knife-windows 1.1.0 → 1.1.1

data/spec/unit/knife/windows_cert_install_spec.rb

@@ -1,51 +1,51 @@
-#
-# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
-# Copyright:: Copyright (c) 2014 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'spec_helper'
-require 'chef/knife/windows_cert_install'
-
-describe Chef::Knife::WindowsCertInstall do
-  context "on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      @certinstall = Chef::Knife::WindowsCertInstall.new
-    end
-  
-    it "installs certificate" do
-      @certinstall.name_args = ["test-path"]
-      @certinstall.config[:cert_passphrase] = "your-secret!"
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      expect(@certinstall).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil -importPFX 'test-path' AT_KEYEXCHANGE\"")
-      expect(@certinstall.ui).to receive(:info).with("Certificate added to Certificate Store")
-      expect(@certinstall.ui).to receive(:info).with("Adding certificate to the Windows Certificate Store...")
-      @certinstall.run
-    end
-  end
-
-  context "not on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(false)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-
-    it "exits with an error" do
-      expect(@listener.ui).to receive(:error)
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-  end
-end
+#
+# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
+# Copyright:: Copyright (c) 2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/windows_cert_install'
+
+describe Chef::Knife::WindowsCertInstall do
+  context "on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      @certinstall = Chef::Knife::WindowsCertInstall.new
+    end
+  
+    it "installs certificate" do
+      @certinstall.name_args = ["test-path"]
+      @certinstall.config[:cert_passphrase] = "your-secret!"
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      expect(@certinstall).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil -importPFX 'test-path' AT_KEYEXCHANGE\"")
+      expect(@certinstall.ui).to receive(:info).with("Certificate added to Certificate Store")
+      expect(@certinstall.ui).to receive(:info).with("Adding certificate to the Windows Certificate Store...")
+      @certinstall.run
+    end
+  end
+
+  context "not on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(false)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+
+    it "exits with an error" do
+      expect(@listener.ui).to receive(:error)
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+  end
+end

data/spec/unit/knife/windows_listener_create_spec.rb

@@ -1,76 +1,76 @@
-#
-# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
-# Copyright:: Copyright (c) 2014 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'spec_helper'
-require 'chef/knife/windows_listener_create'
-
-describe Chef::Knife::WindowsListenerCreate do
-  context "on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-  
-    it "creates winrm listener" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      @listener.run
-    end
-  
-    it "raise an error on command failure" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:basic_auth] = true
-      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
-      expect($?).to receive(:exitstatus).and_return(100)
-      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
-      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-  
-    it "creates winrm listener with cert install option" do
-      @listener.config[:hostname] = "host"
-      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
-      @listener.config[:port] = "5986"
-      @listener.config[:cert_install] = true
-      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
-      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
-      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
-      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
-      allow(@listener).to receive(:puts)
-      @listener.run
-    end
-  end
-
-  context "not on Windows" do
-    before do
-      allow(Chef::Platform).to receive(:windows?).and_return(false)
-      @listener = Chef::Knife::WindowsListenerCreate.new
-    end
-
-    it "exits with an error" do
-      expect(@listener.ui).to receive(:error)
-      expect { @listener.run }.to raise_error(SystemExit)
-    end
-  end
-end  
+#
+# Author:: Mukta Aphale <mukta.aphale@clogeny.com>
+# Copyright:: Copyright (c) 2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/windows_listener_create'
+
+describe Chef::Knife::WindowsListenerCreate do
+  context "on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+  
+    it "creates winrm listener" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect(@listener.ui).to receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      @listener.run
+    end
+  
+    it "raise an error on command failure" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:basic_auth] = true
+      expect(@listener).to receive(:`).with("winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=\"host\";CertificateThumbprint=\"CERT-THUMBPRINT\";Port=\"5986\"}")
+      expect($?).to receive(:exitstatus).and_return(100)
+      expect(@listener.ui).to receive(:error).with("Error creating WinRM listener. use -VV for more details.")
+      expect(@listener.ui).to_not receive(:info).with("WinRM listener created with Port: 5986 and CertificateThumbprint: CERT-THUMBPRINT")
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+  
+    it "creates winrm listener with cert install option" do
+      @listener.config[:hostname] = "host"
+      @listener.config[:cert_thumbprint] = "CERT-THUMBPRINT"
+      @listener.config[:port] = "5986"
+      @listener.config[:cert_install] = true
+      allow(@listener).to receive(:get_cert_passphrase).and_return("your-secret!")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" 'your-secret!' | certutil  -importPFX 'true' AT_KEYEXCHANGE\"")
+      expect(@listener).to receive(:`).with("powershell.exe -Command \" echo (Get-PfxCertificate true).thumbprint \"")
+      expect(@listener.ui).to receive(:info).with("Certificate installed to Certificate Store")
+      expect(@listener.ui).to receive(:info).with("Certificate Thumbprint: ")
+      allow(@listener).to receive(:puts)
+      @listener.run
+    end
+  end
+
+  context "not on Windows" do
+    before do
+      allow(Chef::Platform).to receive(:windows?).and_return(false)
+      @listener = Chef::Knife::WindowsListenerCreate.new
+    end
+
+    it "exits with an error" do
+      expect(@listener.ui).to receive(:error)
+      expect { @listener.run }.to raise_error(SystemExit)
+    end
+  end
+end  

data/spec/unit/knife/winrm_session_spec.rb

@@ -1,74 +1,74 @@
-#
-# Author:: Steven Murawski <smurawski@chef.io>
-# Copyright:: Copyright (c) 2015 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'spec_helper'
-
-Chef::Knife::Winrm.load_deps
-
-
-describe Chef::Knife::WinrmSession do
-  let(:winrm_service) { double('WinRMWebService') }
-  let(:options) { { transport: :plaintext } }
-
-  before do
-    @original_config = Chef::Config.hash_dup
-    allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
-    allow(winrm_service).to receive(:set_timeout)
-  end
-
-  after do
-    Chef::Config.configuration = @original_config
-  end
-
-  subject { Chef::Knife::WinrmSession.new(options) }
-
-  describe "#initialize" do
-    context "when using sspinegotiate transport" do
-      let(:options) { { transport: :sspinegotiate } }
-
-      it "uses winrm-s" do
-        expect(Chef::Knife::WinrmSession).to receive(:load_windows_specific_gems)
-        subject
-      end
-    end
-
-    context "when a proxy is configured" do
-      let(:proxy_uri) { 'blah.com' }
-
-      before do
-        Chef::Config[:http_proxy] = proxy_uri
-      end
-
-      it "sets the http_proxy to the configured proxy" do
-        subject
-        expect(ENV['HTTP_PROXY']).to eq("http://#{proxy_uri}")
-      end
-    end
-  end
-
-  describe "#relay_command" do
-    it "run command and display commands output" do
-      expect(winrm_service).to receive(:open_shell).ordered
-      expect(winrm_service).to receive(:run_command).ordered
-      expect(winrm_service).to receive(:get_command_output).ordered.and_return({})
-      expect(winrm_service).to receive(:cleanup_command).ordered
-      expect(winrm_service).to receive(:close_shell).ordered
-      subject.relay_command("cmd.exe echo 'hi'")
-    end
-  end
+#
+# Author:: Steven Murawski <smurawski@chef.io>
+# Copyright:: Copyright (c) 2015 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+Chef::Knife::Winrm.load_deps
+
+
+describe Chef::Knife::WinrmSession do
+  let(:winrm_service) { double('WinRMWebService') }
+  let(:options) { { transport: :plaintext } }
+
+  before do
+    @original_config = Chef::Config.hash_dup
+    allow(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+    allow(winrm_service).to receive(:set_timeout)
+  end
+
+  after do
+    Chef::Config.configuration = @original_config
+  end
+
+  subject { Chef::Knife::WinrmSession.new(options) }
+
+  describe "#initialize" do
+    context "when using sspinegotiate transport" do
+      let(:options) { { transport: :sspinegotiate } }
+
+      it "uses winrm-s" do
+        expect(Chef::Knife::WinrmSession).to receive(:load_windows_specific_gems)
+        subject
+      end
+    end
+
+    context "when a proxy is configured" do
+      let(:proxy_uri) { 'blah.com' }
+
+      before do
+        Chef::Config[:http_proxy] = proxy_uri
+      end
+
+      it "sets the http_proxy to the configured proxy" do
+        subject
+        expect(ENV['HTTP_PROXY']).to eq("http://#{proxy_uri}")
+      end
+    end
+  end
+
+  describe "#relay_command" do
+    it "run command and display commands output" do
+      expect(winrm_service).to receive(:open_shell).ordered
+      expect(winrm_service).to receive(:run_command).ordered
+      expect(winrm_service).to receive(:get_command_output).ordered.and_return({})
+      expect(winrm_service).to receive(:cleanup_command).ordered
+      expect(winrm_service).to receive(:close_shell).ordered
+      subject.relay_command("cmd.exe echo 'hi'")
+    end
+  end
 end

data/spec/unit/knife/winrm_spec.rb

@@ -1,504 +1,551 @@
-#
-# Author:: Bryan McLellan <btm@opscode.com>
-# Copyright:: Copyright (c) 2013 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'spec_helper'
-
-Chef::Knife::Winrm.load_deps
-
-describe Chef::Knife::Winrm do
-  before(:all) do
-    @original_config = Chef::Config.hash_dup
-    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
-  end
-
-  after do
-    Chef::Config.configuration = @original_config
-    Chef::Config[:knife] = @original_knife_config if @original_knife_config
-  end
-
-  describe "#resolve_target_nodes" do
-    before do
-      @knife = Chef::Knife::Winrm.new
-      @knife.config[:attribute] = "fqdn"
-      @node_foo = Chef::Node.new
-      @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
-      @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
-      @node_bar = Chef::Node.new
-      @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
-      @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
-      @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
-      @query = double("Chef::Search::Query")
-    end
-
-    context "when there are some hosts found but they do not have an attribute to connect with" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        @node_foo.automatic_attrs[:fqdn] = nil
-        @node_bar.automatic_attrs[:fqdn] = nil
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-
-      it "raises a specific error (KNIFE-222)" do
-        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
-        expect(@knife).to receive(:exit).with(10)
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-
-    context "when there are nested attributes" do
-      before do
-        @knife.config[:manual] = false
-        @knife.config[:winrm_password] = 'P@ssw0rd!'
-        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
-        allow(Chef::Search::Query).to receive(:new).and_return(@query)
-      end
-
-      it "uses the nested attributes (KNIFE-276)" do
-        @knife.config[:attribute] = "ec2.public_hostname"
-        @knife.configure_chef
-        @knife.resolve_target_nodes
-      end
-    end
-  end
-
-  describe "#configure_session" do
-    let(:winrm_user) { 'testuser' }
-    let(:transport) { 'plaintext' }
-    let(:protocol) { 'basic' }
-    let(:knife_args) do
-      [
-        '-m', 'localhost',
-        '-x', winrm_user,
-        '-P', 'testpassword',
-        '-t', transport,
-        '--winrm-authentication-protocol', protocol,
-        'echo helloworld'
-      ]
-    end
-    let(:winrm_session) { double('winrm_session') }
-    let(:winrm_service) { double('WinRMWebService') }
-
-    before do
-      allow(winrm_service).to receive(:set_timeout)
-    end
-
-    subject { Chef::Knife::Winrm.new(knife_args) }
-
-    context "when configuring the WinRM user name" do      
-      context "when basic auth is used" do
-        let(:protocol) { 'basic' }
-
-        it "passes user name as given in options" do
-          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
-            expect(opts[:user]).to eq(winrm_user)
-          end.and_return(winrm_session)
-          subject.configure_session
-        end
-      end
-
-      context "when negotiate auth is used" do
-        let(:protocol) { 'negotiate' }
-
-        context "when user is prefixed with realm" do
-          let(:winrm_user) { "my_realm\\myself" }
-
-          it "passes user name as given in options" do
-            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
-              expect(opts[:user]).to eq(winrm_user)
-            end.and_return(winrm_session)
-            subject.configure_session
-          end
-        end
-
-        context "when user realm is included via email format" do
-          let(:winrm_user) { "myself@my_realm.com" }
-
-          it "passes user name as given in options" do
-            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
-              expect(opts[:user]).to eq(winrm_user)
-            end.and_return(winrm_session)
-            subject.configure_session
-          end
-        end
-
-        context "when a local user is given" do
-          it "prefixes user with the dot (local) realm" do
-            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
-              expect(opts[:user]).to eq(".\\#{winrm_user}")
-            end.and_return(winrm_session)
-            subject.configure_session
-          end
-        end
-      end
-    end
-
-    context "when configuring the WinRM transport" do
-      before(:all) do
-        @winrm_session = Object.new
-        @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
-      end
-
-      context "kerberos option is set" do
-        let(:winrm_command_http) { Chef::Knife::Winrm.new([
-          '-m', 'localhost',
-          '-x', 'testuser', 
-          '-P', 'testpassword',
-          '--winrm-authentication-protocol', 'basic',
-          '--kerberos-realm', 'realm',
-          'echo helloworld'
-        ]) }
-
-        it "sets the transport to kerberos" do
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :kerberos, anything).and_return(@winrm_session)
-          winrm_command_http.configure_chef
-          winrm_command_http.configure_session
-        end
-      end
-
-      context "kerberos option is set but nil" do
-        let(:winrm_command_http) { Chef::Knife::Winrm.new([
-          '-m', 'localhost',
-          '-x', 'testuser', 
-          '-P', 'testpassword',
-          '--winrm-authentication-protocol', 'basic',
-          'echo helloworld'
-        ]) }
-
-        it "sets the transport to plaintext" do
-          winrm_command_http.config[:kerberos_realm] = nil
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :plaintext, anything).and_return(@winrm_session)
-          winrm_command_http.configure_chef
-          winrm_command_http.configure_session
-        end
-      end
-
-      context "on windows workstations" do
-        let(:protocol) { 'negotiate' }
-
-        before do
-          allow(Chef::Platform).to receive(:windows?).and_return(true)
-        end
-
-        it "defaults to negotiate when on a Windows host" do
-          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
-            expect(opts[:transport]).to eq(:sspinegotiate)
-          end.and_return(winrm_session)
-          subject.configure_session
-        end
-      end
-
-      context "on non-windows workstations" do
-        before do
-          allow(Chef::Platform).to receive(:windows?).and_return(false)
-        end
-
-        let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
-
-        it "defaults to the http uri scheme" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-          winrm_command_http.configure_chef
-          winrm_command_http.configure_session
-        end
-
-        it "sets the operation timeout and verifes default" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-          expect(@winrm_session).to receive(:set_timeout).with(1800)
-          winrm_command_http.configure_chef
-          winrm_command_http.configure_session
-        end
-
-        it "sets the user specified winrm port" do
-          Chef::Config[:knife] = {winrm_port: "5988"}
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
-          winrm_command_http.configure_chef
-          winrm_command_http.configure_session
-        end
-
-        let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
-
-        it "sets operation timeout and verify 10 Minute timeout" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
-          expect(@winrm_session).to receive(:set_timeout).with(600)
-          winrm_command_timeout.configure_chef
-          winrm_command_timeout.configure_session
-        end
-
-        let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
-
-        it "uses the https uri scheme if the ssl transport is specified" do
-          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-          winrm_command_https.configure_chef
-          winrm_command_https.configure_session
-        end
-
-        it "uses the winrm port '5986' by default for ssl transport" do
-          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
-          winrm_command_https.configure_chef
-          winrm_command_https.configure_session
-        end
-
-        it "defaults to validating the server when the ssl transport is used" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-          winrm_command_https.configure_chef
-          winrm_command_https.configure_session
-        end
-
-        let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
-
-        it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-          winrm_command_verify_peer.configure_chef
-          winrm_command_verify_peer.configure_session
-        end
-
-        context "when setting verify_none" do
-          let(:transport) { 'ssl' }
-
-          before { knife_args << '--winrm-ssl-verify-mode' << 'verify_none' }
-
-          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            subject.configure_chef
-            subject.configure_session
-          end
-
-          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
-            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
-            expect(subject).to receive(:warn_no_ssl_peer_verification)
-
-            subject.configure_chef
-            subject.configure_session
-          end
-
-          context "when transport is plaintext" do
-            let(:transport) { 'plaintext' }
-
-            it "does not print warning re ssl server validation" do
-              expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
-              expect(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
-              expect(subject).to_not receive(:warn_no_ssl_peer_verification)
-
-              subject.configure_chef
-              subject.configure_session
-            end
-          end
-        end
-
-        let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
-
-        it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
-          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
-          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
-          winrm_command_ca_trust.configure_chef
-          winrm_command_ca_trust.configure_session
-        end
-      end
-    end
-  end
-
-  describe "#run" do
-    before(:each) do
-      Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-      @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
-    end
-
-    it "returns with 0 if the command succeeds" do
-      allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-      return_code = @winrm.run
-      expect(return_code).to be_zero
-    end
-
-    it "exits with exact exit status if the command fails and returns config is set to 0" do
-      command_status = 510
-      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-
-      @winrm.config[:returns] = "0"
-      Chef::Config[:knife][:returns] = [0]
-
-      allow(@winrm).to receive(:relay_winrm_command)
-      allow(@winrm.ui).to receive(:error)
-      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-      allow(session_mock).to receive(:exit_code).and_return(command_status)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-    end
-
-    it "exits with non-zero status if the command fails and returns config is set to 0" do
-      command_status = 1
-      @winrm.config[:returns] = "0,53"
-      Chef::Config[:knife][:returns] = [0,53]
-      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-      allow(@winrm.ui).to receive(:error)
-      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-      allow(session_mock).to receive(:exit_code).and_return(command_status)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
-    end
-
-    it "exits with a zero status if the command returns an expected non-zero status" do
-      command_status = 53
-      Chef::Config[:knife][:returns] = [0,53]
-      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-      exit_code = @winrm.run
-      expect(exit_code).to be_zero
-    end
-
-    it "exits with a zero status if the command returns an expected non-zero status" do
-      command_status = 53
-      @winrm.config[:returns] = '0,53'
-      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
-      session_mock = Chef::Knife::WinrmSession.new({:transport => :plaintext, :host => 'localhost', :port => '5985'})
-      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session_mock)
-      allow(session_mock).to receive(:exit_codes).and_return({"thishost" => command_status})
-      exit_code = @winrm.run
-      expect(exit_code).to be_zero
-    end
-
-    it "exits with 100 and no hint if command execution raises an exception other than 401" do
-      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
-      allow(@winrm.ui).to receive(:error)
-      expect(@winrm.ui).to_not receive(:info)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-    end
-
-    it "exits with 100 if command execution raises a 401" do
-      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-      allow(@winrm.ui).to receive(:info)
-      allow(@winrm.ui).to receive(:error)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
-    end
-
-    it "exits with 0 if command execution raises a 401 and suppress_auth_failure is set to true" do
-      @winrm.config[:suppress_auth_failure] = true
-      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-      exit_code = @winrm.run_with_pretty_exceptions
-      expect(exit_code).to eq(401)
-    end
-
-    it "prints a hint on failure for negotiate authentication" do
-      @winrm.config[:winrm_authentication_protocol] = "negotiate"
-      @winrm.config[:winrm_transport] = "plaintext"
-      allow(Chef::Platform).to receive(:windows?).and_return(true)
-      allow(Chef::Knife::WinrmSession).to receive(:new)
-      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMAuthorizationError.new)
-      allow(@winrm.ui).to receive(:error)
-      allow(@winrm.ui).to receive(:info)
-      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_NOT_BASIC_HINT)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
-    end
-
-    it "prints a hint on failure for basic authentication" do
-      @winrm.config[:winrm_authentication_protocol] = "basic"
-      @winrm.config[:winrm_transport] = "plaintext"
-      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
-      allow(@winrm.ui).to receive(:error)
-      allow(@winrm.ui).to receive(:info)
-      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_BASIC_HINT)
-      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
-    end
-
-    context "when winrm_authentication_protocol specified" do
-      before do
-        Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
-        allow(@winrm).to receive(:relay_winrm_command).and_return(0)
-      end
-
-      it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "negotiate"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification => false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:sspinegotiate, :disable_sspi=>false, :host=>"localhost"})
-        exit_code = @winrm.run
-      end
-
-      it "does not have winrm opts transport set to sspinegotiate for unix" do
-        @winrm.config[:winrm_authentication_protocol] = "negotiate"
-        allow(Chef::Platform).to receive(:windows?).and_return(false)
-        allow(@winrm).to receive(:exit)
-        expect(@winrm).to receive(:create_winrm_session).with({:user=>".\\testuser", :password=>"testpassword", :port=>"5985", :no_ssl_peer_verification=>false, :basic_auth_only=>false, :operation_timeout=>1800, :transport=>:plaintext, :disable_sspi=>true, :host=>"localhost"})
-        exit_code = @winrm.run
-      end
-
-      it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
-        @winrm.config[:winrm_authentication_protocol] = "negotiate"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        allow(@winrm.ui).to receive(:warn)
-        @winrm.run
-      end
-
-      it "raises an error if value is other than [basic, negotiate, kerberos]" do
-        @winrm.config[:winrm_authentication_protocol] = "invalid"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        expect(@winrm.ui).to receive(:error)
-        expect { @winrm.run }.to raise_error(SystemExit)
-      end
-
-      it "skips the winrm monkey patch for 'basic' authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "basic"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        @winrm.run
-      end
-
-      it "skips the winrm monkey patch for 'kerberos' authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "kerberos"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        @winrm.run
-      end
-
-      it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "negotiate"
-        @winrm.config[:winrm_transport] = "ssl"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        @winrm.run
-      end
-
-      it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "basic"
-        @winrm.config[:winrm_transport] = "ssl"
-        @winrm.config[:winrm_port] = "5986"
-        allow(Chef::Platform).to receive(:windows?).and_return(true)
-        expect(@winrm).to receive(:create_winrm_session).with({:user=>"testuser", :password=>"testpassword", :port=>"5986", :no_ssl_peer_verification=>false, :basic_auth_only=>true, :operation_timeout=>1800, :transport=>:ssl, :disable_sspi=>true, :host=>"localhost"})
-        @winrm.run
-      end
-
-      it "prints a warning on linux for unencrypted negotiate authentication" do
-        @winrm.config[:winrm_authentication_protocol] = "negotiate"
-        @winrm.config[:winrm_transport] = "plaintext"
-        allow(Chef::Platform).to receive(:windows?).and_return(false)
-        expect(@winrm.ui).to receive(:warn).once
-        expect { @winrm.run }.to_not raise_error(SystemExit)
-      end
-    end
-  end
-end
+#
+# Author:: Bryan McLellan <btm@opscode.com>
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+Chef::Knife::Winrm.load_deps
+
+describe Chef::Knife::Winrm do
+  before(:all) do
+    @original_config = Chef::Config.hash_dup
+    @original_knife_config = Chef::Config[:knife].nil? ? nil : Chef::Config[:knife].dup
+  end
+
+  after do
+    Chef::Config.configuration = @original_config
+    Chef::Config[:knife] = @original_knife_config if @original_knife_config
+  end
+
+  describe "#resolve_target_nodes" do
+    before do
+      @knife = Chef::Knife::Winrm.new
+      @knife.config[:attribute] = "fqdn"
+      @node_foo = Chef::Node.new
+      @node_foo.automatic_attrs[:fqdn] = "foo.example.org"
+      @node_foo.automatic_attrs[:ipaddress] = "10.0.0.1"
+      @node_bar = Chef::Node.new
+      @node_bar.automatic_attrs[:fqdn] = "bar.example.org"
+      @node_bar.automatic_attrs[:ipaddress] = "10.0.0.2"
+      @node_bar.automatic_attrs[:ec2][:public_hostname] = "somewhere.com"
+      @query = double("Chef::Search::Query")
+    end
+
+    context "when there are some hosts found but they do not have an attribute to connect with" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        @node_foo.automatic_attrs[:fqdn] = nil
+        @node_bar.automatic_attrs[:fqdn] = nil
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+
+      it "raises a specific error (KNIFE-222)" do
+        expect(@knife.ui).to receive(:fatal).with(/does not have the required attribute/)
+        expect(@knife).to receive(:exit).with(10)
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+
+    context "when there are nested attributes" do
+      before do
+        @knife.config[:manual] = false
+        @knife.config[:winrm_password] = 'P@ssw0rd!'
+        allow(@query).to receive(:search).and_return([[@node_foo, @node_bar]])
+        allow(Chef::Search::Query).to receive(:new).and_return(@query)
+      end
+
+      it "uses the nested attributes (KNIFE-276)" do
+        @knife.config[:attribute] = "ec2.public_hostname"
+        @knife.configure_chef
+        @knife.resolve_target_nodes
+      end
+    end
+  end
+
+  describe "#configure_session" do
+    let(:winrm_user) { 'testuser' }
+    let(:transport) { 'plaintext' }
+    let(:password) { 'testpassword' }
+    let(:protocol) { 'basic' }
+    let(:knife_args) do
+      [
+        '-m', 'localhost',
+        '-x', winrm_user,
+        '-P', password,
+        '-t', transport,
+        '--winrm-authentication-protocol', protocol,
+        'echo helloworld'
+      ]
+    end
+    let(:winrm_session) { double('winrm_session') }
+    let(:winrm_service) { double('WinRMWebService') }
+
+    before do
+      allow(winrm_service).to receive(:set_timeout)
+    end
+
+    subject { Chef::Knife::Winrm.new(knife_args) }
+
+    context "when configuring the WinRM user name" do      
+      context "when basic auth is used" do
+        let(:protocol) { 'basic' }
+
+        it "passes user name as given in options" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:user]).to eq(winrm_user)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+
+      context "when negotiate auth is used" do
+        let(:protocol) { 'negotiate' }
+
+        context "when user is prefixed with realm" do
+          let(:winrm_user) { "my_realm\\myself" }
+
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+
+        context "when user realm is included via email format" do
+          let(:winrm_user) { "myself@my_realm.com" }
+
+          it "passes user name as given in options" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(winrm_user)
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+
+        context "when a local user is given" do
+          it "prefixes user with the dot (local) realm" do
+            expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+              expect(opts[:user]).to eq(".\\#{winrm_user}")
+            end.and_return(winrm_session)
+            subject.configure_session
+          end
+        end
+      end
+    end
+
+    context "when configuring the WinRM password" do
+      it "passes password as given in options" do
+        expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+          expect(opts[:password]).to eq(password)
+        end.and_return(winrm_session)
+        subject.configure_session
+      end
+
+      context "when no password is given in the options" do
+        let(:knife_args) do
+          [
+            '-m', 'localhost',
+            '-x', winrm_user,
+            '-t', transport,
+            '--winrm-authentication-protocol', protocol,
+            'echo helloworld'
+          ]
+        end
+        let(:prompted_password) { 'prompted_password' }
+
+        before do
+          allow(subject.ui).to receive(:ask).and_return(prompted_password)
+        end
+
+        it "passes password prompted" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:password]).to eq(prompted_password)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+    end
+
+    context "when configuring the WinRM transport" do
+      before(:all) do
+        @winrm_session = Object.new
+        @winrm_session.define_singleton_method(:set_timeout){|timeout| ""}
+      end
+
+      context "kerberos option is set" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser', 
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          '--kerberos-realm', 'realm',
+          'echo helloworld'
+        ]) }
+
+        it "sets the transport to kerberos" do
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :kerberos, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+
+      context "kerberos option is set but nil" do
+        let(:winrm_command_http) { Chef::Knife::Winrm.new([
+          '-m', 'localhost',
+          '-x', 'testuser', 
+          '-P', 'testpassword',
+          '--winrm-authentication-protocol', 'basic',
+          'echo helloworld'
+        ]) }
+
+        it "sets the transport to plaintext" do
+          winrm_command_http.config[:kerberos_realm] = nil
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', :plaintext, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+      end
+
+      context "on windows workstations" do
+        let(:protocol) { 'negotiate' }
+
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(true)
+        end
+
+        it "defaults to negotiate when on a Windows host" do
+          expect(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+            expect(opts[:transport]).to eq(:sspinegotiate)
+          end.and_return(winrm_session)
+          subject.configure_session
+        end
+      end
+
+      context "on non-windows workstations" do
+        before do
+          allow(Chef::Platform).to receive(:windows?).and_return(false)
+        end
+
+        let(:winrm_command_http) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '-t', 'plaintext', '--winrm-authentication-protocol', 'basic', 'echo helloworld']) }
+
+        it "defaults to the http uri scheme" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+
+        it "sets the operation timeout and verifes default" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(1800)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+
+        it "sets the user specified winrm port" do
+          Chef::Config[:knife] = {winrm_port: "5988"}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5988/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_http.configure_chef
+          winrm_command_http.configure_session
+        end
+
+        let(:winrm_command_timeout) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', '--session-timeout', '10', 'echo helloworld']) }
+
+        it "sets operation timeout and verify 10 Minute timeout" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('http://localhost:5985/wsman', anything, anything).and_return(@winrm_session)
+          expect(@winrm_session).to receive(:set_timeout).with(600)
+          winrm_command_timeout.configure_chef
+          winrm_command_timeout.configure_session
+        end
+
+        let(:winrm_command_https) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', 'echo helloworld']) }
+
+        it "uses the https uri scheme if the ssl transport is specified" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+
+        it "uses the winrm port '5986' by default for ssl transport" do
+          Chef::Config[:knife] = {:winrm_transport => 'ssl'}
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with('https://localhost:5986/wsman', anything, anything).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+
+        it "defaults to validating the server when the ssl transport is used" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_https.configure_chef
+          winrm_command_https.configure_session
+        end
+
+        let(:winrm_command_verify_peer) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--winrm-ssl-verify-mode', 'verify_peer', 'echo helloworld'])}
+
+        it "validates the server when the ssl transport is used and the :winrm_ssl_verify_mode option is not configured to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_verify_peer.configure_chef
+          winrm_command_verify_peer.configure_session
+        end
+
+        context "when setting verify_none" do
+          let(:transport) { 'ssl' }
+
+          before { knife_args << '--winrm-ssl-verify-mode' << 'verify_none' }
+
+          it "does not validate the server when the ssl transport is used and the :winrm_ssl_verify_mode option is set to :verify_none" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            subject.configure_chef
+            subject.configure_session
+          end
+
+          it "prints warning output when the :winrm_ssl_verify_mode set to :verify_none to disable server validation" do
+            expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+            expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => true)).and_return(@winrm_session)
+            expect(subject).to receive(:warn_no_ssl_peer_verification)
+
+            subject.configure_chef
+            subject.configure_session
+          end
+
+          context "when transport is plaintext" do
+            let(:transport) { 'plaintext' }
+
+            it "does not print warning re ssl server validation" do
+              expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :plaintext)).and_call_original
+              expect(WinRM::WinRMWebService).to receive(:new).and_return(winrm_service)
+              expect(subject).to_not receive(:warn_no_ssl_peer_verification)
+
+              subject.configure_chef
+              subject.configure_session
+            end
+          end
+        end
+
+        let(:winrm_command_ca_trust) { Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-transport', 'ssl', '--ca-trust-file', '~/catrustroot', '--winrm-ssl-verify-mode', 'verify_none', 'echo helloworld'])}
+
+        it "validates the server when the ssl transport is used and the :ca_trust_file option is specified even if the :winrm_ssl_verify_mode option is set to :verify_none" do
+          expect(Chef::Knife::WinrmSession).to receive(:new).with(hash_including(:transport => :ssl)).and_call_original
+          expect(WinRM::WinRMWebService).to receive(:new).with(anything, anything, hash_including(:no_ssl_peer_verification => false)).and_return(@winrm_session)
+          winrm_command_ca_trust.configure_chef
+          winrm_command_ca_trust.configure_session
+        end
+      end
+    end
+  end
+
+  describe "#run" do
+    let(:session_opts) do
+      {
+        user: ".\\testuser",
+        password: "testpassword", 
+        port: "5985",
+        transport: :plaintext,
+        host: "localhost"
+      }
+    end
+    let(:session) { Chef::Knife::WinrmSession.new(session_opts) }
+    
+    before(:each) do
+      allow(Chef::Knife::WinrmSession).to receive(:new).and_return(session)
+      Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+      @winrm = Chef::Knife::Winrm.new(['-m', 'localhost', '-x', 'testuser', '-P', 'testpassword', '--winrm-authentication-protocol', 'basic', 'echo helloworld'])
+    end
+
+    it "returns with 0 if the command succeeds" do
+      allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      return_code = @winrm.run
+      expect(return_code).to be_zero
+    end
+
+    it "exits with exact exit status if the command fails and returns config is set to 0" do
+      command_status = 510
+
+      @winrm.config[:returns] = "0"
+      Chef::Config[:knife][:returns] = [0]
+
+      allow(@winrm).to receive(:relay_winrm_command)
+      allow(@winrm.ui).to receive(:error)
+      allow(session).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+
+    it "exits with non-zero status if the command fails and returns config is set to 0" do
+      command_status = 1
+      @winrm.config[:returns] = "0,53"
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      allow(@winrm.ui).to receive(:error)
+      allow(session).to receive(:exit_code).and_return(command_status)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(command_status) }
+    end
+
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      Chef::Config[:knife][:returns] = [0,53]
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      allow(session).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+
+    it "exits with a zero status if the command returns an expected non-zero status" do
+      command_status = 53
+      @winrm.config[:returns] = '0,53'
+      allow(@winrm).to receive(:relay_winrm_command).and_return(command_status)
+      allow(session).to receive(:exit_codes).and_return({"thishost" => command_status})
+      exit_code = @winrm.run
+      expect(exit_code).to be_zero
+    end
+
+    it "exits with 100 and no hint if command execution raises an exception other than 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '500'))
+      allow(@winrm.ui).to receive(:error)
+      expect(@winrm.ui).to_not receive(:info)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+
+    it "exits with 100 if command execution raises a 401" do
+      allow(@winrm).to receive(:relay_winrm_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:info)
+      allow(@winrm.ui).to receive(:error)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(100) }
+    end
+
+    it "exits with 401 if command execution raises a 401 and suppress_auth_failure is set to true" do
+      @winrm.config[:suppress_auth_failure] = true
+      allow(session).to receive(:relay_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit) { |e| expect(e.status).to eq(401) }
+    end
+
+    it "prints a hint on failure for negotiate authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "negotiate"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(Chef::Platform).to receive(:windows?).and_return(true)
+      allow(session).to receive(:relay_command).and_raise(WinRM::WinRMAuthorizationError.new)
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_NOT_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+
+    it "prints a hint on failure for basic authentication" do
+      @winrm.config[:winrm_authentication_protocol] = "basic"
+      @winrm.config[:winrm_transport] = "plaintext"
+      allow(session).to receive(:relay_command).and_raise(WinRM::WinRMHTTPTransportError.new('', '401'))
+      allow(@winrm.ui).to receive(:error)
+      allow(@winrm.ui).to receive(:info)
+      expect(@winrm.ui).to receive(:info).with(Chef::Knife::Winrm::FAILED_BASIC_HINT)
+      expect { @winrm.run_with_pretty_exceptions }.to raise_error(SystemExit)
+    end
+
+    context "when winrm_authentication_protocol specified" do
+      before do
+        Chef::Config[:knife] = {:winrm_transport => 'plaintext'}
+        allow(@winrm).to receive(:relay_winrm_command).and_return(0)
+      end
+
+      it "sets sspinegotiate transport on windows for 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        allow(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+          expect(opts[:disable_sspi]).to be(false)
+          expect(opts[:transport]).to be(:sspinegotiate)
+        end.and_return(session)
+        @winrm.run
+      end
+
+      it "does not have winrm opts transport set to sspinegotiate for unix" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        allow(@winrm).to receive(:exit)
+        allow(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+          expect(opts[:disable_sspi]).to be(true)
+          expect(opts[:transport]).to be(:plaintext)
+        end.and_return(session)
+        @winrm.run
+      end
+
+      it "disables sspi and skips the winrm monkey patch for 'ssl' transport and 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        @winrm.config[:winrm_transport] = "ssl"
+        @winrm.config[:winrm_port] = "5986"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        allow(Chef::Knife::WinrmSession).to receive(:new) do |opts|
+          expect(opts[:port]).to be(@winrm.config[:winrm_port])
+          expect(opts[:transport]).to be(:ssl)
+          expect(opts[:disable_sspi]).to be(true)
+          expect(opts[:basic_auth_only]).to be(true)
+        end.and_return(session)
+        @winrm.run
+      end
+
+      it "applies winrm monkey patch on windows if 'negotiate' authentication and 'plaintext' transport is specified", :windows_only => true do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        allow(@winrm.ui).to receive(:warn)
+        @winrm.run
+      end
+
+      it "raises an error if value is other than [basic, negotiate, kerberos]" do
+        @winrm.config[:winrm_authentication_protocol] = "invalid"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        expect(@winrm.ui).to receive(:error)
+        expect { @winrm.run }.to raise_error(SystemExit)
+      end
+
+      it "skips the winrm monkey patch for 'basic' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "basic"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+
+      it "skips the winrm monkey patch for 'kerberos' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "kerberos"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+
+      it "skips the winrm monkey patch for 'ssl' transport and 'negotiate' authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "ssl"
+        allow(Chef::Platform).to receive(:windows?).and_return(true)
+        @winrm.run
+      end
+
+      it "prints a warning on linux for unencrypted negotiate authentication" do
+        @winrm.config[:winrm_authentication_protocol] = "negotiate"
+        @winrm.config[:winrm_transport] = "plaintext"
+        allow(Chef::Platform).to receive(:windows?).and_return(false)
+        expect(@winrm.ui).to receive(:warn).once
+        expect { @winrm.run }.to_not raise_error(SystemExit)
+      end
+    end
+  end
+end