knife-windows 1.5.0 → 1.6.0

data/lib/chef/knife/bootstrap_windows_ssh.rb

@@ -1,115 +1,116 @@
-#
-# Author:: Seth Chisamore (<schisamo@chef.io>)
-# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'chef/knife/bootstrap_windows_base'
-
-class Chef
-  class Knife
-    class BootstrapWindowsSsh < Bootstrap
-
-      include Chef::Knife::BootstrapWindowsBase
-
-      deps do
-        require 'chef/knife/core/windows_bootstrap_context'
-        require 'chef/json_compat'
-        require 'tempfile'
-        require 'highline'
-        require 'net/ssh'
-        require 'net/ssh/multi'
-        Chef::Knife::Ssh.load_deps
-      end
-
-      banner "knife bootstrap windows ssh FQDN (options)"
-
-      option :ssh_user,
-        :short => "-x USERNAME",
-        :long => "--ssh-user USERNAME",
-        :description => "The ssh username",
-        :default => "root"
-
-      option :ssh_password,
-        :short => "-P PASSWORD",
-        :long => "--ssh-password PASSWORD",
-        :description => "The ssh password"
-
-      option :ssh_port,
-        :short => "-p PORT",
-        :long => "--ssh-port PORT",
-        :description => "The ssh port",
-        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_port] = key.strip }
-
-      option :ssh_gateway,
-        :short => "-G GATEWAY",
-        :long => "--ssh-gateway GATEWAY",
-        :description => "The ssh gateway",
-        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
-
-      option :forward_agent,
-        :short => "-A",
-        :long => "--forward-agent",
-        :description => "Enable SSH agent forwarding",
-        :boolean => true
-
-      option :identity_file,
-        :long => "--identity-file IDENTITY_FILE",
-        :description => "The SSH identity file used for authentication. [DEPRECATED] Use --ssh-identity-file instead."
-
-      option :ssh_identity_file,
-        :short => "-i IDENTITY_FILE",
-        :long => "--ssh-identity-file IDENTITY_FILE",
-        :description => "The SSH identity file used for authentication"
-
-      # DEPR: Remove this option for the next release.
-      option :host_key_verification,
-        :long => "--[no-]host-key-verify",
-        :description => "Verify host key, enabled by default. [DEPRECATED] Use --host-key-verify option instead.",
-        :boolean => true,
-        :default => true,
-        :proc => Proc.new { |key|
-          Chef::Log.warn("[DEPRECATED] --host-key-verification option is deprecated. Use --host-key-verify option instead.")
-          config[:host_key_verify] = key
-        }
-
-      option :host_key_verify,
-        :long => "--[no-]host-key-verify",
-        :description => "Verify host key, enabled by default.",
-        :boolean => true,
-        :default => true
-
-      def run
-        bootstrap
-      end
-
-      def run_command(command = '')
-        ssh = Chef::Knife::Ssh.new
-        ssh.name_args = [ server_name, command ]
-        ssh.config[:ssh_user] = locate_config_value(:ssh_user)
-        ssh.config[:ssh_password] = locate_config_value(:ssh_password)
-        ssh.config[:ssh_port] = locate_config_value(:ssh_port)
-        ssh.config[:ssh_gateway] =  locate_config_value(:ssh_gateway)
-        ssh.config[:identity_file] = config[:identity_file]
-        ssh.config[:ssh_identity_file] = config[:ssh_identity_file] || config[:identity_file]
-        ssh.config[:forward_agent] = config[:forward_agent]
-        ssh.config[:manual] = true
-        ssh.config[:host_key_verify] = config[:host_key_verify]
-        ssh.run
-      end
-
-    end
-  end
-end
+#
+# Author:: Seth Chisamore (<schisamo@chef.io>)
+# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/bootstrap_windows_base'
+
+class Chef
+  class Knife
+    class BootstrapWindowsSsh < Bootstrap
+
+      include Chef::Knife::BootstrapWindowsBase
+
+      deps do
+        require 'chef/knife/core/windows_bootstrap_context'
+        require 'chef/json_compat'
+        require 'tempfile'
+        require 'highline'
+        require 'net/ssh'
+        require 'net/ssh/multi'
+        Chef::Knife::Ssh.load_deps
+      end
+
+      banner "knife bootstrap windows ssh FQDN (options)"
+
+      option :ssh_user,
+        :short => "-x USERNAME",
+        :long => "--ssh-user USERNAME",
+        :description => "The ssh username",
+        :default => "root"
+
+      option :ssh_password,
+        :short => "-P PASSWORD",
+        :long => "--ssh-password PASSWORD",
+        :description => "The ssh password"
+
+      option :ssh_port,
+        :short => "-p PORT",
+        :long => "--ssh-port PORT",
+        :description => "The ssh port",
+        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_port] = key.strip }
+
+      option :ssh_gateway,
+        :short => "-G GATEWAY",
+        :long => "--ssh-gateway GATEWAY",
+        :description => "The ssh gateway",
+        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_gateway] = key }
+
+      option :forward_agent,
+        :short => "-A",
+        :long => "--forward-agent",
+        :description => "Enable SSH agent forwarding",
+        :boolean => true
+
+      option :identity_file,
+        :long => "--identity-file IDENTITY_FILE",
+        :description => "The SSH identity file used for authentication. [DEPRECATED] Use --ssh-identity-file instead."
+
+      option :ssh_identity_file,
+        :short => "-i IDENTITY_FILE",
+        :long => "--ssh-identity-file IDENTITY_FILE",
+        :description => "The SSH identity file used for authentication"
+
+      # DEPR: Remove this option for the next release.
+      option :host_key_verification,
+        :long => "--[no-]host-key-verify",
+        :description => "Verify host key, enabled by default. [DEPRECATED] Use --host-key-verify option instead.",
+        :boolean => true,
+        :default => true,
+        :proc => Proc.new { |key|
+          Chef::Log.warn("[DEPRECATED] --host-key-verification option is deprecated. Use --host-key-verify option instead.")
+          config[:host_key_verify] = key
+        }
+
+      option :host_key_verify,
+        :long => "--[no-]host-key-verify",
+        :description => "Verify host key, enabled by default.",
+        :boolean => true,
+        :default => true
+
+      def run
+        validate_name_args!
+        bootstrap
+      end
+
+      def run_command(command = '')
+        ssh = Chef::Knife::Ssh.new
+        ssh.name_args = [ server_name, command ]
+        ssh.config[:ssh_user] = locate_config_value(:ssh_user)
+        ssh.config[:ssh_password] = locate_config_value(:ssh_password)
+        ssh.config[:ssh_port] = locate_config_value(:ssh_port)
+        ssh.config[:ssh_gateway] =  locate_config_value(:ssh_gateway)
+        ssh.config[:identity_file] = config[:identity_file]
+        ssh.config[:ssh_identity_file] = config[:ssh_identity_file] || config[:identity_file]
+        ssh.config[:forward_agent] = config[:forward_agent]
+        ssh.config[:manual] = true
+        ssh.config[:host_key_verify] = config[:host_key_verify]
+        ssh.run
+      end
+
+    end
+  end
+end

data/lib/chef/knife/bootstrap_windows_winrm.rb

@@ -1,95 +1,102 @@
-#
-# Author:: Seth Chisamore (<schisamo@chef.io>)
-# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'chef/knife/bootstrap_windows_base'
-require 'chef/knife/winrm'
-require 'chef/knife/winrm_base'
-require 'chef/knife/winrm_knife_base'
-
-
-class Chef
-  class Knife
-    class BootstrapWindowsWinrm < Bootstrap
-
-      include Chef::Knife::BootstrapWindowsBase
-      include Chef::Knife::WinrmBase
-      include Chef::Knife::WinrmCommandSharedFunctions
-
-      deps do
-        require 'chef/knife/core/windows_bootstrap_context'
-        require 'chef/json_compat'
-        require 'tempfile'
-        Chef::Knife::Winrm.load_deps
-      end
-
-      banner 'knife bootstrap windows winrm FQDN (options)'
-
-      def run
-        if (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
-          if !negotiate_auth? && !(locate_config_value(:winrm_transport) == 'ssl')
-            ui.error('Validatorless bootstrap over unsecure winrm channels could expose your key to network sniffing')
-            exit 1
-          end
-        end
-
-        config[:manual] = true
-        configure_session
-
-        bootstrap
-      end
-
-      protected
-
-      def wait_for_remote_response(wait_max_minutes)
-        wait_max_seconds = wait_max_minutes * 60
-        retry_interval_seconds = 10
-        retries_left = wait_max_seconds / retry_interval_seconds
-        print(ui.color("\nWaiting for remote response before bootstrap", :magenta))
-        wait_start_time = Time.now
-        begin
-          print(".")
-          # Return status of the command is non-zero, typically nil,
-          # for our simple echo command in cases where run_command
-          # swallows the exception, such as 401's. Treat such cases
-          # the same as the case where we encounter an exception.
-          status = run_command("echo . & echo Response received.")
-          raise RuntimeError, 'Command execution failed.' if status != 0
-          ui.info(ui.color("Remote node responded after #{elapsed_time_in_minutes(wait_start_time)} minutes.", :magenta))
-          return
-        rescue Errno::ECONNREFUSED => e
-          ui.error("Connection refused connecting to #{locate_config_value(:server_name)}:#{locate_config_value(:winrm_port)}.")
-          raise
-        rescue Exception => e
-          retries_left -= 1
-          if retries_left <= 0 || (elapsed_time_in_minutes(wait_start_time) > wait_max_minutes)
-            ui.error("No response received from remote node after #{elapsed_time_in_minutes(wait_start_time)} minutes, giving up.")
-            ui.error("Exception: #{e.message}")
-            raise
-          end
-          print '.'
-          sleep retry_interval_seconds
-          retry
-        end
-      end
-
-      def elapsed_time_in_minutes(start_time)
-        ((Time.now - start_time) / 60).round(2)
-      end
-    end
-  end
-end
+#
+# Author:: Seth Chisamore (<schisamo@chef.io>)
+# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/bootstrap_windows_base'
+require 'chef/knife/winrm'
+require 'chef/knife/winrm_base'
+require 'chef/knife/winrm_knife_base'
+
+
+class Chef
+  class Knife
+    class BootstrapWindowsWinrm < Bootstrap
+
+      include Chef::Knife::BootstrapWindowsBase
+      include Chef::Knife::WinrmBase
+      include Chef::Knife::WinrmCommandSharedFunctions
+
+      deps do
+        require 'chef/knife/core/windows_bootstrap_context'
+        require 'chef/json_compat'
+        require 'tempfile'
+        Chef::Knife::Winrm.load_deps
+      end
+
+      banner 'knife bootstrap windows winrm FQDN (options)'
+
+      def run
+        validate_name_args!
+
+        if (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
+          if !negotiate_auth? && !(locate_config_value(:winrm_transport) == 'ssl')
+            ui.error('Validatorless bootstrap over unsecure winrm channels could expose your key to network sniffing')
+            exit 1
+          end
+        end
+
+        unless locate_config_value(:winrm_shell) == :cmd
+          ui.warn("The cmd shell is the only valid winrm-shell for 'knife bootstrap windows winrm'. Switching to the cmd shell.")
+          config[:winrm_shell] = :cmd
+        end
+
+        config[:manual] = true
+        configure_session
+
+        bootstrap
+      end
+
+      protected
+
+      def wait_for_remote_response(wait_max_minutes)
+        wait_max_seconds = wait_max_minutes * 60
+        retry_interval_seconds = 10
+        retries_left = wait_max_seconds / retry_interval_seconds
+        print(ui.color("\nWaiting for remote response before bootstrap", :magenta))
+        wait_start_time = Time.now
+        begin
+          print(".")
+          # Return status of the command is non-zero, typically nil,
+          # for our simple echo command in cases where run_command
+          # swallows the exception, such as 401's. Treat such cases
+          # the same as the case where we encounter an exception.
+          status = run_command("echo . & echo Response received.")
+          raise RuntimeError, 'Command execution failed.' if status != 0
+          ui.info(ui.color("Remote node responded after #{elapsed_time_in_minutes(wait_start_time)} minutes.", :magenta))
+          return
+        rescue Errno::ECONNREFUSED => e
+          ui.error("Connection refused connecting to #{locate_config_value(:server_name)}:#{locate_config_value(:winrm_port)}.")
+          raise
+        rescue Exception => e
+          retries_left -= 1
+          if retries_left <= 0 || (elapsed_time_in_minutes(wait_start_time) > wait_max_minutes)
+            ui.error("No response received from remote node after #{elapsed_time_in_minutes(wait_start_time)} minutes, giving up.")
+            ui.error("Exception: #{e.message}")
+            raise
+          end
+          print '.'
+          sleep retry_interval_seconds
+          retry
+        end
+      end
+
+      def elapsed_time_in_minutes(start_time)
+        ((Time.now - start_time) / 60).round(2)
+      end
+    end
+  end
+end

data/lib/chef/knife/core/windows_bootstrap_context.rb

@@ -1,378 +1,378 @@
-#
-# Author:: Seth Chisamore (<schisamo@chef.io>)
-# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require 'chef/knife/core/bootstrap_context'
-
-# Chef::Util::PathHelper in Chef 11 is a bit juvenile still
-require 'knife-windows/path_helper'
-# require 'chef/util/path_helper'
-
-
-class Chef
-  class Knife
-    module Core
-      # Instances of BootstrapContext are the context objects (i.e., +self+) for
-      # bootstrap templates. For backwards compatability, they +must+ set the
-      # following instance variables:
-      # * @config   - a hash of knife's config values
-      # * @run_list - the run list for the node to boostrap
-      #
-      class WindowsBootstrapContext < BootstrapContext
-        PathHelper = ::Knife::Windows::PathHelper
-
-        attr_accessor :client_pem
-
-        def initialize(config, run_list, chef_config, secret=nil)
-          @config       = config
-          @run_list     = run_list
-          @chef_config  = chef_config
-          @secret       = secret
-          # Compatibility with Chef 12 and Chef 11 versions
-          begin
-            # Pass along the secret parameter for Chef 12
-            super(config, run_list, chef_config, secret)
-          rescue ArgumentError
-            # The Chef 11 base class only has parameters for initialize
-            super(config, run_list, chef_config)
-          end
-        end
-
-        def validation_key
-          if File.exist?(File.expand_path(@chef_config[:validation_key]))
-            IO.read(File.expand_path(@chef_config[:validation_key]))
-          else
-            false
-          end
-        end
-
-        def secret
-          escape_and_echo(@config[:secret])
-        end
-
-        def trusted_certs_script
-          @trusted_certs_script ||= trusted_certs_content
-        end
-
-        def config_content
-          client_rb = <<-CONFIG
-log_level        :info
-log_location     STDOUT
-
-chef_server_url  "#{@chef_config[:chef_server_url]}"
-validation_client_name "#{@chef_config[:validation_client_name]}"
-
-file_cache_path   "c:/chef/cache"
-file_backup_path  "c:/chef/backup"
-cache_options     ({:path => "c:/chef/cache/checksums", :skip_expires => true})
-
-CONFIG
-          if @config[:chef_node_name]
-            client_rb << %Q{node_name "#{@config[:chef_node_name]}"\n}
-          else
-            client_rb << "# Using default node name (fqdn)\n"
-          end
-
-          # We configure :verify_api_cert only when it's overridden on the CLI
-          # or when specified in the knife config.
-          if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert)
-            value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert]
-            client_rb << %Q{verify_api_cert #{value}\n}
-          end
-
-          # We configure :ssl_verify_mode only when it's overridden on the CLI
-          # or when specified in the knife config.
-          if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode)
-            value = case @config[:node_ssl_verify_mode]
-            when "peer"
-              :verify_peer
-            when "none"
-              :verify_none
-            when nil
-              knife_config[:ssl_verify_mode]
-            else
-              nil
-            end
-
-            if value
-              client_rb << %Q{ssl_verify_mode :#{value}\n}
-            end
-          end
-
-          if @config[:ssl_verify_mode]
-            client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n}
-          end
-
-          if knife_config[:bootstrap_proxy]
-            client_rb << "\n"
-            client_rb << %Q{http_proxy        "#{knife_config[:bootstrap_proxy]}"\n}
-            client_rb << %Q{https_proxy       "#{knife_config[:bootstrap_proxy]}"\n}
-            client_rb << %Q{no_proxy          "#{knife_config[:bootstrap_no_proxy]}"\n} if knife_config[:bootstrap_no_proxy]
-          end
-
-          if knife_config[:bootstrap_no_proxy]
-            client_rb << %Q{no_proxy       "#{knife_config[:bootstrap_no_proxy]}"\n}
-          end
-
-          if @config[:secret]
-            client_rb << %Q{encrypted_data_bag_secret "c:/chef/encrypted_data_bag_secret"\n}
-          end
-
-          unless trusted_certs_script.empty?
-            client_rb << %Q{trusted_certs_dir "c:/chef/trusted_certs"\n}
-          end
-
-          if Chef::Config[:fips]
-            client_rb << <<-CONFIG
-fips true
-chef_version = ::Chef::VERSION.split(".")
-unless chef_version[0].to_i > 12 || (chef_version[0].to_i == 12 && chef_version[1].to_i >= 8)
-  raise "FIPS Mode requested but not supported by this client"
-end
-CONFIG
-          end
-
-          escape_and_echo(client_rb)
-        end
-
-        def start_chef
-          bootstrap_environment_option = bootstrap_environment.nil? ? '' : " -E #{bootstrap_environment}"
-          start_chef = "SET \"PATH=%PATH%;C:\\ruby\\bin;C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin\"\n"
-          start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json#{bootstrap_environment_option}\n"
-        end
-
-        def latest_current_windows_chef_version_query
-          installer_version_string = nil
-          if @config[:prerelease]
-            installer_version_string = "&prerelease=true"
-          else
-            chef_version_string = if knife_config[:bootstrap_version]
-              knife_config[:bootstrap_version]
-            else
-              Chef::VERSION.split(".").first
-            end
-
-            installer_version_string = "&v=#{chef_version_string}"
-
-            # If bootstrapping a pre-release version add the prerelease query string
-            if chef_version_string.split(".").length > 3
-              installer_version_string << "&prerelease=true"
-            end
-          end
-
-          installer_version_string
-        end
-
-        def win_wget
-          # I tried my best to figure out how to properly url decode and switch / to \
-          # but this is VBScript - so I don't really care that badly.
-          win_wget = <<-WGET
-url = WScript.Arguments.Named("url")
-path = WScript.Arguments.Named("path")
-proxy = null
-'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
-'* / into \.  Also assume that file:/// is a local absolute path and that file://<foo>
-'* is possibly a network file path.
-If InStr(url, "file://") = 1 Then
-url = Unescape(url)
-If InStr(url, "file:///") = 1 Then
-sourcePath = Mid(url, Len("file:///") + 1)
-Else
-sourcePath = Mid(url, Len("file:") + 1)
-End If
-sourcePath = Replace(sourcePath, "/", "\\")
-
-Set objFSO = CreateObject("Scripting.FileSystemObject")
-If objFSO.Fileexists(path) Then objFSO.DeleteFile path
-objFSO.CopyFile sourcePath, path, true
-Set objFSO = Nothing
-
-Else
-Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
-Set wshShell = CreateObject( "WScript.Shell" )
-Set objUserVariables = wshShell.Environment("USER")
-
-rem http proxy is optional
-rem attempt to read from HTTP_PROXY env var first
-On Error Resume Next
-
-If NOT (objUserVariables("HTTP_PROXY") = "") Then
-proxy = objUserVariables("HTTP_PROXY")
-
-rem fall back to named arg
-ElseIf NOT (WScript.Arguments.Named("proxy") = "") Then
-proxy = WScript.Arguments.Named("proxy")
-End If
-
-If NOT isNull(proxy) Then
-rem setProxy method is only available on ServerXMLHTTP 6.0+
-Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
-objXMLHTTP.setProxy 2, proxy
-End If
-
-On Error Goto 0
-
-objXMLHTTP.open "GET", url, false
-objXMLHTTP.send()
-If objXMLHTTP.Status = 200 Then
-Set objADOStream = CreateObject("ADODB.Stream")
-objADOStream.Open
-objADOStream.Type = 1
-objADOStream.Write objXMLHTTP.ResponseBody
-objADOStream.Position = 0
-Set objFSO = Createobject("Scripting.FileSystemObject")
-If objFSO.Fileexists(path) Then objFSO.DeleteFile path
-Set objFSO = Nothing
-objADOStream.SaveToFile path
-objADOStream.Close
-Set objADOStream = Nothing
-End If
-Set objXMLHTTP = Nothing
-End If
-WGET
-          escape_and_echo(win_wget)
-        end
-
-        def win_wget_ps
-          win_wget_ps = <<-WGET_PS
-param(
-   [String] $remoteUrl,
-   [String] $localPath
-)
-
-$ProxyUrl = $env:http_proxy;
-$webClient = new-object System.Net.WebClient;
-
-if ($ProxyUrl -ne '') {
-  $WebProxy = New-Object System.Net.WebProxy($ProxyUrl,$true)
-  $WebClient.Proxy = $WebProxy
-}
-
-$webClient.DownloadFile($remoteUrl, $localPath);
-WGET_PS
-
-          escape_and_echo(win_wget_ps)
-        end
-
-        def install_chef
-          # The normal install command uses regular double quotes in
-          # the install command, so request such a string from install_command
-          install_chef = install_command('"') + "\n" + fallback_install_task_command
-        end
-
-        def bootstrap_directory
-          bootstrap_directory = "C:\\chef"
-        end
-
-        def local_download_path
-          local_download_path = "%TEMP%\\chef-client-latest.msi"
-        end
-
-        def msi_url(machine_os=nil, machine_arch=nil, download_context=nil)
-          # The default msi path has a number of url query parameters - we attempt to substitute
-          # such parameters in as long as they are provided by the template.
-
-          if @config[:msi_url].nil? || @config[:msi_url].empty?
-            url = "https://www.chef.io/chef/download?p=windows"
-            url += "&pv=#{machine_os}" unless machine_os.nil?
-            url += "&m=#{machine_arch}" unless machine_arch.nil?
-            url += "&DownloadContext=#{download_context}" unless download_context.nil?
-            url += latest_current_windows_chef_version_query
-          else
-            @config[:msi_url]
-          end
-        end
-
-        def first_boot
-          escape_and_echo(super.to_json)
-        end
-
-        # escape WIN BATCH special chars
-        # and prefixes each line with an
-        # echo
-        def escape_and_echo(file_contents)
-          file_contents.gsub(/^(.*)$/, 'echo.\1').gsub(/([(<|>)^])/, '^\1')
-        end
-
-        private
-
-        def install_command(executor_quote)
-          if @config[:install_as_service]
-            "msiexec /qn /log #{executor_quote}%CHEF_CLIENT_MSI_LOG_PATH%#{executor_quote} /i #{executor_quote}%LOCAL_DESTINATION_MSI_PATH%#{executor_quote} ADDLOCAL=#{executor_quote}ChefClientFeature,ChefServiceFeature#{executor_quote}"
-          else
-            "msiexec /qn /log #{executor_quote}%CHEF_CLIENT_MSI_LOG_PATH%#{executor_quote} /i #{executor_quote}%LOCAL_DESTINATION_MSI_PATH%#{executor_quote}"
-          end
-        end
-
-        # Returns a string for copying the trusted certificates on the workstation to the system being bootstrapped
-        # This string should contain both the commands necessary to both create the files, as well as their content
-        def trusted_certs_content
-          content = ""
-          if @chef_config[:trusted_certs_dir]
-            Dir.glob(File.join(PathHelper.escape_glob(@chef_config[:trusted_certs_dir]), "*.{crt,pem}")).each do |cert|
-              content << "> #{bootstrap_directory}/trusted_certs/#{File.basename(cert)} (\n" +
-                         escape_and_echo(IO.read(File.expand_path(cert))) + "\n)\n"
-            end
-          end
-          content
-        end
-
-        def fallback_install_task_command
-          # This command will be executed by schtasks.exe in the batch
-          # code below. To handle tasks that contain arguments that
-          # need to be double quoted, schtasks allows the use of single
-          # quotes that will later be converted to double quotes
-          command = install_command('\'')
-<<-EOH
-          @set MSIERRORCODE=!ERRORLEVEL!
-          @if ERRORLEVEL 1 (
-              @echo WARNING: Failed to install Chef Client MSI package in remote context with status code !MSIERRORCODE!.
-              @echo WARNING: This may be due to a defect in operating system update KB2918614: http://support.microsoft.com/kb/2918614
-              @set OLDLOGLOCATION="%CHEF_CLIENT_MSI_LOG_PATH%-fail.log"
-              @move "%CHEF_CLIENT_MSI_LOG_PATH%" "!OLDLOGLOCATION!" > NUL
-              @echo WARNING: Saving installation log of failure at !OLDLOGLOCATION!
-              @echo WARNING: Retrying installation with local context...
-              @schtasks /create /f  /sc once /st 00:00:00 /tn chefclientbootstraptask /ru SYSTEM /rl HIGHEST /tr \"cmd /c #{command} & sleep 2 & waitfor /s %computername% /si chefclientinstalldone\"
-
-              @if ERRORLEVEL 1 (
-                  @echo ERROR: Failed to create Chef Client installation scheduled task with status code !ERRORLEVEL! > "&2"
-              ) else (
-                  @echo Successfully created scheduled task to install Chef Client.
-                  @schtasks /run /tn chefclientbootstraptask
-                  @if ERRORLEVEL 1 (
-                      @echo ERROR: Failed to execut Chef Client installation scheduled task with status code !ERRORLEVEL!. > "&2"
-                  ) else (
-                      @echo Successfully started Chef Client installation scheduled task.
-                      @echo Waiting for installation to complete -- this may take a few minutes...
-                      waitfor chefclientinstalldone /t 600
-                      if ERRORLEVEL 1 (
-                          @echo ERROR: Timed out waiting for Chef Client package to install
-                      ) else (
-                          @echo Finished waiting for Chef Client package to install.
-                      )
-                      @schtasks /delete /f /tn chefclientbootstraptask > NUL
-                  )
-              )
-          ) else (
-              @echo Successfully installed Chef Client package.
-          )
-EOH
-        end
-      end
-    end
-  end
-end
+#
+# Author:: Seth Chisamore (<schisamo@chef.io>)
+# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/core/bootstrap_context'
+
+# Chef::Util::PathHelper in Chef 11 is a bit juvenile still
+require 'knife-windows/path_helper'
+# require 'chef/util/path_helper'
+
+
+class Chef
+  class Knife
+    module Core
+      # Instances of BootstrapContext are the context objects (i.e., +self+) for
+      # bootstrap templates. For backwards compatability, they +must+ set the
+      # following instance variables:
+      # * @config   - a hash of knife's config values
+      # * @run_list - the run list for the node to boostrap
+      #
+      class WindowsBootstrapContext < BootstrapContext
+        PathHelper = ::Knife::Windows::PathHelper
+
+        attr_accessor :client_pem
+
+        def initialize(config, run_list, chef_config, secret=nil)
+          @config       = config
+          @run_list     = run_list
+          @chef_config  = chef_config
+          @secret       = secret
+          # Compatibility with Chef 12 and Chef 11 versions
+          begin
+            # Pass along the secret parameter for Chef 12
+            super(config, run_list, chef_config, secret)
+          rescue ArgumentError
+            # The Chef 11 base class only has parameters for initialize
+            super(config, run_list, chef_config)
+          end
+        end
+
+        def validation_key
+          if File.exist?(File.expand_path(@chef_config[:validation_key]))
+            IO.read(File.expand_path(@chef_config[:validation_key]))
+          else
+            false
+          end
+        end
+
+        def secret
+          escape_and_echo(@config[:secret])
+        end
+
+        def trusted_certs_script
+          @trusted_certs_script ||= trusted_certs_content
+        end
+
+        def config_content
+          client_rb = <<-CONFIG
+log_level        :info
+log_location     STDOUT
+
+chef_server_url  "#{@chef_config[:chef_server_url]}"
+validation_client_name "#{@chef_config[:validation_client_name]}"
+
+file_cache_path   "c:/chef/cache"
+file_backup_path  "c:/chef/backup"
+cache_options     ({:path => "c:/chef/cache/checksums", :skip_expires => true})
+
+CONFIG
+          if @config[:chef_node_name]
+            client_rb << %Q{node_name "#{@config[:chef_node_name]}"\n}
+          else
+            client_rb << "# Using default node name (fqdn)\n"
+          end
+
+          # We configure :verify_api_cert only when it's overridden on the CLI
+          # or when specified in the knife config.
+          if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert)
+            value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert]
+            client_rb << %Q{verify_api_cert #{value}\n}
+          end
+
+          # We configure :ssl_verify_mode only when it's overridden on the CLI
+          # or when specified in the knife config.
+          if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode)
+            value = case @config[:node_ssl_verify_mode]
+            when "peer"
+              :verify_peer
+            when "none"
+              :verify_none
+            when nil
+              knife_config[:ssl_verify_mode]
+            else
+              nil
+            end
+
+            if value
+              client_rb << %Q{ssl_verify_mode :#{value}\n}
+            end
+          end
+
+          if @config[:ssl_verify_mode]
+            client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n}
+          end
+
+          if knife_config[:bootstrap_proxy]
+            client_rb << "\n"
+            client_rb << %Q{http_proxy        "#{knife_config[:bootstrap_proxy]}"\n}
+            client_rb << %Q{https_proxy       "#{knife_config[:bootstrap_proxy]}"\n}
+            client_rb << %Q{no_proxy          "#{knife_config[:bootstrap_no_proxy]}"\n} if knife_config[:bootstrap_no_proxy]
+          end
+
+          if knife_config[:bootstrap_no_proxy]
+            client_rb << %Q{no_proxy       "#{knife_config[:bootstrap_no_proxy]}"\n}
+          end
+
+          if @config[:secret]
+            client_rb << %Q{encrypted_data_bag_secret "c:/chef/encrypted_data_bag_secret"\n}
+          end
+
+          unless trusted_certs_script.empty?
+            client_rb << %Q{trusted_certs_dir "c:/chef/trusted_certs"\n}
+          end
+
+          if Chef::Config[:fips]
+            client_rb << <<-CONFIG
+fips true
+chef_version = ::Chef::VERSION.split(".")
+unless chef_version[0].to_i > 12 || (chef_version[0].to_i == 12 && chef_version[1].to_i >= 8)
+  raise "FIPS Mode requested but not supported by this client"
+end
+CONFIG
+          end
+
+          escape_and_echo(client_rb)
+        end
+
+        def start_chef
+          bootstrap_environment_option = bootstrap_environment.nil? ? '' : " -E #{bootstrap_environment}"
+          start_chef = "SET \"PATH=%PATH%;C:\\ruby\\bin;C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin\"\n"
+          start_chef << "chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json#{bootstrap_environment_option}\n"
+        end
+
+        def latest_current_windows_chef_version_query
+          installer_version_string = nil
+          if @config[:prerelease]
+            installer_version_string = "&prerelease=true"
+          else
+            chef_version_string = if knife_config[:bootstrap_version]
+              knife_config[:bootstrap_version]
+            else
+              Chef::VERSION.split(".").first
+            end
+
+            installer_version_string = "&v=#{chef_version_string}"
+
+            # If bootstrapping a pre-release version add the prerelease query string
+            if chef_version_string.split(".").length > 3
+              installer_version_string << "&prerelease=true"
+            end
+          end
+
+          installer_version_string
+        end
+
+        def win_wget
+          # I tried my best to figure out how to properly url decode and switch / to \
+          # but this is VBScript - so I don't really care that badly.
+          win_wget = <<-WGET
+url = WScript.Arguments.Named("url")
+path = WScript.Arguments.Named("path")
+proxy = null
+'* Vaguely attempt to handle file:// scheme urls by url unescaping and switching all
+'* / into \.  Also assume that file:/// is a local absolute path and that file://<foo>
+'* is possibly a network file path.
+If InStr(url, "file://") = 1 Then
+url = Unescape(url)
+If InStr(url, "file:///") = 1 Then
+sourcePath = Mid(url, Len("file:///") + 1)
+Else
+sourcePath = Mid(url, Len("file:") + 1)
+End If
+sourcePath = Replace(sourcePath, "/", "\\")
+
+Set objFSO = CreateObject("Scripting.FileSystemObject")
+If objFSO.Fileexists(path) Then objFSO.DeleteFile path
+objFSO.CopyFile sourcePath, path, true
+Set objFSO = Nothing
+
+Else
+Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")
+Set wshShell = CreateObject( "WScript.Shell" )
+Set objUserVariables = wshShell.Environment("USER")
+
+rem http proxy is optional
+rem attempt to read from HTTP_PROXY env var first
+On Error Resume Next
+
+If NOT (objUserVariables("HTTP_PROXY") = "") Then
+proxy = objUserVariables("HTTP_PROXY")
+
+rem fall back to named arg
+ElseIf NOT (WScript.Arguments.Named("proxy") = "") Then
+proxy = WScript.Arguments.Named("proxy")
+End If
+
+If NOT isNull(proxy) Then
+rem setProxy method is only available on ServerXMLHTTP 6.0+
+Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
+objXMLHTTP.setProxy 2, proxy
+End If
+
+On Error Goto 0
+
+objXMLHTTP.open "GET", url, false
+objXMLHTTP.send()
+If objXMLHTTP.Status = 200 Then
+Set objADOStream = CreateObject("ADODB.Stream")
+objADOStream.Open
+objADOStream.Type = 1
+objADOStream.Write objXMLHTTP.ResponseBody
+objADOStream.Position = 0
+Set objFSO = Createobject("Scripting.FileSystemObject")
+If objFSO.Fileexists(path) Then objFSO.DeleteFile path
+Set objFSO = Nothing
+objADOStream.SaveToFile path
+objADOStream.Close
+Set objADOStream = Nothing
+End If
+Set objXMLHTTP = Nothing
+End If
+WGET
+          escape_and_echo(win_wget)
+        end
+
+        def win_wget_ps
+          win_wget_ps = <<-WGET_PS
+param(
+   [String] $remoteUrl,
+   [String] $localPath
+)
+
+$ProxyUrl = $env:http_proxy;
+$webClient = new-object System.Net.WebClient;
+
+if ($ProxyUrl -ne '') {
+  $WebProxy = New-Object System.Net.WebProxy($ProxyUrl,$true)
+  $WebClient.Proxy = $WebProxy
+}
+
+$webClient.DownloadFile($remoteUrl, $localPath);
+WGET_PS
+
+          escape_and_echo(win_wget_ps)
+        end
+
+        def install_chef
+          # The normal install command uses regular double quotes in
+          # the install command, so request such a string from install_command
+          install_chef = install_command('"') + "\n" + fallback_install_task_command
+        end
+
+        def bootstrap_directory
+          bootstrap_directory = "C:\\chef"
+        end
+
+        def local_download_path
+          local_download_path = "%TEMP%\\chef-client-latest.msi"
+        end
+
+        def msi_url(machine_os=nil, machine_arch=nil, download_context=nil)
+          # The default msi path has a number of url query parameters - we attempt to substitute
+          # such parameters in as long as they are provided by the template.
+
+          if @config[:msi_url].nil? || @config[:msi_url].empty?
+            url = "https://www.chef.io/chef/download?p=windows"
+            url += "&pv=#{machine_os}" unless machine_os.nil?
+            url += "&m=#{machine_arch}" unless machine_arch.nil?
+            url += "&DownloadContext=#{download_context}" unless download_context.nil?
+            url += latest_current_windows_chef_version_query
+          else
+            @config[:msi_url]
+          end
+        end
+
+        def first_boot
+          escape_and_echo(super.to_json)
+        end
+
+        # escape WIN BATCH special chars
+        # and prefixes each line with an
+        # echo
+        def escape_and_echo(file_contents)
+          file_contents.gsub(/^(.*)$/, 'echo.\1').gsub(/([(<|>)^])/, '^\1')
+        end
+
+        private
+
+        def install_command(executor_quote)
+          if @config[:install_as_service]
+            "msiexec /qn /log #{executor_quote}%CHEF_CLIENT_MSI_LOG_PATH%#{executor_quote} /i #{executor_quote}%LOCAL_DESTINATION_MSI_PATH%#{executor_quote} ADDLOCAL=#{executor_quote}ChefClientFeature,ChefServiceFeature#{executor_quote}"
+          else
+            "msiexec /qn /log #{executor_quote}%CHEF_CLIENT_MSI_LOG_PATH%#{executor_quote} /i #{executor_quote}%LOCAL_DESTINATION_MSI_PATH%#{executor_quote}"
+          end
+        end
+
+        # Returns a string for copying the trusted certificates on the workstation to the system being bootstrapped
+        # This string should contain both the commands necessary to both create the files, as well as their content
+        def trusted_certs_content
+          content = ""
+          if @chef_config[:trusted_certs_dir]
+            Dir.glob(File.join(PathHelper.escape_glob(@chef_config[:trusted_certs_dir]), "*.{crt,pem}")).each do |cert|
+              content << "> #{bootstrap_directory}/trusted_certs/#{File.basename(cert)} (\n" +
+                         escape_and_echo(IO.read(File.expand_path(cert))) + "\n)\n"
+            end
+          end
+          content
+        end
+
+        def fallback_install_task_command
+          # This command will be executed by schtasks.exe in the batch
+          # code below. To handle tasks that contain arguments that
+          # need to be double quoted, schtasks allows the use of single
+          # quotes that will later be converted to double quotes
+          command = install_command('\'')
+<<-EOH
+          @set MSIERRORCODE=!ERRORLEVEL!
+          @if ERRORLEVEL 1 (
+              @echo WARNING: Failed to install Chef Client MSI package in remote context with status code !MSIERRORCODE!.
+              @echo WARNING: This may be due to a defect in operating system update KB2918614: http://support.microsoft.com/kb/2918614
+              @set OLDLOGLOCATION="%CHEF_CLIENT_MSI_LOG_PATH%-fail.log"
+              @move "%CHEF_CLIENT_MSI_LOG_PATH%" "!OLDLOGLOCATION!" > NUL
+              @echo WARNING: Saving installation log of failure at !OLDLOGLOCATION!
+              @echo WARNING: Retrying installation with local context...
+              @schtasks /create /f  /sc once /st 00:00:00 /tn chefclientbootstraptask /ru SYSTEM /rl HIGHEST /tr \"cmd /c #{command} & sleep 2 & waitfor /s %computername% /si chefclientinstalldone\"
+
+              @if ERRORLEVEL 1 (
+                  @echo ERROR: Failed to create Chef Client installation scheduled task with status code !ERRORLEVEL! > "&2"
+              ) else (
+                  @echo Successfully created scheduled task to install Chef Client.
+                  @schtasks /run /tn chefclientbootstraptask
+                  @if ERRORLEVEL 1 (
+                      @echo ERROR: Failed to execut Chef Client installation scheduled task with status code !ERRORLEVEL!. > "&2"
+                  ) else (
+                      @echo Successfully started Chef Client installation scheduled task.
+                      @echo Waiting for installation to complete -- this may take a few minutes...
+                      waitfor chefclientinstalldone /t 600
+                      if ERRORLEVEL 1 (
+                          @echo ERROR: Timed out waiting for Chef Client package to install
+                      ) else (
+                          @echo Finished waiting for Chef Client package to install.
+                      )
+                      @schtasks /delete /f /tn chefclientbootstraptask > NUL
+                  )
+              )
+          ) else (
+              @echo Successfully installed Chef Client package.
+          )
+EOH
+        end
+      end
+    end
+  end
+end