0.0.rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

checksums.yaml +4 -4
data/.gitignore +5 -5
data/.travis.yml +20 -20
data/CHANGELOG.md +75 -74
data/DOC_CHANGES.md +323 -323
data/Gemfile +12 -12
data/LICENSE +201 -201
data/README.md +393 -292
data/RELEASE_NOTES.md +79 -74
data/Rakefile +21 -16
data/appveyor.yml +42 -42
data/ci.gemfile +15 -15
data/features/knife_help.feature +20 -20
data/features/support/env.rb +5 -5
data/knife-windows.gemspec +28 -28
data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +247 -241
data/lib/chef/knife/bootstrap_windows_base.rb +388 -368
data/lib/chef/knife/bootstrap_windows_ssh.rb +110 -110
data/lib/chef/knife/bootstrap_windows_winrm.rb +102 -113
data/lib/chef/knife/core/windows_bootstrap_context.rb +361 -362
data/lib/chef/knife/knife_windows_base.rb +33 -0
data/lib/chef/knife/windows_cert_generate.rb +155 -155
data/lib/chef/knife/windows_cert_install.rb +68 -68
data/lib/chef/knife/windows_helper.rb +36 -36
data/lib/chef/knife/windows_listener_create.rb +107 -107
data/lib/chef/knife/winrm.rb +212 -191
data/lib/chef/knife/winrm_base.rb +118 -125
data/lib/chef/knife/winrm_knife_base.rb +218 -201
data/lib/chef/knife/winrm_session.rb +80 -71
data/lib/chef/knife/winrm_shared_options.rb +47 -47
data/lib/chef/knife/wsman_endpoint.rb +44 -44
data/lib/chef/knife/wsman_test.rb +96 -96
data/lib/knife-windows/path_helper.rb +234 -234
data/lib/knife-windows/version.rb +6 -6
data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -0
data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -0
data/spec/assets/win_template_unrendered.txt +246 -0
data/spec/functional/bootstrap_download_spec.rb +216 -140
data/spec/spec_helper.rb +87 -72
data/spec/unit/knife/bootstrap_options_spec.rb +146 -146
data/spec/unit/knife/bootstrap_template_spec.rb +92 -92
data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +240 -161
data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +151 -101
data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
data/spec/unit/knife/winrm_session_spec.rb +55 -46
data/spec/unit/knife/winrm_spec.rb +504 -376
data/spec/unit/knife/wsman_test_spec.rb +175 -175
metadata +28 -8

data/spec/unit/knife/windows_listener_create_spec.rb CHANGED Viewed

@@ -1,76 +1,76 @@
-#
-# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
-# Copyright:: Copyright (c) 2014 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-require 'chef/knife/windows_listener_create'
-describe Chef::Knife::WindowsListenerCreate do
-  context "on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-    it "creates winrm listener" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      @listener.run
-    end
-    it "raise an error on command failure" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:basic_auth] = true
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect($?).to receive(:exitstatus).and_return(100)
-      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
-      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-    it "creates winrm listener with cert install option" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:cert_install] = true
-      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
-      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
-      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
-      allow(@listener).to receive(:puts)
-      @listener.run
-    end
-  end
-  context "not on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(false)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-    it "exits with an error" do
-      expect(@listener.ui).to receive(:error)
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-  end
-end
+#
+# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
+# Copyright:: Copyright (c) 2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+require 'chef/knife/windows_listener_create'
+describe Chef::Knife::WindowsListenerCreate do
+  context "on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+    it "creates winrm listener" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      @listener.run
+    end
+    it "raise an error on command failure" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:basic_auth] = true
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect($?).to receive(:exitstatus).and_return(100)
+      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
+      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+    it "creates winrm listener with cert install option" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:cert_install] = true
+      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
+      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
+      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
+      allow(@listener).to receive(:puts)
+      @listener.run
+    end
+  end
+  context "not on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(false)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+    it "exits with an error" do
+      expect(@listener.ui).to receive(:error)
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+  end
+end

data/spec/unit/knife/winrm_session_spec.rb CHANGED Viewed

@@ -1,47 +1,56 @@
-#
-# Author:: Steven Murawski <smurawski@chef.io>
-# Copyright:: Copyright (c) 2015 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-Chef::Knife::Winrm.load_deps
-describe Chef::Knife::WinrmSession do
-  describe "#relay_command" do
-    before do
-      @service_mock = Object.new
-      @service_mock.define_singleton_method(:open_shell){}
-      @service_mock.define_singleton_method(:run_command){}
-      @service_mock.define_singleton_method(:cleanup_command){}
-      @service_mock.define_singleton_method(:get_command_output){|t,y| {}}
-      @service_mock.define_singleton_method(:close_shell){}
-      allow(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-      allow(WinRM::WinRMWebService).to receive(:new).and_return(@service_mock)
-      @session = Chef::Knife::WinrmSession.new({transport: :plaintext})
-    end
-    it "run command and display commands output" do
-      expect(@service_mock).to receive(:open_shell).ordered
-      expect(@service_mock).to receive(:run_command).ordered
-      expect(@service_mock).to receive(:get_command_output).ordered.and_return({})
-      expect(@service_mock).to receive(:cleanup_command).ordered
-      expect(@service_mock).to receive(:close_shell).ordered
-      @session.relay_command("cmd.exe echo 'hi'")
-    end
-  end
+#
+# Author:: Steven Murawski <smurawski@chef.io>
+# Copyright:: Copyright (c) 2015 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+Chef::Knife::Winrm.load_deps
+describe Chef::Knife::WinrmSession do
+  let(:winrm_service) { double('WinRMWebService') }
+  let(:options) { { transport: :plaintext } }
+  before do
+    allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+    allow(winrm_service).to receive(:set_timeout)
+  end
+  subject { Chef::Knife::WinrmSession.new(options) }
+  describe "#initialize" do
+    context "when using sspinegotiate transport" do
+      let(:options) { { transport: :sspinegotiate } }
+      it "uses winrm-s" do
+        expect(Chef::Knife::WinrmSession).to receive(:load_windows_specific_gems)
+        subject
+      end
+    end
+  end
+  describe "#relay_command" do
+    it "run command and display commands output" do
+      expect(winrm_service).to receive(:open_shell).ordered
+      expect(winrm_service).to receive(:run_command).ordered
+      expect(winrm_service).to receive(:get_command_output).ordered.and_return({})
+      expect(winrm_service).to receive(:cleanup_command).ordered
+      expect(winrm_service).to receive(:close_shell).ordered
+      subject.relay_command("cmd.exe echo 'hi'")
+    end
+  end
 end

data/spec/unit/knife/winrm_spec.rb CHANGED Viewed

@@ -1,376 +1,504 @@
-#
-# Author:: Bryan McLellan <btm@opscode.com>
-# Copyright:: Copyright (c) 2013 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-require 'spec_helper'
-Chef::Knife::Winrm.load_deps
-describe Chef::Knife::Winrm do
-  before(:all) do
-    @original_config = Chef::Config.hash_dup
-    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
-  end
-  after(:all) do
-    Chef::Config.configuration = @original_config
-    Chef::Config[:knife] = @original_knife_config if @original_knife_config
-  end
-  before do
-    @knife = Chef::Knife::Winrm.new
-    @knife.config[:attribute] = "fqdn"
-    @node_foo = Chef::Node.new
-    @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
-    @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
-    @node_bar = Chef::Node.new
-    @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
-    @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
-    @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
-  end
-  describe "#configure_session" do
-    before do
-      @query = double("Chef::Search::Query")
-    end
-    context "when there are some hosts found but they do not have an attribute to connect with" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        @node_foo.automatic_attrs[:fqdn] = nil
-        @node_bar.automatic_attrs[:fqdn] = nil
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-      it "raises a specific error (KNIFE-222)" do
-        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
-        expect(@knife).to receive(:exit).with(10)
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-    context "when there are nested attributes" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-      it "uses the nested attributes (KNIFE-276)" do
-        @knife.config[:attribute] = "ec2.public_hostname"
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-    describe Chef::Knife::Winrm do
-      context "when configuring the WinRM transport" do
-        before(:all) do
-          @winrm_session = Object.new
-          @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
-        end
-        after(:each) do
-          Chef::Config.configuration = @original_config
-          Chef::Config[:knife] = @original_knife_config if @original_knife_config
-        end
-        context "on windows workstations" do
-          let(:winrm_command_windows_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword',  'echo helloworld'])        }
-          it "defaults to negotiate when on a Windows host" do
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(winrm_command_windows_http).to receive(:load_windows_specific_gems)
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :sspinegotiate)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_windows_http.configure_chef
-            winrm_command_windows_http.configure_session
-          end
-        end
-        context "on non-windows workstations" do
-          before do
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-          end
-          let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
-          it "defaults to the http uri scheme" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          it "sets the operation timeout and verifes default" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            expect(@winrm_session).to receive(:set_timeout).with(1800)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          it "sets the user specified winrm port" do
-            Chef::Config[:knife] = {winrm_port: "5988"}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_http.configure_chef
-            winrm_command_http.configure_session
-          end
-          let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
-          it "sets operation timeout and verify 10 Minute timeout" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-            expect(@winrm_session).to receive(:set_timeout).with(600)
-            winrm_command_timeout.configure_chef
-            winrm_command_timeout.configure_session
-          end
-          let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
-          it "uses the https uri scheme if the ssl transport is specified" do
-            Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          it "uses the winrm port '5986' by default for ssl transport" do
-            Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          it "defaults to validating the server when the ssl transport is used" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_https.configure_chef
-            winrm_command_https.configure_session
-          end
-          let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
-          it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_verify_peer.configure_chef
-            winrm_command_verify_peer.configure_session
-          end
-          let(:winrm_command_no_verify) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
-          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            winrm_command_no_verify.configure_chef
-            winrm_command_no_verify.configure_session
-          end
-          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            expect(winrm_command_no_verify).to receive(:warn_no_ssl_peer_verification)
-            winrm_command_no_verify.configure_chef
-            winrm_command_no_verify.configure_session
-          end
-          let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
-          it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-            winrm_command_ca_trust.configure_chef
-            winrm_command_ca_trust.configure_session
-          end
-        end
-      end
-      context "when executing the run command which sets the process exit code" do
-        before(:each) do
-          Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-          @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
-        end
-        after(:each) do
-          Chef::Config.configuration = @original_config
-          Chef::Config[:knife] = @original_knife_config if @original_knife_config
-        end
-        it "returns with 0 if the command succeeds" do
-          allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-          return_code = @winrm.run
-          expect(return_code).to be_zero
-        end
-        it "exits with exact exit status if the command fails and returns config is set to 0" do
-          command_status = 510
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          @winrm.config[:returns] = "0"
-          Chef::Config[:knife][:returns] = [0]
-          allow(@winrm).to receive(:relay_winrm_command)
-          allow(@winrm.ui).to receive(:error)
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_code).and_return(command_status)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-        end
-        it "exits with non-zero status if the command fails and returns config is set to 0" do
-          command_status = 1
-          @winrm.config[:returns] = "0,53"
-          Chef::Config[:knife][:returns] = [0,53]
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          allow(@winrm.ui).to receive(:error)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_code).and_return(command_status)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-        end
-        it "exits with a zero status if the command returns an expected non-zero status" do
-          command_status = 53
-          Chef::Config[:knife][:returns] = [0,53]
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-          exit_code = @winrm.run
-          expect(exit_code).to be_zero
-        end
-        it "exits with a zero status if the command returns an expected non-zero status" do
-          command_status = 53
-          @winrm.config[:returns] = '0,53'
-          allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-          session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-          allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-          allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-          exit_code = @winrm.run
-          expect(exit_code).to be_zero
-        end
-        it "exits with 100 if command execution raises an exception other than 401" do
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
-          allow(@winrm.ui).to receive(:error)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-        end
-        it "exits with 100 if command execution raises a 401" do
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-          allow(@winrm.ui).to receive(:info)
-          allow(@winrm.ui).to receive(:error)
-          expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-        end
-        it "exits with 0 if command execution raises a 401 and suppress_auth_failure is set to true" do
-          @winrm.config[:suppress_auth_failure] = true
-          allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-          exit_code = @winrm.run_with_pretty_exceptions
-          expect(exit_code).to eq(401)
-        end
-        context "when winrm_authentication_protocol specified" do
-          before do
-            Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-            allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-          end
-          it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            allow(@winrm).to receive(:require).with('winrm-s').and_return(true)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification => false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:sspinegotiate, :disable_sspi=>false, :host=>"localhost"})
-            exit_code = @winrm.run
-          end
-          it "does not have winrm opts transport set to sspinegotiate for unix" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-            allow(@winrm).to receive(:exit)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification=>false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:plaintext, :disable_sspi=>true, :host=>"localhost"})
-            exit_code = @winrm.run
-          end
-          it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            allow(@winrm.ui).to receive(:warn)
-            expect(@winrm).to receive(:require).with('winrm-s').and_call_original
-            @winrm.run
-          end
-          it "raises an error if value is other than [basic, negotiate, kerberos]" do
-            @winrm.config[:winrm_authentication_protocol] = "invalid"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm.ui).to receive(:error)
-            expect { @winrm.run }.to raise_error(SystemExit)
-          end
-          it "skips the winrm monkey patch for 'basic' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "basic"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "skips the winrm monkey patch for 'kerberos' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "kerberos"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            @winrm.config[:winrm_transport] = "ssl"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "basic"
-            @winrm.config[:winrm_transport] = "ssl"
-            @winrm.config[:winrm_port] = "5986"
-            allow(Chef::Platform).to receive(:windows?).and_return(true)
-            expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5986", :no_ssl_peer_verification=>false, :basic_auth_only=>true, :operation_timeout=>1800, :transport=>:ssl, :disable_sspi=>true, :host=>"localhost"})
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            @winrm.run
-          end
-          it "prints a warning and exits on linux for unencrypted negotiate authentication" do
-            @winrm.config[:winrm_authentication_protocol] = "negotiate"
-            @winrm.config[:winrm_transport] = "plaintext"
-            allow(Chef::Platform).to receive(:windows?).and_return(false)
-            expect(@winrm).to_not receive(:require).with('winrm-s')
-            expect(@winrm.ui).to receive(:warn).twice
-            expect { @winrm.run }.to raise_error(SystemExit)
-          end
-        end
-      end
-    end
-  end
-end
+#
+# Author:: Bryan McLellan <btm@opscode.com>
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'spec_helper'
+Chef::Knife::Winrm.load_deps
+describe Chef::Knife::Winrm do
+  before(:all) do
+    @original_config = Chef::Config.hash_dup
+    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
+  end
+  after do
+    Chef::Config.configuration = @original_config
+    Chef::Config[:knife] = @original_knife_config if @original_knife_config
+  end
+  describe "#resolve_target_nodes" do
+    before do
+      @knife = Chef::Knife::Winrm.new
+      @knife.config[:attribute] = "fqdn"
+      @node_foo = Chef::Node.new
+      @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
+      @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
+      @node_bar = Chef::Node.new
+      @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
+      @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
+      @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
+      @query = double("Chef::Search::Query")
+    end
+    context "when there are some hosts found but they do not have an attribute to connect with" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        @node_foo.automatic_attrs[:fqdn] = nil
+        @node_bar.automatic_attrs[:fqdn] = nil
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+      it "raises a specific error (KNIFE-222)" do
+        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
+        expect(@knife).to receive(:exit).with(10)
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+    context "when there are nested attributes" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+      it "uses the nested attributes (KNIFE-276)" do
+        @knife.config[:attribute] = "ec2.public_hostname"
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+  end
+  describe "#configure_session" do
+    let(:winrm_user) { 'testuser' }
+    let(:transport) { 'plaintext' }
+    let(:protocol) { 'basic' }
+    let(:knife_args) do
+      [
+        '-m', 'localhost',
+        '-x', winrm_user,
+        '-P', 'testpassword',
+        '-t', transport,
+        '--winrm-authentication-protocol', protocol,
+        'echo helloworld'
+      ]
+    end
+    let(:winrm_session) { double('winrm_session') }
+    let(:winrm_service) { double('WinRMWebService') }
+    before do
+      allow(winrm_service).to receive(:set_timeout)
+    end
+    subject { Chef::Knife::Winrm.new(knife_args) }
+    context "when configuring the WinRM user name" do
+      context "when basic auth is used" do
+        let(:protocol) { 'basic' }
+        it "passes user name as given in options" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:user]).to eq(winrm_user)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+      context "when negotiate auth is used" do
+        let(:protocol) { 'negotiate' }
+        context "when user is prefixed with realm" do
+          let(:winrm_user) { "my_realm\\myself" }
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+        context "when user realm is included via email format" do
+          let(:winrm_user) { "myself@my_realm.com" }
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+        context "when a local user is given" do
+          it "prefixes user with the dot (local) realm" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(".\\#{winrm_user}")
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+      end
+    end
+    context "when configuring the WinRM transport" do
+      before(:all) do
+        @winrm_session = Object.new
+        @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
+      end
+      context "kerberos option is set" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser',
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          '--kerberos-realm', 'realm',
+          'echo helloworld'
+        ]) }
+        it "sets the transport to kerberos" do
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :kerberos, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+      context "kerberos option is set but nil" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser',
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          'echo helloworld'
+        ]) }
+        it "sets the transport to plaintext" do
+          winrm_command_http.config[:kerberos_realm] = nil
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :plaintext, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+      context "on windows workstations" do
+        let(:protocol) { 'negotiate' }
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(true)
+        end
+        it "defaults to negotiate when on a Windows host" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:transport]).to eq(:sspinegotiate)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+      context "on non-windows workstations" do
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(false)
+        end
+        let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
+        it "defaults to the http uri scheme" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        it "sets the operation timeout and verifes default" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(1800)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        it "sets the user specified winrm port" do
+          Chef::Config[:knife] = {winrm_port: "5988"}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+        let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
+        it "sets operation timeout and verify 10 Minute timeout" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(600)
+          winrm_command_timeout.configure_chef
+          winrm_command_timeout.configure_session
+        end
+        let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
+        it "uses the https uri scheme if the ssl transport is specified" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        it "uses the winrm port '5986' by default for ssl transport" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        it "defaults to validating the server when the ssl transport is used" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+        let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
+        it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_verify_peer.configure_chef
+          winrm_command_verify_peer.configure_session
+        end
+        context "when setting verify_none" do
+          let(:transport) { 'ssl' }
+          before { knife_args << '--winrm-ssl-verify-mode' << 'verify_none' }
+          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            subject.configure_chef
+            subject.configure_session
+          end
+          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            expect(subject).to receive(:warn_no_ssl_peer_verification)
+            subject.configure_chef
+            subject.configure_session
+          end
+          context "when transport is plaintext" do
+            let(:transport) { 'plaintext' }
+            it "does not print warning re ssl server validation" do
+              expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+              expect(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+              expect(subject).to_not receive(:warn_no_ssl_peer_verification)
+              subject.configure_chef
+              subject.configure_session
+            end
+          end
+        end
+        let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
+        it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_ca_trust.configure_chef
+          winrm_command_ca_trust.configure_session
+        end
+      end
+    end
+  end
+  describe "#run" do
+    before(:each) do
+      Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+      @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
+    end
+    it "returns with 0 if the command succeeds" do
+      allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      return_code = @winrm.run
+      expect(return_code).to be_zero
+    end
+    it "exits with exact exit status if the command fails and returns config is set to 0" do
+      command_status = 510
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      @winrm.config[:returns] = "0"
+      Chef::Config[:knife][:returns] = [0]
+      allow(@winrm).to receive(:relay_winrm_command)
+      allow(@winrm.ui).to receive(:error)
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+    it "exits with non-zero status if the command fails and returns config is set to 0" do
+      command_status = 1
+      @winrm.config[:returns] = "0,53"
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      allow(@winrm.ui).to receive(:error)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      @winrm.config[:returns] = '0,53'
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
+      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+    it "exits with 100 and no hint if command execution raises an exception other than 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
+      allow(@winrm.ui).to receive(:error)
+      expect(@winrm.ui).to_not receive(:info)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+    it "exits with 100 if command execution raises a 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:info)
+      allow(@winrm.ui).to receive(:error)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+    it "exits with 0 if command execution raises a 401 and suppress_auth_failure is set to true" do
+      @winrm.config[:suppress_auth_failure] = true
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      exit_code = @winrm.run_with_pretty_exceptions
+      expect(exit_code).to eq(401)
+    end
+    it "prints a hint on failure for negotiate authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "negotiate"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      allow(Chef::Knife::WinrmSession).to receive(:new)
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMAuthorizationError.new)
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_NOT_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+    it "prints a hint on failure for basic authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "basic"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+    context "when winrm_authentication_protocol specified" do
+      before do
+        Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+        allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      end
+      it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification => false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:sspinegotiate, :disable_sspi=>false, :host=>"localhost"})
+        exit_code = @winrm.run
+      end
+      it "does not have winrm opts transport set to sspinegotiate for unix" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        allow(@winrm).to receive(:exit)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification=>false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:plaintext, :disable_sspi=>true, :host=>"localhost"})
+        exit_code = @winrm.run
+      end
+      it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        allow(@winrm.ui).to receive(:warn)
+        @winrm.run
+      end
+      it "raises an error if value is other than [basic, negotiate, kerberos]" do
+        @winrm.config[:winrm_authentication_protocol] = "invalid"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm.ui).to receive(:error)
+        expect { @winrm.run }.to raise_error(SystemExit)
+      end
+      it "skips the winrm monkey patch for 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "skips the winrm monkey patch for 'kerberos' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "kerberos"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "ssl"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+      it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        @winrm.config[:winrm_transport] = "ssl"
+        @winrm.config[:winrm_port] = "5986"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5986", :no_ssl_peer_verification=>false, :basic_auth_only=>true, :operation_timeout=>1800, :transport=>:ssl, :disable_sspi=>true, :host=>"localhost"})
+        @winrm.run
+      end
+      it "prints a warning on linux for unencrypted negotiate authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "plaintext"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        expect(@winrm.ui).to receive(:warn).once
+        expect { @winrm.run }.to_not raise_error(SystemExit)
+      end
+    end
+  end
+end