Merge pull request #118 from opscode/adamedx/0-stable-rel-0-8-2-rc-0

Merge pull request #117 from opscode/adamedx/rel-0-8-2-rc-0

CHANGELOG.md

@@ -3,8 +3,11 @@
 ## Unreleased changes
 None.
 
+## Latest release: 0.8.2
+* [knife-windows #108](https://github.com/opscode/knife-windows/issues/108) Error: Unencrypted communication not supported if remote server does not require encryption
+
 ## Latest release: 0.8.0
-* [knife-windows #98](https://github.com/opscode/knife-windows/issues/96) Get winrm command exit code if it is not expected
+* [knife-windows #98](https://github.com/opscode/knife-windows/issues/98) Get winrm command exit code if it is not expected
 * [knife-windows #96](https://github.com/opscode/knife-windows/issues/96) Fix break from OS patch KB2918614
 * Remove the 'instance data' method of creating EC2 servers
 * Update winrm-s dependency along with em-winrm and winrm dependencies

DOC_CHANGES.md

@@ -6,32 +6,18 @@ Example Doc Change:
 Description of the required change.
 -->
 
-# knife-windows 0.8.0 doc changes
+# knife-windows 0.8.2 doc changes
 
 ### Negotiate / NTLM authentication support
-If `knife` is executed from a Windows system, it is no longer necessary to make
-additional configuration of the WinRM listener on the remote node to enable
-successful authentication from the workstation. It is sufficient to have a WinRM
-listener on the remote node configured according to the operating system's `winrm
-quickconfig` command default configuration because `knife-windows` now
-supports the Windows negotiate protocol including NTLM authentication, which
-matches the authentication requirements for the default WinRM listener configuration.
-
-If `knife` is executed on a non-Windows system, certificate authentication or Kerberos
-should be used instead via the `kerberos_service` and related options of the subcommands. 
-
-**NOTE**: In order to use NTLM / Negotiate to authenticate as the user
-  specified by the `--winrm-user` (`-x`) option, you must include the user's
-  Windows domain when specifying the user name using the format `domain\user`
-  where the backslash ('`\`') character separates the user from the domain. If
-  an account local to the node is being used to access, `.` may be used as the domain:
-
-    knife bootstrap windows winrm web1.cloudapp.net -r 'server::web' -x 'proddomain\webuser' -P 'super_secret_password'
-    knife bootstrap windows winrm db1.cloudapp.net -r 'server::db' -x '.\localadmin' -P 'super_secret_password'
-
-For development and testing purposes, unencrypted traffic with Basic authentication can make it easier to test connectivity:
-
-    winrm set winrm/config/service @{AllowUnencrypted="true"}
-    winrm set winrm/config/service/auth @{Basic="true"}
-
-
+If you are running `knife-windows` subcommands from a Windows workstation, you
+should not specify a username argument that includes a domain name (i.e. a
+name formatted like `domain\user`) unless the remote host has WinRM's
+`AllowUnencrypted` setting set to `$false` (the default setting on Windows if
+the `winrm quickconfig` command was used to enable WinRM). If you've modified
+the host to set this to `$true` instead of its default value and you run
+subcommands from a Windows workstation where the username specified to
+`knife-windows` contains a domain, the command will fail with an
+authentication error. To avoid this, omit the domain name (this will only work
+if the system is not joined to a domain, i.e. you were specifying the local
+workstation as the domain), or set `AllowUnencrypted` to `$false` which is a
+more secure setting.

RELEASE_NOTES.md

@@ -6,39 +6,57 @@ Example Note:
 ## Example Heading
 Details about the thing that changed that needs to get included in the Release Notes in markdown.
 -->
-# knife-windows 0.8.0 release notes:
-This release of knife-windows enables the Windows negotiate protocol to be
-used with the `winrm` and `bootstrap windows winrm` subcommands and also
-contains bug fixes and dependency updates.
+# knife-windows 0.8.2.rc.0 release notes:
+This release of knife-windows addresses a regression in knife-windows 0.8.0
+from previous releases where `knife winrm` and `knife bootstrap windows`
+commands fail due to inability to authenticate:
+[knife-windows #108](https://github.com/opscode/knife-windows/issues/108). 
 
-A thank you goes to contributor **Josh Mahowald** for contributing a fix to return nonzero exit codes.
+You can install the fix for this issue by upgrading to this new version using
+the `gem` command:
 
-Issues with `knife-windows` should be reported in the ticketing system at
-https://github.com/opscode/knife-windows/issues. Learn more about how you can
-contribute features and bug fixes to `knife-windows` in the [Chef Contributions document](http://docs.opscode.com/community_contributions.html).
+    gem install knife-windows --pre
 
-## Features added in knife-windows 0.8.0
+A thank you goes to **Richard Lavey** for reporting [knife-windows #108](https://github.com/opscode/knife-windows/issues/108).
 
-### NTLM / Negotiate authentication for `winrm` and `bootstrap`
-If `knife` is being used on a Windows workstation, it is no longer necessary
-to use Kerberos or to use certificate authentication to authenticate securely
-with a remote node in bootstrap or command execution scenarios. The `knife winrm` and `knife
-windows bootstrap` commands now support the use of NTLM to authenticate to remote
-nodes with the default WinRM listener configuration set by the operating
-system's `winrm quickconfig` command.
+## Impact of [knife-windows #108](https://github.com/opscode/knife-windows/issues/108)
 
-When specifying the user name on the command-line or configuration, the format `domain\username` must be used for
-the negotiate protocol to be invoked. If the account is local to the node,
-'`.`' may be used for the domain. See the README.md for further detail.
+[knife-windows #108](https://github.com/opscode/knife-windows/issues/108) will affect a given user if all of the following are true:
+
+* You are running `knife-windows` subcommands on a Windows workstation
+* The remote node you're interacting with via `knife-windows` has a WinRM
+  configuration with the `WSMan:\localhost\Service\AllowUnencrypted` (in
+  PowerShell's WinRM settings drive provider)
+
+In this situation, you will receive an authentication error message from
+the `knife winrm` or `knife bootstrap windows` command such as
+`Error: Unencrypted communication not supported`. To resolve this error,
+simply install this version of the gem as described earlier.
+
+If you are running the `knife` commands from a non-Windows operating system,
+[knife-windows #108](https://github.com/opscode/knife-windows/issues/108) does
+not affect you, so you don't need to upgrade just for this issue.
+
+## Reporting issues and contributing
+
+`knife-windows` issues like the one addressed in this release should be
+reported in the ticketing system at https://github.com/opscode/knife-windows/issues. You can learn more about how to contribute features and bug fixes to `knife-windows` in the [Chef Contributions document](http://docs.opscode.com/community_contributions.html).
+
+## Features added in knife-windows 0.8.2
+None.
+
+## Issues fixed in knife-windows 0.8.2
+[knife-windows #108](https://github.com/opscode/knife-windows/issues/108) Error: Unencrypted communication not supported if remote server does not require encryption
+
+The fix in this release will cause a behavior change from the 0.8.0 release:
+
+* As described in the [documentation changes](https://github.com/opscode/knife-windows/blob/0.8.0/DOC_CHANGES.md) for the 0.8.0 release of the `knife-windows`, the negotiate authentication
+  protocol will only be used in this 0.8.2 release if a domain is specified (you can specify '.' as
+  the domain if you want to use the local workstation as the domain). Due to a
+  defect in the 0.8.0 release, the negotiate protocol was being used even when
+  the domain was not specified.
 
 ## knife-windows on RubyGems and Github
 https://rubygems.org/gems/knife-windows
 https://github.com/opscode/knife-windows
 
-## Issues fixed in knife-windows 0.8.0
-* [knife-windows #98](https://github.com/opscode/knife-windows/issues/96) Get winrm command exit code if it is not expected
-* [knife-windows #96](https://github.com/opscode/knife-windows/issues/96) Fix break from OS patch KB2918614
-* Update winrm-s dependency along with em-winrm and winrm dependencies
-* Return failure codes from knife winrm even when `returns` is not set
-* Support Windows negotiate authentication protocol when running knife on Windows
-

lib/knife-windows/version.rb

@@ -1,6 +1,6 @@
 module Knife
   module Windows
-    VERSION = "0.8.0"
+    VERSION = "0.8.2.rc.0"
     MAJOR, MINOR, TINY = VERSION.split('.')
   end
 end