## knife ssh / knife bootstrap ed25519 support

The `knife bootstrap` and `knife ssh` commands now support ed25519 SSH keys.

## Windows alternate user identity execute support

The `execute` resource and similar resources such as `script`, `batch`, and `powershell_script` now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials.

**Note**: When Chef Infra Client is running as a service, this feature requires that the user that Chef Infra Client runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator.

This right can be added and checked in a recipe using this example:

```ruby
 Add 'SeAssignPrimaryTokenPrivilege' for the user
Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')

 Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')
```

### Properties

The following properties are new or updated for the `execute`, `script`, `batch`, and `powershell_script` resources and any resources derived from them:

`user`

:   **Ruby Type:** String The user name of the user identity with which
    to launch the new process. The user name may optionally be specified
    with a domain, i.e. `domain\user` or `user@my.dns.domain.com` via
    Universal Principal Name (UPN) format. It can also be specified
    without a domain simply as `user` if the domain is instead specified
    using the `domain` attribute. On Windows only, if this property is
    specified, the `password` property **must** be specified.

`password`

:   **Ruby types** String _Windows only:_ The password of the user
    specified by the `user` property. This property is mandatory if
    `user` is specified on Windows and may only be specified if `user`
    is specified. The `sensitive` property for this resource will
    automatically be set to `true` if `password` is specified.

`domain`

:   **Ruby types** String _Windows only:_ The domain of the user
    specified by the `user` property. If not specified, the user name
    and password specified by the `user` and `password` properties will
    be used to resolve that user against the domain in which the system
    running Chef client is joined, or if that system is not joined to a
    domain it will resolve the user as a local account on that system.
    An alternative way to specify the domain is to leave this property
    unspecified and specify the domain as part of the `user` property.

### Usage

The following examples explain how alternate user identity properties can be used in the execute resources:

```ruby
powershell_script 'create powershell-test file' do
  code <<-EOH
  $stream = [System.IO.StreamWriter] "#{Chef::Config[:file_cache_path]}/powershell-test.txt"
  $stream.WriteLine("In #{Chef::Config[:file_cache_path]}...word.")
  $stream.close()
  EOH
  user 'username'
  password 'password'
end

execute 'mkdir test_dir' do
  cwd Chef::Config[:file_cache_path]
  domain "domain-name"
  user "user"
  password "password"
end

script 'create test_dir' do
  interpreter "bash"
  code  "mkdir test_dir"
  cwd Chef::Config[:file_cache_path]
  user "domain-name\\username"
  password "password"
end

batch 'create test_dir' do
  code "mkdir test_dir"
  cwd Chef::Config[:file_cache_path]
  user "username@domain-name"
  password "password"
end
```

## Bug Fixes

- Systemd unit files are now verified before being installed.
- Ensure that the Windows Administrator group can access the chef-solo nodes directory
- When loading a cookbook in Chef Solo, use `metadata.json` in preference to `metadata.rb`

## Packaging Updates

### Cisco NX-OS and IOS XR

As of version 12.19, Chef Infra Client packages for Cisco NX-OS and IOS XR platforms will no longer be produced.

## System Configuration Detection

### Cumulus Linux Platform

Cumulus Linux will now be detected as platform `cumulus` instead of `debian` and the `platform_version` will be properly set to the Cumulus Linux release.

### Virtualization Detection

Windows / Linux / BSD guests running on the Veertu hypervisors will now be detected

Windows guests running on Xen and Hyper-V hypervisors will now be detected

### New Sysconf Plugin

A new plugin parses the output of the sysconf command to provide information on the underlying system.

### AWS Account ID

The EC2 plugin now fetches the AWS Account ID in addition to previous instance metadata

### GCC Detection

GCC detection has been improved to collect additional information, and to not prompt for the installation of Xcode on macOS systems

## New deprecations

## Ohai::Config removed

- **Deprecation ID**: OHAI-1
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_legacy_config>
- **Expected Removal**: Ohai 13 (April 2017)

## sigar gem based plugins removed

- **Deprecation ID**: OHAI-2
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_sigar_plugins>
- **Expected Removal**: Ohai 13 (April 2017)

## run_command and popen4 helper methods removed

- **Deprecation ID**: OHAI-3
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_run_command_helpers>
- **Expected Removal**: Ohai 13 (April 2017)

## libvirt plugin attributes moved

- **Deprecation ID**: OHAI-4
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_libvirt_plugin>
- **Expected Removal**: Ohai 13 (April 2017)

## Windows CPU plugin attribute changes

- **Deprecation ID**: OHAI-5
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_windows_cpu>
- **Expected Removal**: Ohai 13 (April 2017)

## DigitalOcean plugin attribute changes

- **Deprecation ID**: OHAI-6
- **Remediation Docs**: <https://docs.chef.io/deprecations_ohai_digitalocean/>
- **Expected Removal**: Ohai 13 (April 2017)