knife-windows 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b8379925d2d838d0a7aa4eb8272d76b552b79959
-  data.tar.gz: 5a49c146219b795d55dffeda41fa81b79942bcb6
+  metadata.gz: 81d9379be8e11c9b0cb2bf4fa2d47271a6f135b1
+  data.tar.gz: aa5ea98e4e3b3c76df720bffeff00a520e0256a0
 SHA512:
-  metadata.gz: 78319d369c8c9cdb1c5f87e3010d6468ff17c898b71e1c2a6d75930ce539fce5f44541293113f26a34b0cf8dd960372f5cbe22db1157aefc191e0ba012c3ef73
-  data.tar.gz: aeda179f22c1036fc9f90a8e9cfdbdfebeb72e466b9c5713de574bdc0b48394b8c92306e875b16026d1d689b45a8b16cac91910ff34f7be7534fbcba91106c9a
+  metadata.gz: 781cf47a85296df881f58a66190f01b8bdf8076914d162f116a01d93a194fc27b1e7c9967580773a4d5bd7c59c30af667fc7199489bd883afe014f2a777b2f83
+  data.tar.gz: 4144ac2c72d6a64ad36afed9fffdca77eb8ef2dc04e39a3a4a6caa7796874ac91660c9972b89fd829c70a9055dd3833e0cad2e0928e91844362d5c5d02d88145

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # knife-windows Change Log
 
+## Release 1.1.0
+* [https://github.com/chef/knife-windows/pull/302](Address regression caused by chef client 12.5 environment argument)
+* [https://github.com/chef/knife-windows/issues/295](Bootstrap missing policy_group, policy_name feature from Chef Client 12.5)
+* [https://github.com/chef/knife-windows/issues/296](Installing knife-windows produces warning for _all_ knife commands in Mac OS X with ChefDK 0.8.0)
+* [https://github.com/chef/knife-windows/pull/297](use configured proxy settings for all winrm sessions)
+
 ## Release 1.0.0
 
 * [knife-windows #281](https://github.com/chef/knife-windows/pull/281) Prevent unencrypted negotiate auth, automatically prefix local usernames with '.' for negotiate

data/DOC_CHANGES.md

@@ -5,335 +5,16 @@ Example Doc Change:
 ### Headline for the required change
 Description of the required change.
 -->
-# knife-windows 1.0.0 doc changes
+# knife-windows 1.1.0 doc changes
 
-### New bootstrap download and installation options
-The following commands enable alternate ways to download and install
-Chef Client during bootstrap:
+### Support for `http_proxy` setting for `winrm` and `bootstrap windows winrm` subcommands
 
-* `--msi-url URL`: Optional. Used to override the location from which Chef
-  Client is downloaded. If not specified, Chef Client is downloaded
-  from the Internet -- this option allows downloading from a private network
-  location for instance.
-* `--install-as-service`: Optional. Install chef-client as a Windows service
-* `--bootstrap-install-command`: Optional. Instead of downloading Chef
-  Client and installing it using a default installation command,
-  bootstrap will invoke this command. If an image already has
-  Chef Client installed, this command can be specified as empty
-  (`''`), in which case no installation will be done and the rest of
-  bootstrap will proceed as if it's already installed.
+Both the `knife winrm` and `knife bootstrap windows winrm` subcommands
+will honor the `http_proxy` configuration in the `knife.rb`
+configuration file.
 
-### WinRM default port default change
-The `winrm_port` option specifies the TCP port on the remote system to which
-to connect for WinRM communication for `knife-windows` commands that use
-WinRM. The default value of this option is **5986** if the WinRM transport
-(configured by the `winrm_transport` option) is SSL, otherwise it is **5985**.
-These defaults correspond to the port assignment conventions for the WinRM
-protocol, which is also honored by WinRM tools built-in to Windows such as the
-`winrs` tool.
+When this setting is configured, the `WinRM` traffic between the
+workstation executing `knife` and the remote node will flow through
+the proxy server configured with `http_proxy`. See the specific
+documentation for `http_proxy` for additional details.
 
-In previous releases, the default port was always 5985, regardless of the
-transport being used. To override the default, specify the `winrm_port`
-(`-p`) option and specify the desired port as the option's value.
-
-### WinRM authentication protocol defaults to `negotiate` regardless of name formats
-Unless explicitly overridden using the new `winrm_authentication_protocol`
-option, `knife-windows` subcommands that use WinRM will authenticate using the
-negotiate protocol, just as the tools built-in to the Windows operating
-system would do.
-
-Previously, `knife-windows` would use basic authentication, unless the
-username specified to the `winrm_user` option had the format `domain\user`,
-and in that case `knife-windows` would use negotiate authentication.
-
-To override the new behavior, specify the `winrm_authentication_protocol`
-option with a value of either the `basic` or `kerberos` to choose a different
-authentication protocol.
-
-### New `:winrm_authentication_protocol` option
-
-This option allows the authentication protocol used for WinRM communication to
-be explicitly specified. The supported protocol values are `kerberos`, `negotiate`,
-and `basic`, each of which directs `knife-windows` to use the respective authentication protocols.
-
-If the option is not specified, `knife-windows` treats this as a default value
-of `negotiate` and the tool uses negotiate authentication for WinRM.
-
-### New `:winrm_ssl_verify_mode` option
-When running the `winrm` and `bootstrap windows` subcommands with the
-`winrm_transport` option set to `ssl` to communicate with a remote Windows system using
-the WinRM protocol via the SSL transport, you may disable `knife`'s verification of
-the remote system's SSL certificate. This is useful for testing or
-troubleshooting SSL connectivity before you've verified the certificate of the remote system's SSL WinRM listener.
-
-The option that controls whether the server is validated is the
-`knife[:winrm_verify_ssl_mode]` option, which has the same values as Chef's
-[`:ssl_verify_mode`](https://docs.getchef.com/config_rb_client.html#settings) option. By default, the option is set to `:verify_peer`,
-which means that SSL communication must be verified using a certificate file
-specified by the `:ca_trust_file` option. To avoid the need to have this file available
-during testing, you can specify the `knife[:winrm_ssl_verify_mode]` option in
-`knife.rb` OR specify it directly on the `knife` command line as
-`--winrm-ssl-verify-mode` and set its value to `:verify_none`, which will
-override the default behavior and skip the verification of the remote system
--- there is no need to specify the `:ca_trust_file` option in this case.
-
-Here's an example that disables peer verification:
-
-    knife winrm -m 192.168.0.6 -x 'mydomain\myuser' -P "$PASSWORDVAR" -t ssl --winrm-ssl-verify-mode verify_none ipconfig
-
-This option should be used carefully since disabling the verification of the
-remote system's certificate can subject knife commands to spoofing attacks.
-
-### New subcommands to automate WinRM SSL listener configuration
-The WinRM protocol may be encapsulated by SSL, but the configuration of such
-connections can be difficult, particularly when the WinRM client is a
-non-Windows system. Three new knife subcommands have been implemented in
-knife-windows 1.0.0.rc.0 to simplify and automate this configuration:
-
-* `knife windows cert generate` subcommand:
-  Generates certificates in formats useful for creating WinRM SSL listeners.
-  It also generates a related public key file in .pem format to validating
-  communication involving listeners configured with the generated certificate.
-* `knife windows cert install` subcommand:
-  Installs a certificate such as one generated by the `cert generate`
-  subcommand into the Windows certificate store so that it can be used as the
-  SSL certificate for a WinRM listener. This command will only function on the
-  Windows operating system. Certificates are always installed in the
-  computer's personal store, i.e. the store that can be viewed via the
-  PowerShell command `ls Cert:\LocalMachine\My`.
-* `knife windows listener create` subcommand:
-  Creates a WinRM listener on a Windows system. This command functions only on
-  the Windows operating system.
-
-#### Example WinRM listener configuration workflows
-
-The subcommands are used in the following scenarios
-
-##### Creation of a new listener with a new SSL certificate
-
-This workflow assumes that WinRM is enabled on the system, which can be
-accomplished with the command
-
-    winrm quickconfig
-
-If you're creating a listener and don't already have an SSL certificate with
-which to configure it, you can quickly create an enabled listener with a short
-sequence of commands. The example below assumes that the `knife-windows`
-plugin is being executed on a Windows system via the PowerShell command shell,
-and that the system is registered with the relevant DNS with the name
-`mysystem.myorg.org` and that this is the name with which the user would like
-to remotely access this system.
-
-This sequence of commands creates a listener -- it assumes the existence of the directory `winrmcerts`
-under the user's profile directory:
-
-    knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl
-    knife windows listener create --hostname *.myorg.org --cert-install $env:userprofile/winrmcerts/winrm-ssl.pfx
-
-The first command, `cert generate`, may be executed on any computer (even one not running the
-Windows operating system) and produces three files. The first two are certificates containing
-private keys that should be stored securely. The 3rd is a `.pem` file
-containing the public key required to validate the server. This file may be
-shared. The command also outputs the thumbprint of the generated certificate,
-which is useful for finding the certificate in a certificate store or using
-with other commands that require the thumbprint.
-
-The next command, `listener create`,  creates the SSL listener -- if it is executed on a different
-system than that which generated the certificates, the required certificate
-file **must** be transferred securely to the system on which the listener will
-be created. It requires a PKCS12 `.pfx` file for the `--cert-install` argument
-which is one of the files generated by the previous `cert generate` command.
-
-After these commands are executed, an SSL listener will be created listening
-on TCP port 5986, the default WinRM SSL port. Using PowerShell, the following
-command will show this and other listeners on the system:
-
-    ls wsman:\localhost\listener
-
-As an alternative to the command sequence above, the `cert install` command could be used to install the
-certificate in a separate step, i which case the `--cert-install` option must
-be replaced with the `--cert-thumbprint` option to use the generated
-certificate's thumbprint to identify the certificate with which the listener
-should be configured:
-
-    knife windows cert generate --domain myorg.org --output-file $env:userprofile/winrmcerts/winrm-ssl 
-    knife windows cert install $env:userprofile/winrmcerts/winrm-ssl
-    knife windows listener create --hostname *.myorg.org --cert-thumbprint 1F3A70E2601FA1576BC4850ED2D7EF6587076423
-
-The system would then be in the same state as that after the original shorter
-command sequence.
-
-Note that the `cert install` command could be skipped if the certificate
-already exists in the personal certificate store of the computer. To view that store and
-see the thumbprints of certificates that could be used with the `listener
-create` command to create an SSL listener, the following PowerShell command
-may be executed:
-
-    ls Cert:\LocalMachine\My
-
-##### Connecting to a configured SSL listeners
-
-In order to connect securely to the configured SSL listener via the `knife
-winrm` or `knife bootstrap windows winrm` subcommands, the workstation running
-`knife` must have a `.pem` file that contains the listener's public key, such
-as the one generated by `knife windows cert generate`. If the file was
-generated from a different system than the one initiating the connection with
-the listener, it must be transferred securely to the initiating system.
-
-For example, assume the file `./winrmcerts/myserver.pem` was securely
-copied from another system on which the `cert generate` command originally
-produced the file. Now it can be used against a system with the appropriately
-configured listener as follows:
-
-    knife winrm -f ./winrmcerts/myserver.pem -m myserver.myorg.com -t ssl ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
-
-This will send the output of the Windows command `ipconfig` on the remote
-system. The argument to the `-f` option is the public key for the listener so
-that the listener's authenticity can be validated. The specified key
-can simply be a copy of the `.pem` file generated by the `cert generate` subcommand if
-that was used to create the certificates for the listener. The user
-`my_ad_domain\myuser` in the example is a user in the Windows Active Directory
-domain `my_ad_domain`.
-
-Alternatively, the [`knife ssl fetch`](https://docs.chef.io/knife_ssl_fetch.html) command can be used to retrieve the
-public key for the listener by simply reading it from the listener, though this command *must* be executed under
-conditions where the connection to the server is considered secure:
-
-     knife ssl fetch https://myserver.myorg.org:5986/wsman
-     knife winrm -f ./.chef/trusted_certs/wildcard_myorg_org.crt -m myserver.myorg.com -t ssl ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
-
-In the `fetch` subcommand, the URL specified for testing WinRM connectivity to
-a given server SERVER on port PORT takes the form `https://SERVER:PORT/wsman`,
-hence the url specified above to retrieve the key for `myserver.myorg.org`.
-The command also outputs the location to which the key was retrieved, which
-can then be used as input to a subsequent `knife winrm` command.
-
-For that `knife winrm` command in the example, the argument to the `-f` option is again the public key -- this time its value
-of `./.chef/trusted_certs/wildcard_myorg_org.crt` is the file system location to which
-`knife ssl fetch` retrieved the public key.
-
-#### Testing WinRM SSL configuration
-
-The techniques below are useful for validating a WinRM listener's configuration -- all
-examples below assume there is a WinRM SSL listener configured on a remote Windows
-system `winserver.myoffice.com` on the default WinRM port of 5986 and this is
-the server being tested.
-
-##### PowerShell's `test-wsman` cmdlet
-If you have access to a workstation running
-the Windows 8 or Windows Server 2012 or later versions of the Windows
-operating systems, you can use the `test-wsman` command to validate the
-configuration of a listener on a remote system `winserver.myoffice.com`:
-
-1. On the Windows workstation client (not the system with the listener),
-    install the .pfx public key certificate for the listener using
-    certmgr.msc. This should be installed in the personal store under *"Trusted
-    Root Certification Authorities"*.
-2. Start PowerShell, and use it to run this command:
-    `test-wsman -ComputerName winserver.myoffice.com -UseSSL`
-
-If the command executes without error, the ssl configuration is correct.
-
-##### End to end SSL testing with `knife winrm`
-
-To validate that SSL is enabled for the listener without validating the
-server's certificate, the `--winrm-ssl-verify-mode` option of the `winrm`
-subcommand can be used:
-
-     knife winrm -m winserver.myoffice.com -t ssl --winrm-ssl-verify-mode verify_none ipconfig -x 'my_ad_domain\myuser' -P "$PASSWORDVAR"
-
-If this succeeds, then any failures to execute the command when correctly
-validating the server, i.e. when specifying the `-f` parameter, are due to
-certificate configuration issues, not other connectivity or authentication
-problems.
-
-##### The winrs tool
-
-The `winrs` tool is built into Windows, so if a Windows system is available,
-`winrs` may be used to troubleshoot. It takes parameters analogous to those of
-`knife winrm` and differences in success and failure between the two tools may
-indicate areas to investigate.
-
-Visit Microsoft's documentation for [`winrs`](https://technet.microsoft.com/en-us/library/hh875630.aspx) to learn more about the tool.
-
-### Troubleshooting WinRM authentication issues
-
-Authentication issues can be debugged by loosening the authentication
-requirements on the server and explicitly using
-`--winrm-authentication-protocol` option for `knife winrm` to attempt to
-connect. As an example, the following PowerShell commands on the server will allow basic authentication
-and unencrypted communication:
-
-    si wsman:\localhost\service\allowunencrypted $true
-    # Don't set the following if attempting domain authentication
-    si wsman:\localhost\service\auth\basic $true
-
-From the client, `knife winrm` can be instructed to explicitly allow basic
-authentication when validating authentication using a non-domain (i.e. local)
-account:
-
-    # For testing a local account
-    knife winrm -m winserver.myoffice.com --winrm-authentication-protocol basic ipconfig -x 'localuser' -P "$PASSWORDVAR" -VV
-
-    # For testing a domain account
-    knife winrm -m winserver.myoffice.com --winrm-authentication-protocol negotiate ipconfig -x 'localuser' -P "$PASSWORDVAR" -VV
-
-If the listener is an SSL listener, the additional arguments `-t ssl
---winrm-ssl-verify-mode verify_none` should be supplied to enable SSL
-communication and disable peer verification for testing. The specification of
-`-VV` enables additional detailed debug output that can provide clues to the
-root cause of any failures.
-
-If the command fails, there is either a connectivity issue or a problem with
-an incorrect or expired password or disabled account.
-
-If the command succeeds, try the following
-
-    si wsman:\localhost\service\allowunencrypted $false
-
-Then retry the earlier `knife winrm` command. If it fails, this may indicate
-an issue with your operating system's ability to encrypt traffic, particularly
-when using the `plaintext` transport, i.e. when not using the `SSL` transport.
-In that case, the Windows platform supports encryption of plaintext traffic
-through native Windows authentication protocols, but such support is often incomplete on other platforms.
-
-If the command succeeds, then there may be a more subtle issue with negotiate
-authentication. It may be necessary to explicitly specify a domain in the user
-name parameter (e.g. `mydomain\myuser` rather than just `user`) for instance,
-or a specified domain may actually be incorrect and something that should be omitted.
-
-### Platform WinRM authentication support
-
-`knife-windows` supports `Kerberos`, `Negotiate`, and `Basic` authentication
-for WinRM communication. However, some of these protocols
-may not work with `knife-windows` on non-Windows systems because
-`knife-windows` relies on operating system libraries such as GSSAPI to implement
-Windows authentication, and some versions of these libraries do not
-fully implement the protocols.
-
-The following table shows the authentication protocols that can be used with
-`knife-windows` depending on whether the knife workstation is a Windows
-system, the transport, and whether or not the target user is a domain user or
-local to the target Windows system.
-
-| Workstation OS / Account Scope | SSL                          | Plaintext                  |
-|--------------------------------|------------------------------|----------------------------|
-| Windows / Local                | Kerberos, Negotiate* , Basic | Kerberos, Negotiate, Basic |
-| Windows / Domain               | Kerberos, Negotiate          | Kerberos, Negotiate        |
-| Non-Windows / Local            | Kerberos, [Negotiate*](https://github.com/chef/knife-windows/issues/176) Basic | Kerberos, Basic |
-| Non-Windows / Domain           | Kerberos, Negotiate          | Kerberos                   |
-
-> \* There is a known defect in the `knife winrm` and `knife bootstrap windows
-> winrm` subcommands invoked on any OS  platform when authenticating with the Negotiate protocol over
-> the SSL transport. The defect is tracked by
-> [knife-windows issue #176](https://github.com/chef/knife-windows/issues/176): If the remote system is
-> domain-joined, local accounts may not be used to authenticate via Negotiate
-> over SSL -- only domain accounts will work. Local accounts will only
-> successfully authenticate if the system is not joined to a domain.
->
-> This is generally not an issue for bootstrap scenarios, where the
-> system has yet to be joined to any domain, but can be a problem for remote
-> management cases after the system is domain joined. Workarounds include using
-> a domain account instead, or enabling Basic authentication on the remote
-> system (unencrypted communication **does not** need to be enabled to make
-> Basic authentication function over SSL).

data/RELEASE_NOTES.md

@@ -6,74 +6,26 @@ Example Note:
 ## Example Heading
 Details about the thing that changed that needs to get included in the Release Notes in markdown.
 -->
-# knife-windows 1.0.0 release notes:
-This release of knife-windows includes new features to improve authentication,
-simplify use of the WinRM SSL transport, install and download Chef
-Client during bootstrap, and addresses compatibility issues with Chef Client 12.0.
+# knife-windows 1.1.0 release notes:
+This release of knife-windows includes an important fix for an
+incompatibility issue with Chef Client 12.5 during bootstrap. If you
+are running knife-windows 1.0.0, please upgrade to this version. See
+the following issue for details: https://github.com/chef/knife-windows/pull/302
 
-You can install the new features using the `gem` command:
+You can install this version using the `gem` command:
 
     gem install knife-windows
 
-Due to dependency conflicts, to use knife-windows 1.0.0+ with ChefDK
-0.6.2, you must also upgrade chef-provisioning to 1.2.0+ and update
-the line referencing chef-provisioning in
-`c:\opscode\chefdk\bin\chef`. To avoid this, use ChefDk 0.7.0 or later
-with this version of `knife-windows`.
-
-    chef gem install knife-windows
-    chef gem install chef-provisioning
-
 ## Reporting issues and contributing
-
 `knife-windows` issues like those addressed in this release should be reported in the ticketing system at https://github.com/chef/knife-windows/issues. You can learn more about how to contribute features and bug fixes to `knife-windows` in the [Chef Contributions document](http://docs.chef.io/community_contributions.html).
 
-## Breaking changes
-
-### Negotiate as the default authentication protocol
-With this release, the default authentication protocol for WinRM
-communication is negotiate, which is the same as that for tools built-in to
-the Windows operating system. Prior to this release, the protocol depended
-on the format of the `--winrm-user` option -- the basic authentication
-protocol would be assumed unless that option had the format `domain\user`.
-
-To revert to the behavior of previous releases or otherwise force `knife-windows` to use a specific authentication protocol such as
-basic, use the `--winrm-authentication-protocol` option.
-
-### Default WinRM port depends on the transport
-The default port for WinRM communication is now **5986** when the SSL transport is used (the transport is
-configured by the `winrm_transport` option), otherwise it is **5985**. In
-previous releases, if the port was not specified, it was always 5985.
-
-To override this behavior, explicitly specify the desired port using the
-`winrm_port` (`-p`) option.
-
-### Kerberos Keytab short option is now -T
-The short option flag for --keytab-file is now -T to fix a conflict with the --identity-file option.
-
-## Features added in knife-windows 1.0.0
-* New `--winrm-authentication-protocol` option for explicit control of WinRM authentication
-* `knife windows cert generate` subcommand:
-  Generates a certificate and related public key file for use in configuring a WinRM listener and validating communication involving it.
-* `knife windows cert install` subcommand:
-  Installs a certificate such as one generated by the `cert generate`
-  subcommand into the Windows certificate store's LocalMachine personal store
-  so that it can be used as part of the configuration for a WinRM SSL listener
-* `knife windows listener create` subcommand:
-  Creates a WinRM SSL listener on a Windows system
-* Added `--hint` option for creating Ohai hints on bootstrap
-* Validatorless bootstrapping is now supported
-* New `--bootstrap-install-command` option allows an alternate command
-  to be used to install Chef Client
-* New `--install-as-service` option will have Chef Client be installed
-  as a Windows service on bootstrap
-* Added `--msi_url` option for providing an alternate URL to the Chef Client installation package
-* `knife wsman test` subcommand:
-  Verifies winrm functionality on a remote system, e.g. `knife wsman
-  test 192.168.1.10 -m --winrm-transport ssl`
+## New features -- proxy support for WinRM
+The `winrm` and `bootstrap windows winrm` subcommands now honor the
+proxy server configured via the `http_proxy` setting in `knife.rb` for
+WinRM traffic.
 
-## Issues fixed in knife-windows 1.0.0
-See the [knife-windows 1.0.0 CHANGELOG](https://github.com/chef/knife-windows/blob/1.0.0/CHANGELOG.md)
+## Issues fixed in knife-windows 1.1.0
+See the [knife-windows 1.1.0 CHANGELOG](https://github.com/chef/knife-windows/blob/1.1.0/CHANGELOG.md)
 for the list of issues fixed in this release.
 
 ## knife-windows on RubyGems and Github

data/lib/chef/knife/bootstrap_windows_base.rb

@@ -179,6 +179,16 @@ class Chef
               Chef::Config[:knife][:bootstrap_vault_item]
             }
 
+          option :policy_name,
+            :long         => "--policy-name POLICY_NAME",
+            :description  => "Policyfile name to use (--policy-group must also be given)",
+            :default      => nil
+
+          option :policy_group,
+            :long         => "--policy-group POLICY_GROUP",
+            :description  => "Policy group name to use (--policy-name must also be given)",
+            :default      => nil
+
           option :tags,
             :long => "--tags TAGS",
             :description => "Comma separated list of tags to apply to the node",
@@ -264,6 +274,9 @@ class Chef
 
         validate_name_args!
 
+        # adding respond_to? so this works with pre 12.4 chef clients
+        validate_options! if respond_to?(:validate_options!)
+
         @node_name = Array(@name_args).first
         # back compat--templates may use this setting:
         config[:server_name] = @node_name

data/lib/chef/knife/bootstrap_windows_winrm.rb

@@ -47,7 +47,7 @@ class Chef
           end
         end
 
-        validate_options!
+        validate_winrm_options!
         resolve_session_options
         @session_opts[:host] = server_name
         @session = Chef::Knife::WinrmSession.new(@session_opts)

data/lib/chef/knife/core/windows_bootstrap_context.rb

@@ -140,8 +140,9 @@ CONFIG
         end
 
         def start_chef
+          bootstrap_environment_option = bootstrap_environment.nil? ? '' : " -E #{bootstrap_environment}"
           start_chef = "SET \"PATH=%PATH%;C:\\ruby\\bin;C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin\"\n"
-          start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E #{bootstrap_environment}\n"
+          start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json#{bootstrap_environment_option}\n"
         end
 
         def latest_current_windows_chef_version_query

data/lib/chef/knife/winrm_knife_base.rb

@@ -34,7 +34,7 @@ class Chef
           include Chef::Knife::WinrmSharedOptions
           include Chef::Knife::KnifeWindowsBase
 
-          def validate_options!
+          def validate_winrm_options!
             winrm_auth_protocol = locate_config_value(:winrm_authentication_protocol)
 
             if ! Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.include?(winrm_auth_protocol)
@@ -60,7 +60,7 @@ class Chef
           #Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
           #Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
           def configure_session
-            validate_options!
+            validate_winrm_options!
             resolve_session_options
             resolve_target_nodes
             session_from_list

data/lib/chef/knife/winrm_session.rb

@@ -16,6 +16,7 @@
 # limitations under the License.
 #
 
+require 'chef/application'
 require 'winrm'
 
 class Chef
@@ -24,6 +25,7 @@ class Chef
       attr_reader :host, :endpoint, :port, :output, :error, :exit_code
 
       def initialize(options)
+        Chef::Application.new.configure_proxy_environment_variables
         @host = options[:host]
         @port = options[:port]
         url = "#{options[:host]}:#{options[:port]}/wsman"

data/lib/chef/knife/wsman_test.rb

@@ -17,11 +17,9 @@
 #
 
 require 'httpclient'
-require 'nokogiri'
 require 'chef/knife'
 require 'chef/knife/winrm_knife_base'
 require 'chef/knife/wsman_endpoint'
-require 'pry'
 
 class Chef
   class Knife
@@ -66,6 +64,7 @@ class Chef
           if response.nil? || output_object.response_status_code != 200
             error_message = "No valid WSMan endoint listening at #{item.endpoint}."
           else
+            require 'nokogiri'
             doc = Nokogiri::XML response.body
             namespace = 'http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd'
             output_object.protocol_version = doc.xpath('//wsmid:ProtocolVersion', 'wsmid' => namespace).text

data/lib/knife-windows/version.rb

@@ -1,6 +1,6 @@
 module Knife
   module Windows
-    VERSION = "1.0.0"
+    VERSION = "1.1.0"
     MAJOR, MINOR, TINY = VERSION.split('.')
   end
 end

data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt

@@ -0,0 +1,217 @@
+@rem 
+@rem Author:: Seth Chisamore (<schisamo@opscode.com>) 
+@rem Copyright:: Copyright (c) 2011 Opscode, Inc. 
+@rem License:: Apache License, Version 2.0 
+@rem 
+@rem Licensed under the Apache License, Version 2.0 (the "License"); 
+@rem you may not use this file except in compliance with the License. 
+@rem You may obtain a copy of the License at 
+@rem 
+@rem     http://www.apache.org/licenses/LICENSE-2.0 
+@rem 
+@rem Unless required by applicable law or agreed to in writing, software 
+@rem distributed under the License is distributed on an "AS IS" BASIS, 
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+@rem See the License for the specific language governing permissions and 
+@rem limitations under the License. 
+@rem 
+
+@rem Use delayed environment expansion so that ERRORLEVEL can be evaluated with the 
+@rem !ERRORLEVEL! syntax which evaluates at execution of the line of script, not when 
+@rem the line is read. See help for the /E switch from cmd.exe /? . 
+@setlocal ENABLEDELAYEDEXPANSION 
+
+ 
+
+@set BOOTSTRAP_DIRECTORY=C:\chef 
+@echo Checking for existing directory "%BOOTSTRAP_DIRECTORY%"... 
+@if NOT EXIST %BOOTSTRAP_DIRECTORY% ( 
+    @echo Existing directory not found, creating. 
+    @mkdir %BOOTSTRAP_DIRECTORY% 
+) else ( 
+    @echo Existing directory found, skipping creation. 
+) 
+
+> C:\chef\wget.vbs ( 
+ echo.url = WScript.Arguments.Named^("url"^)
+echo.path = WScript.Arguments.Named^("path"^)
+echo.proxy = null
+echo.'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
+echo.'* / into .  Also assume that file:/// is a local absolute path and that file://^<foo^>
+echo.'* is possibly a network file path.
+echo.If InStr^(url, "file://"^) = 1 Then
+echo.url = Unescape^(url^)
+echo.If InStr^(url, "file:///"^) = 1 Then
+echo.sourcePath = Mid^(url, Len^("file:///"^) + 1^)
+echo.Else
+echo.sourcePath = Mid^(url, Len^("file:"^) + 1^)
+echo.End If
+echo.sourcePath = Replace^(sourcePath, "/", "\"^)
+echo.
+echo.Set objFSO = CreateObject^("Scripting.FileSystemObject"^)
+echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
+echo.objFSO.CopyFile sourcePath, path, true
+echo.Set objFSO = Nothing
+echo.
+echo.Else
+echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP"^)
+echo.Set wshShell = CreateObject^( "WScript.Shell" ^)
+echo.Set objUserVariables = wshShell.Environment^("USER"^)
+echo.
+echo.rem http proxy is optional
+echo.rem attempt to read from HTTP_PROXY env var first
+echo.On Error Resume Next
+echo.
+echo.If NOT ^(objUserVariables^("HTTP_PROXY"^) = ""^) Then
+echo.proxy = objUserVariables^("HTTP_PROXY"^)
+echo.
+echo.rem fall back to named arg
+echo.ElseIf NOT ^(WScript.Arguments.Named^("proxy"^) = ""^) Then
+echo.proxy = WScript.Arguments.Named^("proxy"^)
+echo.End If
+echo.
+echo.If NOT isNull^(proxy^) Then
+echo.rem setProxy method is only available on ServerXMLHTTP 6.0+
+echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP.6.0"^)
+echo.objXMLHTTP.setProxy 2, proxy
+echo.End If
+echo.
+echo.On Error Goto 0
+echo.
+echo.objXMLHTTP.open "GET", url, false
+echo.objXMLHTTP.send^(^)
+echo.If objXMLHTTP.Status = 200 Then
+echo.Set objADOStream = CreateObject^("ADODB.Stream"^)
+echo.objADOStream.Open
+echo.objADOStream.Type = 1
+echo.objADOStream.Write objXMLHTTP.ResponseBody
+echo.objADOStream.Position = 0
+echo.Set objFSO = Createobject^("Scripting.FileSystemObject"^)
+echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
+echo.Set objFSO = Nothing
+echo.objADOStream.SaveToFile path
+echo.objADOStream.Close
+echo.Set objADOStream = Nothing
+echo.End If
+echo.Set objXMLHTTP = Nothing
+echo.End If
+ 
+) 
+
+> C:\chef\wget.ps1 ( 
+ echo.param^(
+echo.   [String] $remoteUrl,
+echo.   [String] $localPath
+echo.^)
+echo.
+echo.$webClient = new-object System.Net.WebClient;
+echo.
+echo.$webClient.DownloadFile^($remoteUrl, $localPath^);
+ 
+) 
+
+@rem Determine the version and the architecture 
+
+@FOR /F "usebackq tokens=1-8 delims=.[] " %%A IN (`ver`) DO ( 
+@set WinMajor=%%D 
+@set WinMinor=%%E 
+@set WinBuild=%%F 
+) 
+
+@echo Detected Windows Version %WinMajor%.%WinMinor% Build %WinBuild% 
+
+@set LATEST_OS_VERSION_MAJOR=6 
+@set LATEST_OS_VERSION_MINOR=3 
+
+@if /i %WinMajor% GTR %LATEST_OS_VERSION_MAJOR% goto VersionUnknown 
+@if /i %WinMajor% EQU %LATEST_OS_VERSION_MAJOR%  ( 
+  @if /i %WinMinor% GTR %LATEST_OS_VERSION_MINOR% goto VersionUnknown 
+) 
+
+goto Version%WinMajor%.%WinMinor% 
+
+:VersionUnknown 
+@rem If this is an unknown version of windows set the default 
+@set MACHINE_OS=2008r2 
+@echo Warning: Unknown version of Windows, assuming default of Windows %MACHINE_OS% 
+goto architecture_select 
+
+:Version6.0 
+@set MACHINE_OS=2008 
+goto architecture_select 
+
+:Version5.2 
+@set MACHINE_OS=2003r2 
+goto architecture_select 
+
+:Version6.1 
+@set MACHINE_OS=2008r2 
+goto architecture_select 
+
+:Version6.2 
+@set MACHINE_OS=2012 
+goto architecture_select 
+
+@rem Currently Windows Server 2012 R2 is treated as equivalent to Windows Server 2012 
+:Version6.3 
+goto Version6.2 
+
+:architecture_select 
+goto Architecture%PROCESSOR_ARCHITEW6432% 
+
+:Architecture 
+goto Architecture%PROCESSOR_ARCHITECTURE% 
+
+@rem If this is an unknown architecture set the default 
+@set MACHINE_ARCH=i686 
+goto install 
+
+:Architecturex86 
+@set MACHINE_ARCH=i686 
+goto install 
+
+:Architectureamd64 
+@set MACHINE_ARCH=x86_64 
+goto install 
+
+:install 
+@rem If user has provided the custom installation command for chef-client then execute it 
+  chef-client -o recipe[cbk1::rec2] 
+
+@endlocal 
+
+@echo off 
+
+
+echo Writing validation key... 
+
+
+echo Validation key written. 
+@echo on 
+
+
+
+
+> C:\chef\client.rb ( 
+ echo.log_level        :info
+echo.log_location     STDOUT
+echo.
+echo.chef_server_url  "https://localhost:443"
+echo.validation_client_name "chef-validator"
+echo.
+echo.file_cache_path   "c:/chef/cache"
+echo.file_backup_path  "c:/chef/backup"
+echo.cache_options     ^({:path =^> "c:/chef/cache/checksums", :skip_expires =^> true}^)
+echo.
+echo.# Using default node name ^(fqdn^)
+ 
+) 
+
+> C:\chef\first-boot.json ( 
+ echo.{"run_list":null} 
+) 
+
+@echo Starting chef to bootstrap the node... 
+SET "PATH=%PATH%;C:\ruby\bin;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin"
+chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
+ 

data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt

@@ -0,0 +1,329 @@
+@rem 
+@rem Author:: Seth Chisamore (<schisamo@opscode.com>) 
+@rem Copyright:: Copyright (c) 2011 Opscode, Inc. 
+@rem License:: Apache License, Version 2.0 
+@rem 
+@rem Licensed under the Apache License, Version 2.0 (the "License"); 
+@rem you may not use this file except in compliance with the License. 
+@rem You may obtain a copy of the License at 
+@rem 
+@rem     http://www.apache.org/licenses/LICENSE-2.0 
+@rem 
+@rem Unless required by applicable law or agreed to in writing, software 
+@rem distributed under the License is distributed on an "AS IS" BASIS, 
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+@rem See the License for the specific language governing permissions and 
+@rem limitations under the License. 
+@rem 
+
+@rem Use delayed environment expansion so that ERRORLEVEL can be evaluated with the 
+@rem !ERRORLEVEL! syntax which evaluates at execution of the line of script, not when 
+@rem the line is read. See help for the /E switch from cmd.exe /? . 
+@setlocal ENABLEDELAYEDEXPANSION 
+
+ 
+
+@set BOOTSTRAP_DIRECTORY=C:\chef 
+@echo Checking for existing directory "%BOOTSTRAP_DIRECTORY%"... 
+@if NOT EXIST %BOOTSTRAP_DIRECTORY% ( 
+    @echo Existing directory not found, creating. 
+    @mkdir %BOOTSTRAP_DIRECTORY% 
+) else ( 
+    @echo Existing directory found, skipping creation. 
+) 
+
+> C:\chef\wget.vbs ( 
+ echo.url = WScript.Arguments.Named^("url"^)
+echo.path = WScript.Arguments.Named^("path"^)
+echo.proxy = null
+echo.'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
+echo.'* / into .  Also assume that file:/// is a local absolute path and that file://^<foo^>
+echo.'* is possibly a network file path.
+echo.If InStr^(url, "file://"^) = 1 Then
+echo.url = Unescape^(url^)
+echo.If InStr^(url, "file:///"^) = 1 Then
+echo.sourcePath = Mid^(url, Len^("file:///"^) + 1^)
+echo.Else
+echo.sourcePath = Mid^(url, Len^("file:"^) + 1^)
+echo.End If
+echo.sourcePath = Replace^(sourcePath, "/", "\"^)
+echo.
+echo.Set objFSO = CreateObject^("Scripting.FileSystemObject"^)
+echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
+echo.objFSO.CopyFile sourcePath, path, true
+echo.Set objFSO = Nothing
+echo.
+echo.Else
+echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP"^)
+echo.Set wshShell = CreateObject^( "WScript.Shell" ^)
+echo.Set objUserVariables = wshShell.Environment^("USER"^)
+echo.
+echo.rem http proxy is optional
+echo.rem attempt to read from HTTP_PROXY env var first
+echo.On Error Resume Next
+echo.
+echo.If NOT ^(objUserVariables^("HTTP_PROXY"^) = ""^) Then
+echo.proxy = objUserVariables^("HTTP_PROXY"^)
+echo.
+echo.rem fall back to named arg
+echo.ElseIf NOT ^(WScript.Arguments.Named^("proxy"^) = ""^) Then
+echo.proxy = WScript.Arguments.Named^("proxy"^)
+echo.End If
+echo.
+echo.If NOT isNull^(proxy^) Then
+echo.rem setProxy method is only available on ServerXMLHTTP 6.0+
+echo.Set objXMLHTTP = CreateObject^("MSXML2.ServerXMLHTTP.6.0"^)
+echo.objXMLHTTP.setProxy 2, proxy
+echo.End If
+echo.
+echo.On Error Goto 0
+echo.
+echo.objXMLHTTP.open "GET", url, false
+echo.objXMLHTTP.send^(^)
+echo.If objXMLHTTP.Status = 200 Then
+echo.Set objADOStream = CreateObject^("ADODB.Stream"^)
+echo.objADOStream.Open
+echo.objADOStream.Type = 1
+echo.objADOStream.Write objXMLHTTP.ResponseBody
+echo.objADOStream.Position = 0
+echo.Set objFSO = Createobject^("Scripting.FileSystemObject"^)
+echo.If objFSO.Fileexists^(path^) Then objFSO.DeleteFile path
+echo.Set objFSO = Nothing
+echo.objADOStream.SaveToFile path
+echo.objADOStream.Close
+echo.Set objADOStream = Nothing
+echo.End If
+echo.Set objXMLHTTP = Nothing
+echo.End If
+ 
+) 
+
+> C:\chef\wget.ps1 ( 
+ echo.param^(
+echo.   [String] $remoteUrl,
+echo.   [String] $localPath
+echo.^)
+echo.
+echo.$webClient = new-object System.Net.WebClient;
+echo.
+echo.$webClient.DownloadFile^($remoteUrl, $localPath^);
+ 
+) 
+
+@rem Determine the version and the architecture 
+
+@FOR /F "usebackq tokens=1-8 delims=.[] " %%A IN (`ver`) DO ( 
+@set WinMajor=%%D 
+@set WinMinor=%%E 
+@set WinBuild=%%F 
+) 
+
+@echo Detected Windows Version %WinMajor%.%WinMinor% Build %WinBuild% 
+
+@set LATEST_OS_VERSION_MAJOR=6 
+@set LATEST_OS_VERSION_MINOR=3 
+
+@if /i %WinMajor% GTR %LATEST_OS_VERSION_MAJOR% goto VersionUnknown 
+@if /i %WinMajor% EQU %LATEST_OS_VERSION_MAJOR%  ( 
+  @if /i %WinMinor% GTR %LATEST_OS_VERSION_MINOR% goto VersionUnknown 
+) 
+
+goto Version%WinMajor%.%WinMinor% 
+
+:VersionUnknown 
+@rem If this is an unknown version of windows set the default 
+@set MACHINE_OS=2008r2 
+@echo Warning: Unknown version of Windows, assuming default of Windows %MACHINE_OS% 
+goto architecture_select 
+
+:Version6.0 
+@set MACHINE_OS=2008 
+goto architecture_select 
+
+:Version5.2 
+@set MACHINE_OS=2003r2 
+goto architecture_select 
+
+:Version6.1 
+@set MACHINE_OS=2008r2 
+goto architecture_select 
+
+:Version6.2 
+@set MACHINE_OS=2012 
+goto architecture_select 
+
+@rem Currently Windows Server 2012 R2 is treated as equivalent to Windows Server 2012 
+:Version6.3 
+goto Version6.2 
+
+:architecture_select 
+goto Architecture%PROCESSOR_ARCHITEW6432% 
+
+:Architecture 
+goto Architecture%PROCESSOR_ARCHITECTURE% 
+
+@rem If this is an unknown architecture set the default 
+@set MACHINE_ARCH=i686 
+goto install 
+
+:Architecturex86 
+@set MACHINE_ARCH=i686 
+goto install 
+
+:Architectureamd64 
+@set MACHINE_ARCH=x86_64 
+goto install 
+
+:install 
+@rem If user has provided the custom installation command for chef-client then execute it 
+  @rem Install Chef using chef-client MSI installer 
+
+  @set "LOCAL_DESTINATION_MSI_PATH=%TEMP%\chef-client-latest.msi" 
+  @set "CHEF_CLIENT_MSI_LOG_PATH=%TEMP%\chef-client-msi%RANDOM%.log" 
+
+  @rem Clear any pre-existing downloads 
+  @echo Checking for existing downloaded package at "%LOCAL_DESTINATION_MSI_PATH%" 
+  @if EXIST "%LOCAL_DESTINATION_MSI_PATH%" ( 
+      @echo Found existing downloaded package, deleting. 
+      @del /f /q "%LOCAL_DESTINATION_MSI_PATH%" 
+      @if ERRORLEVEL 1 ( 
+          echo Warning: Failed to delete pre-existing package with status code !ERRORLEVEL! > "&2" 
+      ) 
+  ) else ( 
+      echo No existing downloaded packages to delete. 
+    ) 
+
+  @rem If there is somehow a name collision, remove pre-existing log 
+  @if EXIST "%CHEF_CLIENT_MSI_LOG_PATH%" del /f /q "%CHEF_CLIENT_MSI_LOG_PATH%" 
+
+  @echo Attempting to download client package using PowerShell if available... 
+  @set "REMOTE_SOURCE_MSI_URL=https://www.chef.io/chef/download?p=windows&pv=%MACHINE_OS%&m=%MACHINE_ARCH%&DownloadContext=PowerShell&v=12" 
+  @set powershell_download=powershell.exe -ExecutionPolicy Unrestricted -NoProfile -NonInteractive -File  C:\chef\wget.ps1 "%REMOTE_SOURCE_MSI_URL%" "%LOCAL_DESTINATION_MSI_PATH%" 
+  @echo !powershell_download! 
+  @call !powershell_download! 
+
+  @set DOWNLOAD_ERROR_STATUS=!ERRORLEVEL! 
+
+  @if ERRORLEVEL 1 ( 
+      @echo Failed PowerShell download with status code !DOWNLOAD_ERROR_STATUS! > "&2" 
+      @if !DOWNLOAD_ERROR_STATUS!==0 set DOWNLOAD_ERROR_STATUS=2 
+  ) else ( 
+      @rem Sometimes the error level is not set even when the download failed, 
+      @rem so check for the file to be sure it is there -- if it is not, we will retry 
+      @if NOT EXIST "%LOCAL_DESTINATION_MSI_PATH%" ( 
+          echo Failed download: download completed, but downloaded file not found > "&2" 
+          set DOWNLOAD_ERROR_STATUS=2 
+      ) else ( 
+          echo Download via PowerShell succeeded. 
+        ) 
+    ) 
+
+  @if NOT %DOWNLOAD_ERROR_STATUS%==0 ( 
+      @echo Warning: Failed to download "%REMOTE_SOURCE_MSI_URL%" to "%LOCAL_DESTINATION_MSI_PATH%" 
+      @echo Warning: Retrying download with cscript ... 
+
+      @if EXIST "%LOCAL_DESTINATION_MSI_PATH%" del /f /q "%LOCAL_DESTINATION_MSI_PATH%" 
+
+      @set "REMOTE_SOURCE_MSI_URL=https://www.chef.io/chef/download?p=windows&pv=%MACHINE_OS%&m=%MACHINE_ARCH%&v=12" 
+      cscript /nologo C:\chef\wget.vbs /url:"%REMOTE_SOURCE_MSI_URL%" /path:"%LOCAL_DESTINATION_MSI_PATH%" 
+
+      @if NOT ERRORLEVEL 1 ( 
+          @rem Sometimes the error level is not set even when the download failed, 
+          @rem so check for the file to be sure it is there. 
+          @if NOT EXIST "%LOCAL_DESTINATION_MSI_PATH%" ( 
+              echo Failed download: download completed, but downloaded file not found > "&2" 
+              echo Exiting without bootstrapping due to download failure. > "&2" 
+              exit /b 1 
+          ) else ( 
+              echo Download via cscript succeeded. 
+            ) 
+      ) else ( 
+          echo Failed to download "%REMOTE_SOURCE_MSI_URL%" with status code !ERRORLEVEL!. > "&2" 
+          echo Exiting without bootstrapping due to download failure. > "&2" 
+          exit /b 1 
+        ) 
+  ) 
+
+  @echo Installing downloaded client package... 
+
+  msiexec /qn /log "%CHEF_CLIENT_MSI_LOG_PATH%" /i "%LOCAL_DESTINATION_MSI_PATH%"
+          @set MSIERRORCODE=!ERRORLEVEL!
+          @if ERRORLEVEL 1 (
+              @echo WARNING: Failed to install Chef Client MSI package in remote context with status code !MSIERRORCODE!.
+              @echo WARNING: This may be due to a defect in operating system update KB2918614: http://support.microsoft.com/kb/2918614
+              @set OLDLOGLOCATION="%CHEF_CLIENT_MSI_LOG_PATH%-fail.log"
+              @move "%CHEF_CLIENT_MSI_LOG_PATH%" "!OLDLOGLOCATION!" > NUL
+              @echo WARNING: Saving installation log of failure at !OLDLOGLOCATION!
+              @echo WARNING: Retrying installation with local context...
+              @schtasks /create /f  /sc once /st 00:00:00 /tn chefclientbootstraptask /ru SYSTEM /rl HIGHEST /tr "cmd /c msiexec /qn /log '%CHEF_CLIENT_MSI_LOG_PATH%' /i '%LOCAL_DESTINATION_MSI_PATH%' & sleep 2 & waitfor /s %computername% /si chefclientinstalldone"
+
+              @if ERRORLEVEL 1 (
+                  @echo ERROR: Failed to create Chef Client installation scheduled task with status code !ERRORLEVEL! > "&2"
+              ) else (
+                  @echo Successfully created scheduled task to install Chef Client.
+                  @schtasks /run /tn chefclientbootstraptask
+                  @if ERRORLEVEL 1 (
+                      @echo ERROR: Failed to execut Chef Client installation scheduled task with status code !ERRORLEVEL!. > "&2"
+                  ) else (
+                      @echo Successfully started Chef Client installation scheduled task.
+                      @echo Waiting for installation to complete -- this may take a few minutes...
+                      waitfor chefclientinstalldone /t 600
+                      if ERRORLEVEL 1 (
+                          @echo ERROR: Timed out waiting for Chef Client package to install
+                      ) else (
+                          @echo Finished waiting for Chef Client package to install.
+                      )
+                      @schtasks /delete /f /tn chefclientbootstraptask > NUL
+                  )
+              )
+          ) else (
+              @echo Successfully installed Chef Client package.
+          )
+ 
+
+  @if ERRORLEVEL 1 ( 
+      echo Chef-client package failed to install with status code !ERRORLEVEL!. > "&2" 
+      echo See installation log for additional detail: %CHEF_CLIENT_MSI_LOG_PATH%. > "&2" 
+  ) else ( 
+      @echo Installation completed successfully 
+      del /f /q "%CHEF_CLIENT_MSI_LOG_PATH%" 
+    ) 
+
+
+@endlocal 
+
+@echo off 
+
+
+echo Writing validation key... 
+
+
+echo Validation key written. 
+@echo on 
+
+
+
+
+> C:\chef\client.rb ( 
+ echo.log_level        :info
+echo.log_location     STDOUT
+echo.
+echo.chef_server_url  "https://localhost:443"
+echo.validation_client_name "chef-validator"
+echo.
+echo.file_cache_path   "c:/chef/cache"
+echo.file_backup_path  "c:/chef/backup"
+echo.cache_options     ^({:path =^> "c:/chef/cache/checksums", :skip_expires =^> true}^)
+echo.
+echo.# Using default node name ^(fqdn^)
+ 
+) 
+
+> C:\chef\first-boot.json ( 
+ echo.{"run_list":null} 
+) 
+
+@echo Starting chef to bootstrap the node... 
+SET "PATH=%PATH%;C:\ruby\bin;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin"
+chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
+ 

data/spec/functional/bootstrap_download_spec.rb

@@ -133,8 +133,9 @@ describe 'Knife::Windows::Core msi download functionality for knife Windows winr
     end
 
     allow(winrm_bootstrapper).to receive(:wait_for_remote_response)
+    allow(winrm_bootstrapper).to receive(:validate_options!)
     winrm_bootstrapper.config[:template_file] = @template_file_path
-
+    winrm_bootstrapper.config[:run_list] = []
     # Execute the commands locally that would normally be executed via WinRM
     allow(winrm_bootstrapper).to receive(:run_command) do |command|
       system(command)
@@ -147,7 +148,7 @@ describe 'Knife::Windows::Core msi download functionality for knife Windows winr
   end
 end
 
-describe "bootstrap_install_command functionality through WinRM protocol", :if_chef_11 => true, :chef_lt_12_5_only => true do
+describe "bootstrap_install_command functionality through WinRM protocol", :if_chef_11 => true do
   context "bootstrap_install_command option is not specified" do
     let(:bootstrap) { Chef::Knife::BootstrapWindowsWinrm.new([]) }
     before do
@@ -155,10 +156,18 @@ describe "bootstrap_install_command functionality through WinRM protocol", :if_c
       @template_output = sample_data('win_template_rendered_without_bootstrap_install_command.txt')
     end
 
-    it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil" do
+    it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil", :chef_lt_12_5_only => true do
       expect(bootstrap.send(:render_template,@template_input)).to eq(
         @template_output)
     end
+
+    context "when running chef-client 12.5.0 or greater", :chef_gte_12_5_only => true do
+      let(:template_12_5_output) { sample_data('win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt') }
+      it "bootstrap_install_command option is not rendered in the windows-chef-client-msi.erb template as its value is nil"  do
+        expect(bootstrap.send(:render_template,@template_input)).to eq(
+                                                                      template_12_5_output)
+      end
+    end
   end
 
   context "bootstrap_install_command option is specified" do
@@ -169,11 +178,19 @@ describe "bootstrap_install_command functionality through WinRM protocol", :if_c
       @template_output = sample_data('win_template_rendered_with_bootstrap_install_command.txt')
     end
 
-    it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template" do
+    it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template", :chef_lt_12_5_only => true do
       expect(bootstrap.send(:render_template,@template_input)).to eq(
         @template_output)
     end
 
+    context "when running chef-client 12.5.0 or greater", :chef_gte_12_5_only => true do
+      let(:template_12_5_output) { sample_data('win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt') }
+      it "bootstrap_install_command option is rendered in the windows-chef-client-msi.erb template" do
+        expect(bootstrap.send(:render_template,@template_input)).to eq(
+                                                                      template_12_5_output)
+      end
+    end
+
     after do
       bootstrap.config.delete(:bootstrap_install_command)
       Chef::Config[:knife].delete(:bootstrap_install_command)

data/spec/unit/knife/bootstrap_options_spec.rb

@@ -94,8 +94,6 @@ expected: #{expected}
       :use_sudo,
       :use_sudo_password,
       :encrypt, # irrelevant during bootstrap
-      :policy_name, # NYI, issue https://github.com/chef/knife-windows/issues/295
-      :policy_group, #https://github.com/chef/knife-windows/issues/295
     ]}
 
     # win_ignore: Options in windows that aren't relevant to core.
@@ -134,8 +132,6 @@ expected: #{expected}
       :use_sudo,
       :use_sudo_password,
       :encrypt, # irrelevant during bootstrap
-      :policy_name, # NYI, issue https://github.com/chef/knife-windows/issues/295
-      :policy_group, #https://github.com/chef/knife-windows/issues/295
     ]}
     # win_ignore: Options in windows that aren't relevant to core.
     let(:win_ignore) { [

data/spec/unit/knife/bootstrap_windows_winrm_spec.rb

@@ -26,6 +26,8 @@ describe Chef::Knife::BootstrapWindowsWinrm do
   end
 
   before do
+    bootstrap.config[:run_list] = []
+    allow(bootstrap).to receive(:validate_options!).and_return(nil)
     #    Kernel.stub(:sleep).and_return 10
     allow(bootstrap).to receive(:sleep).and_return(10)
     allow(File).to receive(:exist?).with(File.expand_path(Chef::Config[:validation_key])).and_return(true)
@@ -173,6 +175,7 @@ describe Chef::Knife::BootstrapWindowsWinrm do
     allow(bootstrap).to receive(:create_bootstrap_bat_command).and_raise(SystemExit)
     expect(bootstrap).to receive(:wait_for_remote_response).with(2)
     allow(bootstrap).to receive(:validate_name_args!).and_return(nil)
+    
     allow(bootstrap.ui).to receive(:info)
     bootstrap.config[:auth_timeout] = bootstrap.options[:auth_timeout][:default]
     expect { bootstrap.bootstrap }.to raise_error(SystemExit)

data/spec/unit/knife/winrm_session_spec.rb

@@ -26,10 +26,15 @@ describe Chef::Knife::WinrmSession do
   let(:options) { { transport: :plaintext } }
 
   before do
+    @original_config = Chef::Config.hash_dup
     allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
     allow(winrm_service).to receive(:set_timeout)
   end
 
+  after do
+    Chef::Config.configuration = @original_config
+  end
+
   subject { Chef::Knife::WinrmSession.new(options) }
 
   describe "#initialize" do
@@ -41,6 +46,19 @@ describe Chef::Knife::WinrmSession do
         subject
       end
     end
+
+    context "when a proxy is configured" do
+      let(:proxy_uri) { 'blah.com' }
+
+      before do
+        Chef::Config[:http_proxy] = proxy_uri
+      end
+
+      it "sets the http_proxy to the configured proxy" do
+        subject
+        expect(ENV['HTTP_PROXY']).to eq("http://#{proxy_uri}")
+      end
+    end
   end
 
   describe "#relay_command" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife-windows
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Seth Chisamore
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-01 00:00:00.000000000 Z
+date: 2015-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: winrm
@@ -109,7 +109,9 @@ files:
 - lib/knife-windows/path_helper.rb
 - lib/knife-windows/version.rb
 - spec/assets/win_template_rendered_with_bootstrap_install_command.txt
+- spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt
 - spec/assets/win_template_rendered_without_bootstrap_install_command.txt
+- spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt
 - spec/assets/win_template_unrendered.txt
 - spec/functional/bootstrap_download_spec.rb
 - spec/spec_helper.rb
@@ -152,7 +154,9 @@ test_files:
 - features/knife_help.feature
 - features/support/env.rb
 - spec/assets/win_template_rendered_with_bootstrap_install_command.txt
+- spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt
 - spec/assets/win_template_rendered_without_bootstrap_install_command.txt
+- spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt
 - spec/assets/win_template_unrendered.txt
 - spec/functional/bootstrap_download_spec.rb
 - spec/spec_helper.rb