knife-windows 3.0.6 → 3.0.10

data/lib/chef/knife/windows_cert_install.rb

@@ -15,8 +15,8 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require_relative 'winrm_base'
+require "chef/knife"
+require_relative "winrm_base"
 
 class Chef
   class Knife
@@ -25,9 +25,9 @@ class Chef
       banner "knife windows cert install CERT [CERT] (options)"
 
       option :cert_passphrase,
-        :short => "-cp PASSWORD",
-        :long => "--cert-passphrase PASSWORD",
-        :description => "Password for certificate."
+        short: "-cp PASSWORD",
+        long: "--cert-passphrase PASSWORD",
+        description: "Password for certificate."
 
       def get_cert_passphrase
         print "Enter given certificate's passphrase (empty for no passphrase):"
@@ -48,7 +48,7 @@ class Chef
 
           begin
             ui.info "Adding certificate to the Windows Certificate Store..."
-            result = %x{powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil -importPFX '#{file_path}' AT_KEYEXCHANGE"}
+            result = `powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil -importPFX '#{file_path}' AT_KEYEXCHANGE"`
             if $?.exitstatus == 0
               ui.info "Certificate added to Certificate Store"
             else

data/lib/chef/knife/windows_helper.rb

@@ -16,20 +16,20 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require_relative 'winrm'
-require_relative 'bootstrap_windows_ssh'
-require_relative 'bootstrap_windows_winrm'
-require_relative 'wsman_test'
+require "chef/knife"
+require_relative "winrm"
+require_relative "bootstrap_windows_ssh"
+require_relative "bootstrap_windows_winrm"
+require_relative "wsman_test"
 
 class Chef
   class Knife
     class WindowsHelper < Knife
 
       banner "#{BootstrapWindowsWinrm.banner}\n" +
-              "#{BootstrapWindowsSsh.banner}\n" +
-              "#{Winrm.banner}\n" +
-              "#{WsmanTest.banner}"
+        "#{BootstrapWindowsSsh.banner}\n" +
+        "#{Winrm.banner}\n" +
+        "#{WsmanTest.banner}"
     end
   end
 end

data/lib/chef/knife/windows_listener_create.rb

@@ -15,9 +15,9 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require_relative 'winrm_base'
-require 'openssl'
+require "chef/knife"
+require_relative "winrm_base"
+require "openssl"
 
 class Chef
   class Knife
@@ -26,31 +26,31 @@ class Chef
       banner "knife windows listener create (options)"
 
       option :cert_install,
-        :short => "-c CERT_PATH",
-        :long => "--cert-install CERT_PATH",
-        :description => "Adds specified certificate to the Windows Certificate Store's Local Machine personal store before creating listener."
+        short: "-c CERT_PATH",
+        long: "--cert-install CERT_PATH",
+        description: "Adds specified certificate to the Windows Certificate Store's Local Machine personal store before creating listener."
 
       option :port,
-        :short => "-p PORT",
-        :long => "--port PORT",
-        :description => "Specify port. Default is 5986",
-        :default => "5986"
+        short: "-p PORT",
+        long: "--port PORT",
+        description: "Specify port. Default is 5986",
+        default: "5986"
 
       option :hostname,
-        :short => "-h HOSTNAME",
-        :long => "--hostname HOSTNAME",
-        :description => "Hostname on the listener. Default is blank",
-        :default => ""
+        short: "-h HOSTNAME",
+        long: "--hostname HOSTNAME",
+        description: "Hostname on the listener. Default is blank",
+        default: ""
 
       option :cert_thumbprint,
-        :short => "-t THUMBPRINT",
-        :long => "--cert-thumbprint THUMBPRINT",
-        :description => "Thumbprint of the certificate. Required only if --cert-install option is not used."
+        short: "-t THUMBPRINT",
+        long: "--cert-thumbprint THUMBPRINT",
+        description: "Thumbprint of the certificate. Required only if --cert-install option is not used."
 
       option :cert_passphrase,
-        :short => "-cp PASSWORD",
-        :long => "--cert-passphrase PASSWORD",
-        :description => "Password for certificate."
+        short: "-cp PASSWORD",
+        long: "--cert-passphrase PASSWORD",
+        description: "Password for certificate."
 
       def get_cert_passphrase
         print "Enter given certificate's passphrase (empty for no passphrase):"
@@ -65,10 +65,10 @@ class Chef
           begin
             if config[:cert_install]
               config[:cert_passphrase] = get_cert_passphrase unless config[:cert_passphrase]
-              result = %x{powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil  -importPFX '#{config[:cert_install]}' AT_KEYEXCHANGE"}
+              result = `powershell.exe -Command " '#{config[:cert_passphrase]}' | certutil  -importPFX '#{config[:cert_install]}' AT_KEYEXCHANGE"`
               if $?.exitstatus
                 ui.info "Certificate installed to Certificate Store"
-                result = %x{powershell.exe -Command " echo (Get-PfxCertificate #{config[:cert_install]}).thumbprint "}
+                result = `powershell.exe -Command " echo (Get-PfxCertificate #{config[:cert_install]}).thumbprint "`
                 ui.info "Certificate Thumbprint: #{result}"
                 config[:cert_thumbprint] = result.strip
               else
@@ -83,10 +83,10 @@ class Chef
               exit 1
             end
 
-            result = %x{winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="#{config[:hostname]}";CertificateThumbprint="#{config[:cert_thumbprint]}";Port="#{config[:port]}"}}
+            result = `winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="#{config[:hostname]}";CertificateThumbprint="#{config[:cert_thumbprint]}";Port="#{config[:port]}"}`
             Chef::Log.debug result
 
-            if ($?.exitstatus == 0)
+            if $?.exitstatus == 0
               ui.info "WinRM listener created with Port: #{config[:port]} and CertificateThumbprint: #{config[:cert_thumbprint]}"
             else
               ui.error "Error creating WinRM listener. use -VV for more details."

data/lib/chef/knife/winrm.rb

@@ -16,13 +16,13 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require_relative 'winrm_knife_base'
-require_relative 'windows_cert_generate'
-require_relative 'windows_cert_install'
-require_relative 'windows_listener_create'
-require_relative 'winrm_session'
-require_relative 'knife_windows_base'
+require "chef/knife"
+require_relative "winrm_knife_base"
+require_relative "windows_cert_generate"
+require_relative "windows_cert_install"
+require_relative "windows_listener_create"
+require_relative "winrm_session"
+require_relative "knife_windows_base"
 
 class Chef
   class Knife
@@ -32,8 +32,8 @@ class Chef
       include Chef::Knife::KnifeWindowsBase
 
       deps do
-        require 'readline'
-        require 'chef/search/query'
+        require "readline"
+        require "chef/search/query"
       end
 
       attr_writer :password
@@ -41,9 +41,9 @@ class Chef
       banner "knife winrm QUERY COMMAND (options)"
 
       option :returns,
-       :long => "--returns CODES",
-       :description => "A comma delimited list of return codes which indicate success",
-       :default => "0"
+        long: "--returns CODES",
+        description: "A comma delimited list of return codes which indicate success",
+        default: "0"
 
       def run
         STDOUT.sync = STDERR.sync = true
@@ -78,15 +78,15 @@ class Chef
         puts
         puts "To exit interactive mode, use 'quit!'"
         puts
-        while 1
+        loop do
           command = read_line
           case command
-          when 'quit!'
-            puts 'Bye!'
+          when "quit!"
+            puts "Bye!"
             break
           when /^on (.+?); (.+)$/
             raw_list = $1.split(" ")
-            server_list = Array.new
+            server_list = []
             @winrm_sessions.each do |session_server|
               server_list << session_server if raw_list.include?(session_server.host)
             end
@@ -104,7 +104,7 @@ class Chef
       # line is input.
       def read_line
         loop do
-          command = reader.readline("#{ui.color('knife-winrm>', :bold)} ", true)
+          command = reader.readline("#{ui.color("knife-winrm>", :bold)} ", true)
 
           if command.nil?
             command = "exit"

data/lib/chef/knife/winrm_base.rb

@@ -16,16 +16,16 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require 'chef/encrypted_data_bag_item'
-require 'kconv'
+require "chef/knife"
+require "chef/encrypted_data_bag_item"
+require "kconv"
 
 class Chef
   class Knife
     module WinrmBase
 
       # It includes supported WinRM authentication protocol.
-      WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
+      WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}.freeze
 
       # :nodoc:
       # Would prefer to do this in a rational way, but can't be done b/c of
@@ -34,93 +34,95 @@ class Chef
         includer.class_eval do
 
           deps do
-            require 'readline'
-            require 'chef/json_compat'
+            require "readline"
+            require "chef/json_compat"
           end
 
           option :winrm_user,
-            :short => "-x USERNAME",
-            :long => "--winrm-user USERNAME",
-            :description => "The WinRM username",
-            :default => "Administrator",
-            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
+            short: "-x USERNAME",
+            long: "--winrm-user USERNAME",
+            description: "The WinRM username",
+            default: "Administrator",
+            proc: Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
 
           option :winrm_password,
-            :short => "-P PASSWORD",
-            :long => "--winrm-password PASSWORD",
-            :description => "The WinRM password",
-            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
+            short: "-P PASSWORD",
+            long: "--winrm-password PASSWORD",
+            description: "The WinRM password",
+            proc: Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
 
           option :winrm_shell,
-            :long => "--winrm-shell SHELL",
-            :description => "The WinRM shell type. Valid choices are [cmd, powershell, elevated]. 'elevated' runs powershell in a scheduled task",
-            :default => :cmd,
-            :proc => Proc.new { |shell| shell.to_sym }
+            long: "--winrm-shell SHELL",
+            description: "The WinRM shell type. Valid choices are [cmd, powershell, elevated]. 'elevated' runs powershell in a scheduled task",
+            default: :cmd,
+            proc: Proc.new { |shell| shell.to_sym }
 
           option :winrm_transport,
-            :short => "-w TRANSPORT",
-            :long => "--winrm-transport TRANSPORT",
-            :description => "The WinRM transport type. Valid choices are [ssl, plaintext]",
-            :default => 'plaintext',
-            :proc => Proc.new { |transport| Chef::Config[:knife][:winrm_port] = '5986' if transport == 'ssl'
-                                Chef::Config[:knife][:winrm_transport] = transport }
+            short: "-w TRANSPORT",
+            long: "--winrm-transport TRANSPORT",
+            description: "The WinRM transport type. Valid choices are [ssl, plaintext]",
+            default: "plaintext",
+            proc: Proc.new { |transport|
+              Chef::Config[:knife][:winrm_port] = "5986" if transport == "ssl"
+              Chef::Config[:knife][:winrm_transport] = transport
+            }
 
           option :winrm_port,
-            :short => "-p PORT",
-            :long => "--winrm-port PORT",
-            :description => "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
-            :default => '5985',
-            :proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
+            short: "-p PORT",
+            long: "--winrm-port PORT",
+            description: "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
+            default: "5985",
+            proc: Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
 
           option :kerberos_keytab_file,
-            :short => "-T KEYTAB_FILE",
-            :long => "--keytab-file KEYTAB_FILE",
-            :description => "The Kerberos keytab file used for authentication",
-            :proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
+            short: "-T KEYTAB_FILE",
+            long: "--keytab-file KEYTAB_FILE",
+            description: "The Kerberos keytab file used for authentication",
+            proc: Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
 
           option :kerberos_realm,
-            :short => "-R KERBEROS_REALM",
-            :long => "--kerberos-realm KERBEROS_REALM",
-            :description => "The Kerberos realm used for authentication",
-            :proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
+            short: "-R KERBEROS_REALM",
+            long: "--kerberos-realm KERBEROS_REALM",
+            description: "The Kerberos realm used for authentication",
+            proc: Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
 
           option :kerberos_service,
-            :short => "-S KERBEROS_SERVICE",
-            :long => "--kerberos-service KERBEROS_SERVICE",
-            :description => "The Kerberos service used for authentication",
-            :proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
+            short: "-S KERBEROS_SERVICE",
+            long: "--kerberos-service KERBEROS_SERVICE",
+            description: "The Kerberos service used for authentication",
+            proc: Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
 
           option :ca_trust_file,
-            :short => "-f CA_TRUST_FILE",
-            :long => "--ca-trust-file CA_TRUST_FILE",
-            :description => "The Certificate Authority (CA) trust file used for SSL transport",
-            :proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
+            short: "-f CA_TRUST_FILE",
+            long: "--ca-trust-file CA_TRUST_FILE",
+            description: "The Certificate Authority (CA) trust file used for SSL transport",
+            proc: Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
 
           option :winrm_ssl_verify_mode,
-            :long => "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
-            :description => "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
-            :default => :verify_peer,
-            :proc => Proc.new { |verify_mode| verify_mode.to_sym }
+            long: "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
+            description: "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
+            default: :verify_peer,
+            proc: Proc.new { |verify_mode| verify_mode.to_sym }
 
           option :ssl_peer_fingerprint,
-            :long => "--ssl-peer-fingerprint FINGERPRINT",
-            :description => "ssl Cert Fingerprint to bypass normal cert chain checks"
+            long: "--ssl-peer-fingerprint FINGERPRINT",
+            description: "ssl Cert Fingerprint to bypass normal cert chain checks"
 
           option :winrm_authentication_protocol,
-            :long => "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
-            :description => "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(',')}. Default is 'negotiate'.",
-            :default => "negotiate",
-            :proc => Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
+            long: "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
+            description: "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(",")}. Default is 'negotiate'.",
+            default: "negotiate",
+            proc: Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
 
           option :session_timeout,
-            :long => "--session-timeout Minutes",
-            :description => "The timeout for the client for the maximum length of the WinRM session",
-            :default => 30
+            long: "--session-timeout Minutes",
+            description: "The timeout for the client for the maximum length of the WinRM session",
+            default: 30
 
           option :winrm_codepage,
-            :long => "--winrm-codepage Codepage",
-            :description => "The codepage to use for the winrm cmd shell",
-            :default => 65001
+            long: "--winrm-codepage Codepage",
+            description: "The codepage to use for the winrm cmd shell",
+            default: 65001
         end
       end
     end

data/lib/chef/knife/winrm_knife_base.rb

@@ -16,17 +16,16 @@
 # limitations under the License.
 #
 
-
-require 'chef/knife'
-require_relative 'winrm_base'
-require_relative 'winrm_shared_options'
-require_relative 'knife_windows_base'
+require "chef/knife"
+require_relative "winrm_base"
+require_relative "winrm_shared_options"
+require_relative "knife_windows_base"
 
 class Chef
   class Knife
     module WinrmCommandSharedFunctions
 
-      FAILED_BASIC_HINT ||= "Hint: Please check winrm configuration 'winrm get winrm/config/service' AllowUnencrypted flag on remote server."
+      FAILED_BASIC_HINT ||= "Hint: Please check winrm configuration 'winrm get winrm/config/service' AllowUnencrypted flag on remote server.".freeze
       FAILED_NOT_BASIC_HINT ||= <<-eos.gsub /^\s+/, ""
         Hint: Make sure to prefix domain usernames with the correct domain name.
         Hint: Local user names should be prefixed with computer name or IP address.
@@ -45,7 +44,7 @@ class Chef
           def validate_winrm_options!
             winrm_auth_protocol = locate_config_value(:winrm_authentication_protocol)
 
-            if ! Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.include?(winrm_auth_protocol)
+            unless Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.include?(winrm_auth_protocol)
               ui.error "Invalid value '#{winrm_auth_protocol}' for --winrm-authentication-protocol option."
               ui.info "Valid values are #{Chef::Knife::WinrmBase::WINRM_AUTH_PROTOCOL_LIST.join(",")}."
               exit 1
@@ -54,8 +53,8 @@ class Chef
             warn_no_ssl_peer_verification if resolve_no_ssl_peer_verification
           end
 
-          #Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
-          #Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
+          # Overrides Chef::Knife#configure_session, as that code is tied to the SSH implementation
+          # Tracked by Issue # 3042 / https://github.com/chef/chef/issues/3042
           def configure_session
             validate_winrm_options!
             resolve_session_options
@@ -68,7 +67,7 @@ class Chef
                    when true
                      @name_args[0].split(" ")
                    when false
-                     r = Array.new
+                     r = []
                      q = Chef::Search::Query.new
                      @action_nodes = q.search(:node, @name_args[0])[0]
                      @action_nodes.each do |item|
@@ -78,16 +77,16 @@ class Chef
                      r
                    end
 
-             if @list.length == 0
+            if @list.length == 0
               if @action_nodes.length == 0
                 ui.fatal("No nodes returned from search!")
               else
-                ui.fatal("#{@action_nodes.length} #{@action_nodes.length > 1 ? "nodes":"node"} found, " +
+                ui.fatal("#{@action_nodes.length} #{@action_nodes.length > 1 ? "nodes" : "node"} found, " +
                          "but does not have the required attribute (#{config[:attribute]}) to establish the connection. " +
                          "Try setting another attribute to open the connection using --attribute.")
               end
               exit 10
-            end
+           end
           end
 
           # TODO: Copied from Knife::Core:GenericPresenter. Should be extracted
@@ -107,10 +106,10 @@ class Chef
                        end
               end
             end
-            ( !data.kind_of?(Array) && data.respond_to?(:to_hash) ) ? data.to_hash : data
+            ( !data.is_a?(Array) && data.respond_to?(:to_hash) ) ? data.to_hash : data
           end
 
-          def run_command(command = '')
+          def run_command(command = "")
             relay_winrm_command(command)
             check_for_errors!
             @exit_code
@@ -143,7 +142,7 @@ class Chef
             @session_results << s.relay_command(command)
           rescue WinRM::WinRMHTTPTransportError, WinRM::WinRMAuthorizationError => e
             if authorization_error?(e)
-              if ! config[:suppress_auth_failure]
+              unless config[:suppress_auth_failure]
                 # Display errors if the caller hasn't opted to retry
                 ui.error "Failed to authenticate to #{s.host} as #{locate_config_value(:winrm_user)}"
                 ui.info "Response: #{e.message}"
@@ -180,9 +179,10 @@ class Chef
           end
 
           def success_return_codes
-            #Redundant if the CLI options parsing occurs
+            # Redundant if the CLI options parsing occurs
             return [0] unless config[:returns]
-            return @success_return_codes ||= config[:returns].split(',').collect {|item| item.to_i}
+
+            @success_return_codes ||= config[:returns].split(",").collect(&:to_i)
           end
 
           def session_from_list
@@ -193,7 +193,7 @@ class Chef
             end
           end
 
-          def create_winrm_session(options={})
+          def create_winrm_session(options = {})
             session = Chef::Knife::WinrmSession.new(options)
             @winrm_sessions ||= []
             @winrm_sessions.push(session)
@@ -211,10 +211,10 @@ class Chef
               no_ssl_peer_verification: resolve_no_ssl_peer_verification,
               ssl_peer_fingerprint: resolve_ssl_peer_fingerprint,
               shell: locate_config_value(:winrm_shell),
-              codepage: locate_config_value(:winrm_codepage)
+              codepage: locate_config_value(:winrm_codepage),
             }
 
-            if @session_opts[:user] and (not @session_opts[:password])
+            if @session_opts[:user] && (not @session_opts[:password])
               @session_opts[:password] = Chef::Config[:knife][:winrm_password] = config[:winrm_password] = get_password
             end
 
@@ -231,9 +231,9 @@ class Chef
             # Prefixing with '.\' when using negotiate
             # to auth user against local machine domain
             if resolve_winrm_basic_auth ||
-              resolve_winrm_transport == :kerberos ||
-              user.include?("\\") ||
-              user.include?("@")
+                resolve_winrm_transport == :kerberos ||
+                user.include?("\\") ||
+                user.include?("@")
               user
             else
               ".\\#{user}"
@@ -241,7 +241,7 @@ class Chef
           end
 
           def resolve_winrm_session_timeout
-            #30 min (Default) OperationTimeout for long bootstraps fix for KNIFE_WINDOWS-8
+            # 30 min (Default) OperationTimeout for long bootstraps fix for KNIFE_WINDOWS-8
             locate_config_value(:session_timeout).to_i * 60 if locate_config_value(:session_timeout)
           end
 
@@ -259,7 +259,7 @@ class Chef
 
           def resolve_winrm_transport
             transport = locate_config_value(:winrm_transport).to_sym
-            if config.any? {|k,v| k.to_s =~ /kerberos/ && !v.nil? }
+            if config.any? { |k, v| k.to_s =~ /kerberos/ && !v.nil? }
               transport = :kerberos
             elsif transport != :ssl && negotiate_auth?
               transport = :negotiate
@@ -289,22 +289,22 @@ class Chef
           end
 
           def warn_no_ssl_peer_verification
-            if ! @@ssl_warning_given
+            unless @@ssl_warning_given
               @@ssl_warning_given = true
-              ui.warn(<<-WARN)
-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
-connections are still encrypted, but knife is not able to detect forged replies
-or spoofing attacks.
-
-To fix this issue add an entry like this to your knife configuration file:
-
-```
-  # Verify all WinRM HTTPS connections (default, recommended)
-  knife[:winrm_ssl_verify_mode] = :verify_peer
-```
-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-WARN
+              ui.warn(<<~WARN)
+                * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+                SSL validation of HTTPS requests for the WinRM transport is disabled. HTTPS WinRM
+                connections are still encrypted, but knife is not able to detect forged replies
+                or spoofing attacks.
+
+                To fix this issue add an entry like this to your knife configuration file:
+
+                ```
+                  # Verify all WinRM HTTPS connections (default, recommended)
+                  knife[:winrm_ssl_verify_mode] = :verify_peer
+                ```
+                * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+              WARN
                 end
               end