The following items are new for Chef Infra Client 12.4 and/or are changes from previous versions. The short version:

- **Validatorless bootstrap now requires the node name** Use of the
    `-N node_name` option with a validatorless bootstrap is now
    required.
- **remote_file resource supports Windows UNC paths for source
    location** A Microsoft Windows UNC path may be used to specify the
    location of a remote file.
- **Run PowerShell commands without excessive quoting** Use the
    `Import-Module chef` module to run Windows PowerShell commands
    without excessive quotation.
- **Logging may use the Windows Event Logger** Log files may be sent
    to the Windows Event Logger. Set the `log_location` setting in the
    client.rb file to `Chef::Log::WinEvt.new`.
- **Logging may be configured to use daemon facility available to the
    chef-client** Log files may be sent to the syslog available to the
    chef-client. Set the `log_location` setting in the client.rb file to
    `Chef::Log::Syslog.new("chef-client", ::Syslog::LOG_DAEMON)`.
- **Package locations on the Windows platform may be specified using a
    URL** The location of a package may be at URL when using the
    **windows_package** resource.
- **Package locations on the Windows platform may be specified by
    passing attributes to the remote_file resource** Use the
    `remote_file_attributes` attribute to pass a Hash of attributes that
    modifies the **remote_file** resource.
- **Public key management for users and clients** The `knife client`
    and `knife user` subcommands may now create, delete, edit, list, and
    show public keys.
- **knife client create and knife user create options have changed**
    With the new key management subcommands, the options for
    `knife client create` and `knife user create` have changed.
- **chef-client audit-mode is no longer marked as "experimental"** The
    recommended version of audit-mode is chef-client 12.4, where it is
    no longer marked as experimental. Chef Infra Client will report audit
    failures independently of converge failures.

## UNC paths, **remote_file**

When using the **remote_file** resource, the location of a source file
may be specified using a Microsoft Windows UNC. For example:

```ruby
source "\\\\path\\to\\img\\sketch.png"
```

## Import-Module chef

Chef Infra Client version 12.4 release adds an optional feature to the
Microsoft Installer Package (MSI) for Chef. This feature enables the
ability to pass quoted strings from the Windows PowerShell command line
without the need for triple single quotes (`''' '''`). This feature
installs a Windows PowerShell module (typically in
`C:\opscode\chef\modules`) that is also appended to the `PSModulePath`
environment variable. This feature is not enabled by default. To
activate this feature, run the following command from within Windows
PowerShell:

```bash
Import-Module chef
```

or add `Import-Module chef` to the profile for Windows PowerShell
located at:

```bash
~\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
```

This module exports cmdlets that have the same name as the command-line
tools---chef-client, knife, chef-apply---that are built into Chef.

For example:

```bash
knife exec -E 'puts ARGV' """&s0meth1ng"""
```

is now:

```bash
knife exec -E 'puts ARGV' '&s0meth1ng'
```

and:

```bash
knife node run_list set test-node '''role[ssssssomething]'''
```

is now:

```bash
knife node run_list set test-node 'role[ssssssomething]'
```

To remove this feature, run the following command from within Windows
PowerShell:

```bash
Remove-Module chef
```

## client.rb Settings

The following settings have changed:

<table>
<colgroup>
<col style="width: 40%" />
<col style="width: 60%" />
</colgroup>
<thead>
<tr class="header">
<th>Setting</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>log_location</code></td>
<td>The location of the log file. Possible values: <code>/path/to/log_location</code>, <code>STDOUT</code>, <code>STDERR</code>, <code>Chef::Log::WinEvt.new</code> (Windows Event Logger), or <code>Chef::Log::Syslog.new("chef-client", ::Syslog::LOG_DAEMON)</code> (writes to the syslog daemon facility with the originator set as <code>chef-client</code>). The application log will specify the source as <code>Chef</code>. Default value: <code>STDOUT</code>.</td>
</tr>
</tbody>
</table>

## **windows_package** Updates

The **windows_package** resource has two new attributes (`checksum` and
`remote_file_attributes`) and the `source` attribute now supports using
a URL:

<table>
<colgroup>
<col style="width: 40%" />
<col style="width: 60%" />
</colgroup>
<thead>
<tr class="header">
<th>Attribute</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>checksum</code></td>
<td>The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, Chef Infra Client does not download it. Use when a URL is specified by the <code>source</code> attribute.</td>
</tr>
<tr>
<td><code>remote_file_attributes</code></td>
<td>A package at a remote location define as a Hash of properties that modifies the properties of the <strong>remote_file</strong> resource.</td>
</tr>
<tr>
<td><code>source</code></td>
<td>Optional. The path to a package in the local file system. The location of the package may be at a URL. Default value: the <code>name</code> of the resource block. See "Syntax" section above for more information.</td>
</tr>
</tbody>
</table>

Examples:

**Specify a URL for the source attribute**

```ruby
windows_package '7zip' do
  source 'http://www.7-zip.org/a/7z938-x64.msi'
end
```

**Specify path and checksum**

```ruby
windows_package '7zip' do
  source 'http://www.7-zip.org/a/7z938-x64.msi'
  checksum '7c8e873991c82ad9cfc123415254ea6101e9a645e12977dcd518979e50fdedf3'
end
```

**Modify remote_file resource attributes**

The **windows_package** resource may specify a package at a remote
location using the `remote_file_attributes` property. This uses the
**remote_file** resource to download the contents at the specified URL
and passes in a Hash that modifies the properties of the [remote_file
resource](/resources/remote_file/).

For example:

```ruby
windows_package '7zip' do
  source 'http://www.7-zip.org/a/7z938-x64.msi'
  remote_file_attributes ({
    :path => 'C:\\7zip.msi',
    :checksum => '7c8e873991c82ad9cfc123415254ea6101e9a645e12977dcd518979e50fdedf3'
  })
end
```

## knife client key

Use the `knife client` subcommand to manage an API client list and their
associated RSA public key-pairs. This allows authentication requests to
be made to the Chef server by any entity that uses the Chef server API,
such as Chef Infra Client and knife.

### key create

Use the `key create` argument to create a public key.

**Syntax**

This argument has the following syntax:

```bash
knife client key create CLIENT_NAME (options)
```

**Options**

This argument has the following options:

`-e DATE`, `--expiration-date DATE`

:   The expiration date for the public key, specified as an ISO 8601
    formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
    specified, the public key will not have an expiration date. For
    example: `2013-12-24T21:00:00Z`.

`-f FILE`, `--file FILE`

:   Save a private key to the specified file name. If the `--public-key`
    option is not specified the Chef server will generate a private key.

`-k NAME`, `--key-name NAME`

:   The name of the public key.

`-p FILE_NAME`, `--public-key FILE_NAME`

:   The path to a file that contains the public key. If this option is
    not specified, and only if `--key-name` is specified, the Chef
    server will generate a public/private key pair.

### key delete

Use the `key delete` argument to delete a public key.

**Syntax**

This argument has the following syntax:

```bash
knife client key delete CLIENT_NAME KEY_NAME
```

### key edit

Use the `key edit` argument to modify or rename a public key.

**Syntax**

This argument has the following syntax:

```bash
knife client key edit CLIENT_NAME KEY_NAME (options)
```

**Options**

This argument has the following options:

`-c`, `--create-key`

:   Generate a new public/private key pair and replace an existing
    public key with the newly-generated public key. To replace the
    public key with an existing public key, use `--public-key` instead.

`-e DATE`, `--expiration-date DATE`

:   The expiration date for the public key, specified as an ISO 8601
    formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
    specified, the public key will not have an expiration date. For
    example: `2013-12-24T21:00:00Z`.

`-f FILE`, `--file FILE`

:   Save a private key to the specified file name. If the `--public-key`
    option is not specified the Chef server will generate a private key.

`-k NAME`, `--key-name NAME`

:   The name of the public key.

`-p FILE_NAME`, `--public-key FILE_NAME`

:   The path to a file that contains the public key. If this option is
    not specified, and only if `--key-name` is specified, the Chef
    server will generate a public/private key pair.

### key list

Use the `key list` argument to view a list of public keys for the named
client.

**Syntax**

This argument has the following syntax:

```bash
knife client key list CLIENT_NAME (options)
```

**Options**

This argument has the following options:

`-e`, `--only-expired`

:   Show a list of public keys that have expired.

`-n`, `--only-non-expired`

:   Show a list of public keys that have not expired.

`-w`, `--with-details`

:   Show a list of public keys, including URIs and expiration status.

### key show

Use the `key show` argument to view details for a specific public key.

**Syntax**

This argument has the following syntax:

```bash
knife client key show CLIENT_NAME KEY_NAME
```

## knife user key

Use the `knife user` subcommand to manage the list of users and their
associated RSA public key-pairs.

### key create

Use the `key create` argument to create a public key.

**Syntax**

This argument has the following syntax:

```bash
knife user key create USER_NAME (options)
```

**Options**

This argument has the following options:

`-e DATE`, `--expiration-date DATE`

:   The expiration date for the public key, specified as an ISO 8601
    formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
    specified, the public key will not have an expiration date. For
    example: `2013-12-24T21:00:00Z`.

`-f FILE`, `--file FILE`

:   Save a private key to the specified file name.

`-k NAME`, `--key-name NAME`

:   The name of the public key.

`-p FILE_NAME`, `--public-key FILE_NAME`

:   The path to a file that contains the public key. If this option is
    not specified, and only if `--key-name` is specified, the Chef
    server will generate a public/private key pair.

### key delete

Use the `key delete` argument to delete a public key.

**Syntax**

This argument has the following syntax:

```bash
knife user key delete USER_NAME KEY_NAME
```

### key edit

Use the `key edit` argument to modify or rename a public key.

**Syntax**

This argument has the following syntax:

```bash
knife user key edit USER_NAME KEY_NAME (options)
```

**Options**

This argument has the following options:

`-c`, `--create-key`

:   Generate a new public/private key pair and replace an existing
    public key with the newly-generated public key. To replace the
    public key with an existing public key, use `--public-key` instead.

`-e DATE`, `--expiration-date DATE`

:   The expiration date for the public key, specified as an ISO 8601
    formatted string: `YYYY-MM-DDTHH:MM:SSZ`. If this option is not
    specified, the public key will not have an expiration date. For
    example: `2013-12-24T21:00:00Z`.

`-f FILE`, `--file FILE`

:   Save a private key to the specified file name. If the `--public-key`
    option is not specified the Chef server will generate a private key.

`-k NAME`, `--key-name NAME`

:   The name of the public key.

`-p FILE_NAME`, `--public-key FILE_NAME`

:   The path to a file that contains the public key. If this option is
    not specified, and only if `--key-name` is specified, the Chef
    server will generate a public/private key pair.

### key list

Use the `key list` argument to view a list of public keys for the named
user.

**Syntax**

This argument has the following syntax:

```bash
knife user key list USER_NAME (options)
```

**Options**

This argument has the following options:

`-e`, `--only-expired`

:   Show a list of public keys that have expired.

`-n`, `--only-non-expired`

:   Show a list of public keys that have not expired.

`-w`, `--with-details`

:   Show a list of public keys, including URIs and expiration status.

### key show

Use the `key show` argument to view details for a specific public key.

**Syntax**

This argument has the following syntax:

```bash
knife user key show USER_NAME KEY_NAME
```

## Updated knife Options

With the new key management subcommands, the options for
`knife client create` and `knife user create` have changed.

### knife client create

This argument has the following options:

`-a`, `--admin`

:   Create a client as an admin client.

`-f FILE`, `--file FILE`

:   Save a private key to the specified file name.

`-k`, `--prevent-keygen`

:   Create a user without a public key. This key may be managed later by
    using the `knife user key` subcommands.

    <div class="admonition-warning">
    <p class="admonition-warning-title">Warning</p>
    <div class="admonition-warning-text">

    This option is valid only with Chef server API, version 1.0, which
    was released with Chef server 12.1. If this option or the
    `--user-key` option are not passed in the command, the Chef server
    will create a user with a public key named `default` and will return
    the private key. For the Chef server versions earlier than 12.1,
    this option will not work; a public key is always generated unless
    `--user-key` is passed in the command.

    </div>
    </div>

`-p FILE`, `--public-key FILE`

:   The path to a file that contains the public key. This option may not
    be passed in the same command with `--prevent-keygen`. When using
    Chef a default key is generated if this option is not passed in the
    command. For Chef server version 12.x, see the `--prevent-keygen`
    option.

`--validator`

:   Create the client as the chef-validator. Default value: `true`.

### knife user create

This argument has the following options:

`-a`, `--admin`

:   Create a client as an admin client. This is required for any user to
    access Open Source Chef as an administrator. This option only works
    when used with the open source Chef server and will have no effect
    when used with Enterprise Chef or Chef server 12.x.

`-f FILE_NAME`, `--file FILE_NAME`

:   Save a private key to the specified file name.

`-k`, `--prevent-keygen`

:   Create a user without a public key. This key may be managed later by
    using the `knife user key` subcommands.

    <div class="admonition-note">
    <p class="admonition-note-title">Note</p>
    <div class="admonition-note-text">

    This option is valid only with Chef server API, version 1.0, which
    was released with Chef server 12.1. If this option or the
    `--user-key` option are not passed in the command, the Chef server
    will create a user with a public key named `default` and will return
    the private key. For the Chef server versions earlier than 12.1,
    this option will not work; a public key is always generated unless
    `--user-key` is passed in the command.

    </div>
    </div>

`-p PASSWORD`, `--password PASSWORD`

:   The user password. This option only works when used with the open
    source Chef server and will have no effect when used with Enterprise
    Chef or Chef server 12.x.

`--user-key FILE_NAME`

:   The path to a file that contains the public key. When using Open
    Source Chef a default key is generated if this option is not passed
    in the command. For Chef server version 12.x, see the
    `--prevent-keygen` option.