From 60984b2da207c29321d7d91416eeff28291b8924 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 8 May 2015 13:45:31 +0200
Subject: [PATCH 1/7] This commit adds a Chef Client provisioner
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The commit is pretty complete and has a tested/working provisioner for
both SSH and WinRM. There are a few tests, but we maybe need another
few to have better coverage. Docs are also included…
---
 builtin/bins/provisioner-chef-client/main.go  |  15 +
 .../bins/provisioner-chef-client/main_test.go |   1 +
 .../chef-client/resource_provisioner.go       | 395 ++++++++++++++++++
 .../chef-client/resource_provisioner_test.go  |  56 +++
 .../chef-client/ssh_provisioner.go            |  70 ++++
 .../chef-client/ssh_provisioner_test.go       |   1 +
 .../chef-client/winrm_provisioner.go          |  75 ++++
 .../chef-client/winrm_provisioner_test.go     |   1 +
 .../provisioners/chef-client.html.markdown    |  90 ++++
 .../docs/provisioners/file.html.markdown      |   2 +-
 .../provisioners/remote-exec.html.markdown    |   2 +-
 website/source/layouts/docs.erb               |   4 +
 12 files changed, 710 insertions(+), 2 deletions(-)
 create mode 100644 builtin/bins/provisioner-chef-client/main.go
 create mode 100644 builtin/bins/provisioner-chef-client/main_test.go
 create mode 100644 builtin/provisioners/chef-client/resource_provisioner.go
 create mode 100644 builtin/provisioners/chef-client/resource_provisioner_test.go
 create mode 100644 builtin/provisioners/chef-client/ssh_provisioner.go
 create mode 100644 builtin/provisioners/chef-client/ssh_provisioner_test.go
 create mode 100644 builtin/provisioners/chef-client/winrm_provisioner.go
 create mode 100644 builtin/provisioners/chef-client/winrm_provisioner_test.go
 create mode 100644 website/source/docs/provisioners/chef-client.html.markdown

diff --git a/builtin/bins/provisioner-chef-client/main.go b/builtin/bins/provisioner-chef-client/main.go
new file mode 100644
index 000000000000..ca483ad760b9
--- /dev/null
+++ b/builtin/bins/provisioner-chef-client/main.go
@@ -0,0 +1,15 @@
+package main
+
+import (
+	"github.com/hashicorp/terraform/builtin/provisioners/chef-client"
+	"github.com/hashicorp/terraform/plugin"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProvisionerFunc: func() terraform.ResourceProvisioner {
+			return new(chefclient.ResourceProvisioner)
+		},
+	})
+}
diff --git a/builtin/bins/provisioner-chef-client/main_test.go b/builtin/bins/provisioner-chef-client/main_test.go
new file mode 100644
index 000000000000..06ab7d0f9a35
--- /dev/null
+++ b/builtin/bins/provisioner-chef-client/main_test.go
@@ -0,0 +1 @@
+package main
diff --git a/builtin/provisioners/chef-client/resource_provisioner.go b/builtin/provisioners/chef-client/resource_provisioner.go
new file mode 100644
index 000000000000..e4c410e20408
--- /dev/null
+++ b/builtin/provisioners/chef-client/resource_provisioner.go
@@ -0,0 +1,395 @@
+package chefclient
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"path"
+	"strings"
+	"text/template"
+	"time"
+
+	"github.com/hashicorp/terraform/communicator"
+	"github.com/hashicorp/terraform/communicator/remote"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/mitchellh/go-linereader"
+	"github.com/mitchellh/mapstructure"
+)
+
+const (
+	firstBoot      = "first-boot.json"
+	logfileDir     = "logfiles"
+	linuxConfDir   = "/etc/chef"
+	windowsConfDir = "C:/chef"
+)
+
+const clientConf = `
+log_location            STDOUT
+chef_server_url         "{{ .ServerURL }}"
+validation_client_name  "{{ .ValidationClientName }}"
+node_name               "{{ .NodeName }}"
+
+{{ if .HTTPProxy }}
+http_proxy          "{{ .HTTPProxy }}"
+ENV['http_proxy'] = "{{ .HTTPProxy }}"
+ENV['HTTP_PROXY'] = "{{ .HTTPProxy }}"
+{{ end }}
+
+{{ if .HTTPSProxy }}
+https_proxy          "{{ .HTTPSProxy }}"
+ENV['https_proxy'] = "{{ .HTTPSProxy }}"
+ENV['HTTPS_PROXY'] = "{{ .HTTPSProxy }}"
+{{ end }}
+
+{{ if .NOProxy }}no_proxy "{{ join .NOProxy "," }}"{{ end }}
+{{ if .SSLVerifyMode }}ssl_verify_mode {{ .SSLVerifyMode }}{{ end }}
+`
+
+// Provisioner represents a specificly configured chef provisioner
+type Provisioner struct {
+	Attributes           interface{} `mapstructure:"-"`
+	Environment          string      `mapstructure:"environment"`
+	LogToFile            bool        `mapstructure:"log_to_file"`
+	HTTPProxy            string      `mapstructure:"http_proxy"`
+	HTTPSProxy           string      `mapstructure:"https_proxy"`
+	NOProxy              []string    `mapstructure:"no_proxy"`
+	NodeName             string      `mapstructure:"node_name"`
+	PreventSudo          bool        `mapstructure:"prevent_sudo"`
+	RunList              []string    `mapstructure:"run_list"`
+	ServerURL            string      `mapstructure:"server_url"`
+	SkipInstall          bool        `mapstructure:"skip_install"`
+	SSLVerifyMode        string      `mapstructure:"ssl_verify_mode"`
+	ValidationClientName string      `mapstructure:"validation_client_name"`
+	ValidationKeyPath    string      `mapstructure:"validation_key_path"`
+	Version              string      `mapstructure:"version"`
+
+	installChefClient func(terraform.UIOutput, communicator.Communicator) error
+	createConfigFiles func(terraform.UIOutput, communicator.Communicator) error
+	runChefClient     func(terraform.UIOutput, communicator.Communicator) error
+}
+
+// ResourceProvisioner represents a generic chef provisioner
+type ResourceProvisioner struct{}
+
+// Apply executes the file provisioner
+func (r *ResourceProvisioner) Apply(
+	o terraform.UIOutput,
+	s *terraform.InstanceState,
+	c *terraform.ResourceConfig) error {
+	// Decode the raw config for this provisioner
+	p, err := r.decodeConfig(c)
+	if err != nil {
+		return err
+	}
+
+	// Set some values based on the targeted OS
+	switch s.Ephemeral.ConnInfo["type"] {
+	case "ssh", "": // The default connection type is ssh, so if the type is empty use ssh
+		p.PreventSudo = p.PreventSudo || s.Ephemeral.ConnInfo["user"] == "root"
+		p.installChefClient = p.sshInstallChefClient
+		p.createConfigFiles = p.sshCreateConfigFiles
+		p.runChefClient = p.runChefClientFunc(linuxConfDir)
+	case "winrm":
+		p.PreventSudo = true
+		p.installChefClient = p.winrmInstallChefClient
+		p.createConfigFiles = p.winrmCreateConfigFiles
+		p.runChefClient = p.runChefClientFunc(windowsConfDir)
+	default:
+		return fmt.Errorf("Unsupported connection type: %s", s.Ephemeral.ConnInfo["type"])
+	}
+
+	// Get a new communicator
+	comm, err := communicator.New(s)
+	if err != nil {
+		return err
+	}
+
+	// Wait and retry until we establish the connection
+	err = retryFunc(comm.Timeout(), func() error {
+		err := comm.Connect(o)
+		return err
+	})
+	if err != nil {
+		return err
+	}
+	defer comm.Disconnect()
+
+	if !p.SkipInstall {
+		if err := p.installChefClient(o, comm); err != nil {
+			return err
+		}
+	}
+
+	o.Output("Creating configuration files...")
+	if err := p.createConfigFiles(o, comm); err != nil {
+		return err
+	}
+
+	o.Output("Starting initial Chef-Client run...")
+	if err := p.runChefClient(o, comm); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Validate checks if the required arguments are configured
+func (r *ResourceProvisioner) Validate(c *terraform.ResourceConfig) (ws []string, es []error) {
+	p, err := r.decodeConfig(c)
+	if err != nil {
+		es = append(es, err)
+		return ws, es
+	}
+
+	if p.NodeName == "" {
+		es = append(es, fmt.Errorf("Key not found: node_name"))
+	}
+	if p.RunList == nil {
+		es = append(es, fmt.Errorf("Key not found: run_list"))
+	}
+	if p.ServerURL == "" {
+		es = append(es, fmt.Errorf("Key not found: server_url"))
+	}
+	if p.ValidationClientName == "" {
+		es = append(es, fmt.Errorf("Key not found: validation_client_name"))
+	}
+	if p.ValidationKeyPath == "" {
+		es = append(es, fmt.Errorf("Key not found: validation_key_path"))
+	}
+
+	return ws, es
+}
+
+func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provisioner, error) {
+	p := new(Provisioner)
+
+	decConf := &mapstructure.DecoderConfig{
+		WeaklyTypedInput: true,
+		Result:           p,
+	}
+	dec, err := mapstructure.NewDecoder(decConf)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := dec.Decode(c.Raw); err != nil {
+		return nil, err
+	}
+
+	if p.Environment == "" {
+		p.Environment = "_default"
+	}
+
+	if attrs, ok := c.Raw["attributes"]; ok {
+		p.Attributes, err = rawToJSON(attrs)
+		if err != nil {
+			return nil, fmt.Errorf("Error parsing the attributes: %v", err)
+		}
+	}
+
+	return p, nil
+}
+
+func rawToJSON(raw interface{}) (interface{}, error) {
+	switch s := raw.(type) {
+	case []map[string]interface{}:
+		if len(s) != 1 {
+			return nil, errors.New("unexpected input while parsing raw config to JSON")
+		}
+
+		var err error
+		for k, v := range s[0] {
+			s[0][k], err = rawToJSON(v)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		return s[0], nil
+	default:
+		return raw, nil
+	}
+}
+
+// retryFunc is used to retry a function for a given duration
+func retryFunc(timeout time.Duration, f func() error) error {
+	finish := time.After(timeout)
+	for {
+		err := f()
+		if err == nil {
+			return nil
+		}
+		log.Printf("Retryable error: %v", err)
+
+		select {
+		case <-finish:
+			return err
+		case <-time.After(3 * time.Second):
+		}
+	}
+}
+
+func (p *Provisioner) runChefClientFunc(
+	confDir string) func(terraform.UIOutput, communicator.Communicator) error {
+	return func(o terraform.UIOutput, comm communicator.Communicator) error {
+		fb := path.Join(confDir, firstBoot)
+		cmd := fmt.Sprintf("chef-client -j %q -E %q", fb, p.Environment)
+
+		if p.LogToFile {
+			if err := os.MkdirAll(logfileDir, 0777); err != nil {
+				return fmt.Errorf("Error creating logfile directory %s: %v", logfileDir, err)
+			}
+
+			logFile := path.Join(logfileDir, p.NodeName)
+			f, err := os.Create(path.Join(logFile))
+			if err != nil {
+				return fmt.Errorf("Error creating logfile %s: %v", logFile, err)
+			}
+			f.Close()
+
+			o.Output("Writing Chef Client output to " + logFile)
+			o = p
+		}
+
+		return p.runCommand(o, comm, cmd)
+	}
+}
+
+// Output implementation of terraform.UIOutput interface
+func (p *Provisioner) Output(output string) {
+	logFile := path.Join(logfileDir, p.NodeName)
+	f, err := os.OpenFile(logFile, os.O_APPEND|os.O_WRONLY, 0666)
+	if err != nil {
+		log.Printf("Error creating logfile %s: %v", logFile, err)
+		return
+	}
+	defer f.Close()
+
+	output = strings.Replace(output, "\r", "\n", -1)
+	if _, err := f.WriteString(output); err != nil {
+		log.Printf("Error writing output to logfile %s: %v", logFile, err)
+	}
+
+	if err := f.Sync(); err != nil {
+		log.Printf("Error saving logfile %s to disk: %v", logFile, err)
+	}
+}
+
+func (p *Provisioner) deployConfigFiles(
+	o terraform.UIOutput,
+	comm communicator.Communicator,
+	confDir string) error {
+	// Open the validation .pem file
+	f, err := os.Open(p.ValidationKeyPath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	// Copy the validation .pem to the new instance
+	if err := comm.Upload(path.Join(confDir, "validation.pem"), f); err != nil {
+		return fmt.Errorf("Uploading validation.pem failed: %v", err)
+	}
+
+	// Make strings.Join available for use within the template
+	funcMap := template.FuncMap{
+		"join": strings.Join,
+	}
+
+	// Create a new template and parse the client.rb into it
+	t := template.Must(template.New("client.rb").Funcs(funcMap).Parse(clientConf))
+
+	var buf bytes.Buffer
+	err = t.Execute(&buf, p)
+	if err != nil {
+		return fmt.Errorf("Error executing client.rb template: %s", err)
+	}
+
+	// Copy the client.rb to the new instance
+	if err := comm.Upload(path.Join(confDir, "client.rb"), &buf); err != nil {
+		return fmt.Errorf("Uploading client.rb failed: %v", err)
+	}
+
+	// Create a map with first boot settings
+	fb := make(map[string]interface{})
+	if p.Attributes != nil {
+		fb = p.Attributes.(map[string]interface{})
+	}
+
+	// Add the initial runlist to the first boot settings
+	fb["run_list"] = p.RunList
+
+	// Marshal the first boot settings to JSON
+	d, err := json.Marshal(fb)
+	if err != nil {
+		return fmt.Errorf("Failed to create %s data: %s", firstBoot, err)
+	}
+
+	// Copy the first-boot.json to the new instance
+	if err := comm.Upload(path.Join(confDir, firstBoot), bytes.NewReader(d)); err != nil {
+		return fmt.Errorf("Uploading first-boot.json failed: %v", err)
+	}
+
+	return nil
+}
+
+// runCommand is used to run already prepared commands
+func (p *Provisioner) runCommand(
+	o terraform.UIOutput,
+	comm communicator.Communicator,
+	command string) error {
+	var err error
+
+	// Unless prevented, prefix the command with sudo
+	if !p.PreventSudo {
+		command = "sudo " + command
+	}
+
+	outR, outW := io.Pipe()
+	errR, errW := io.Pipe()
+	outDoneCh := make(chan struct{})
+	errDoneCh := make(chan struct{})
+	go p.copyOutput(o, outR, outDoneCh)
+	go p.copyOutput(o, errR, errDoneCh)
+
+	cmd := &remote.Cmd{
+		Command: command,
+		Stdout:  outW,
+		Stderr:  errW,
+	}
+
+	if err := comm.Start(cmd); err != nil {
+		return fmt.Errorf("Error executing command %q: %v", cmd.Command, err)
+	}
+
+	cmd.Wait()
+	if cmd.ExitStatus != 0 {
+		err = fmt.Errorf(
+			"Command %q exited with non-zero exit status: %d", cmd.Command, cmd.ExitStatus)
+	}
+
+	// Wait for output to clean up
+	outW.Close()
+	errW.Close()
+	<-outDoneCh
+	<-errDoneCh
+
+	// If we have an error, return it out now that we've cleaned up
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (p *Provisioner) copyOutput(o terraform.UIOutput, r io.Reader, doneCh chan<- struct{}) {
+	defer close(doneCh)
+	lr := linereader.New(r)
+	for line := range lr.Ch {
+		o.Output(line)
+	}
+}
diff --git a/builtin/provisioners/chef-client/resource_provisioner_test.go b/builtin/provisioners/chef-client/resource_provisioner_test.go
new file mode 100644
index 000000000000..7c798c7e3958
--- /dev/null
+++ b/builtin/provisioners/chef-client/resource_provisioner_test.go
@@ -0,0 +1,56 @@
+package chefclient
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/config"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestResourceProvisioner_impl(t *testing.T) {
+	var _ terraform.ResourceProvisioner = new(ResourceProvisioner)
+}
+
+func TestResourceProvider_Validate_good(t *testing.T) {
+	c := testConfig(t, map[string]interface{}{
+		"package":                "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm",
+		"run_list":               []interface{}{"cookbook::recipe"},
+		"node_name":              "nodename1",
+		"environment":            "_default",
+		"server_url":             "https://chef.local",
+		"validation_client_name": "validator",
+		"validation_key_path":    "validator.pem",
+		"attributes":             []interface{}{"key1 { subkey1 = value1 }"},
+	})
+	p := new(ResourceProvisioner)
+	warn, errs := p.Validate(c)
+	if len(warn) > 0 {
+		t.Fatalf("Warnings: %v", warn)
+	}
+	if len(errs) > 0 {
+		t.Fatalf("Errors: %v", errs)
+	}
+}
+
+func TestResourceProvider_Validate_bad(t *testing.T) {
+	c := testConfig(t, map[string]interface{}{
+		"package": "nope",
+	})
+	p := new(ResourceProvisioner)
+	warn, errs := p.Validate(c)
+	if len(warn) > 0 {
+		t.Fatalf("Warnings: %v", warn)
+	}
+	if len(errs) == 0 {
+		t.Fatalf("Should have errors")
+	}
+}
+
+func testConfig(t *testing.T, c map[string]interface{}) *terraform.ResourceConfig {
+	r, err := config.NewRawConfig(c)
+	if err != nil {
+		t.Fatalf("bad: %s", err)
+	}
+
+	return terraform.NewResourceConfig(r)
+}
diff --git a/builtin/provisioners/chef-client/ssh_provisioner.go b/builtin/provisioners/chef-client/ssh_provisioner.go
new file mode 100644
index 000000000000..2f95f7cc4221
--- /dev/null
+++ b/builtin/provisioners/chef-client/ssh_provisioner.go
@@ -0,0 +1,70 @@
+package chefclient
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform/communicator"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func (p *Provisioner) sshInstallChefClient(
+	o terraform.UIOutput,
+	comm communicator.Communicator) error {
+	var installCmd bytes.Buffer
+
+	// Build up a single command based on the given config options
+	installCmd.WriteString("curl")
+	if p.HTTPProxy != "" {
+		installCmd.WriteString(" --proxy " + p.HTTPProxy)
+	}
+	if p.NOProxy != nil {
+		installCmd.WriteString(" --noproxy " + strings.Join(p.NOProxy, ","))
+	}
+	installCmd.WriteString(" -LO https://www.chef.io/chef/install.sh 2>/dev/null &&")
+	if !p.PreventSudo {
+		installCmd.WriteString(" sudo")
+	}
+	installCmd.WriteString(" bash ./install.sh")
+	if p.Version != "" {
+		installCmd.WriteString(" -v " + p.Version)
+	}
+	installCmd.WriteString(" && rm -f install.sh")
+
+	// Execute the command to install Chef Client
+	return p.runCommand(o, comm, installCmd.String())
+}
+
+func (p *Provisioner) sshCreateConfigFiles(
+	o terraform.UIOutput,
+	comm communicator.Communicator) error {
+	// Make sure the config directory exists
+	cmd := fmt.Sprintf("mkdir -p %q", linuxConfDir)
+	if err := p.runCommand(o, comm, cmd); err != nil {
+		return err
+	}
+
+	// Make sure we have enough rights to upload the files if using sudo
+	if !p.PreventSudo {
+		if err := p.runCommand(o, comm, "chmod 777 "+linuxConfDir); err != nil {
+			return err
+		}
+	}
+
+	if err := p.deployConfigFiles(o, comm, linuxConfDir); err != nil {
+		return err
+	}
+
+	// When done copying the files restore the rights and make sure root is owner
+	if !p.PreventSudo {
+		if err := p.runCommand(o, comm, "chmod 755 "+linuxConfDir); err != nil {
+			return err
+		}
+		if err := p.runCommand(o, comm, "chown -R root.root "+linuxConfDir); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/builtin/provisioners/chef-client/ssh_provisioner_test.go b/builtin/provisioners/chef-client/ssh_provisioner_test.go
new file mode 100644
index 000000000000..9378abfe0fc1
--- /dev/null
+++ b/builtin/provisioners/chef-client/ssh_provisioner_test.go
@@ -0,0 +1 @@
+package chefclient
diff --git a/builtin/provisioners/chef-client/winrm_provisioner.go b/builtin/provisioners/chef-client/winrm_provisioner.go
new file mode 100644
index 000000000000..6b4edcf5f46c
--- /dev/null
+++ b/builtin/provisioners/chef-client/winrm_provisioner.go
@@ -0,0 +1,75 @@
+package chefclient
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/hashicorp/terraform/communicator"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+const installScript = `
+$winver = [System.Environment]::OSVersion.Version | %% {"{0}.{1}" -f $_.Major,$_.Minor}
+
+switch ($winver)
+{
+  "6.0" {$machine_os = "2008"}
+  "6.1" {$machine_os = "2008r2"}
+  "6.2" {$machine_os = "2012"}
+  "6.3" {$machine_os = "2012"}
+  default {$machine_os = "2008r2"}
+}
+
+if ([System.IntPtr]::Size -eq 4) {$machine_arch = "i686"} else {$machine_arch = "x86_64"}
+
+$url = "http://www.chef.io/chef/download?p=windows&pv=$machine_os&m=$machine_arch&v=%s"
+$dest = [System.IO.Path]::GetTempFileName()
+$dest = [System.IO.Path]::ChangeExtension($dest, ".msi")
+$downloader = New-Object System.Net.WebClient
+
+$http_proxy = '%s'
+if ($http_proxy -ne '') {
+	$no_proxy = '%s'
+  if ($no_proxy -eq ''){
+    $no_proxy = "127.0.0.1"
+  }
+
+  $proxy = New-Object System.Net.WebProxy($http_proxy, $true, ,$no_proxy.Split(','))
+  $downloader.proxy = $proxy
+}
+
+Write-Host 'Downloading Chef Client...'
+$downloader.DownloadFile($url, $dest)
+
+Write-Host 'Installing Chef Client...'
+Start-Process -FilePath msiexec -ArgumentList /qn, /i, $dest -Wait
+`
+
+func (p *Provisioner) winrmInstallChefClient(
+	o terraform.UIOutput,
+	comm communicator.Communicator) error {
+	script := path.Join(path.Dir(comm.ScriptPath()), "chefclient.ps1")
+	content := fmt.Sprintf(installScript, p.Version, p.HTTPProxy, strings.Join(p.NOProxy, ","))
+
+	// Copy the script to the new instance
+	if err := comm.UploadScript(script, strings.NewReader(content)); err != nil {
+		return fmt.Errorf("Uploading client.rb failed: %v", err)
+	}
+
+	// Execute the script to install Chef Client
+	installCmd := fmt.Sprintf("powershell -NoProfile -ExecutionPolicy Bypass -File %s", script)
+	return p.runCommand(o, comm, installCmd)
+}
+
+func (p *Provisioner) winrmCreateConfigFiles(
+	o terraform.UIOutput,
+	comm communicator.Communicator) error {
+	// Make sure the config directory exists
+	cmd := fmt.Sprintf("if not exist %q mkdir %q", windowsConfDir, windowsConfDir)
+	if err := p.runCommand(o, comm, cmd); err != nil {
+		return err
+	}
+
+	return p.deployConfigFiles(o, comm, windowsConfDir)
+}
diff --git a/builtin/provisioners/chef-client/winrm_provisioner_test.go b/builtin/provisioners/chef-client/winrm_provisioner_test.go
new file mode 100644
index 000000000000..9378abfe0fc1
--- /dev/null
+++ b/builtin/provisioners/chef-client/winrm_provisioner_test.go
@@ -0,0 +1 @@
+package chefclient
diff --git a/website/source/docs/provisioners/chef-client.html.markdown b/website/source/docs/provisioners/chef-client.html.markdown
new file mode 100644
index 000000000000..758b8c31c3ed
--- /dev/null
+++ b/website/source/docs/provisioners/chef-client.html.markdown
@@ -0,0 +1,90 @@
+---
+layout: "docs"
+page_title: "Provisioner: chef-client"
+sidebar_current: "docs-provisioners-chef-client"
+description: |-
+  The `chef-client` provisioner invokes a Chef Client run on a remote resource after first installing and configuring Chef Client on the remote resource. The `chef-client` provisioner supports both `ssh` and `winrm` type connections.
+---
+
+# chef Provisioner
+
+The `chef-client` provisioner invokes a Chef Client run on a remote resource after first
+installing and configuring Chef Client on the remote resource. The `chef-client` provisioner
+supports both `ssh` and `winrm` type [connections](/docs/provisioners/connection.html).
+
+## Example usage
+
+```
+# Start a initial chef run on a resource
+resource "aws_instance" "web" {
+    ...
+    provisioner "chef-client"  {
+        attributes {
+            "key" = "value"
+            "app" {
+                "cluster1" {
+                    "nodes" = ["webserver1", webserver2]
+                }
+            }
+        }
+        environment = "_default"
+        run_list = ["cookbook::recipe"]
+        node_name = "webserver1"
+        server_url = "https://chef.company.com/organizations/org1"
+        validation_client_name = "chef-validator"
+        validation_key_path = "../chef-validator.pem"
+        version = "11.18.6"
+    }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `attributes (hash)` - (Optional) A hash with initial node attributes for the new node.
+  See example.
+
+* `environment (string)` - (Optional) The Chef environment the new node will be joining
+  (defaults `_default`).
+
+* `log_to_file (boolean)` - (Optional) If true, the output of the initial Chef Client run
+  will be logged to a local file instead of the console. The file will be created in a
+  subdirectory called `logfiles` created in your current directory. The filename will be
+  the `node_name` of the new node.
+
+* `http_proxy (string)` - (Optional) The proxy server for Chef Client HTTP connections.
+
+* `https_proxy (string)` - (Optional) The proxy server for Chef Client HTTPS connections.
+
+* `no_proxy (array)` - (Optional) A list of URLs that should bypass the proxy.
+
+* `node_name (string)` - (Required) The name of the node to register with the Chef Server.
+
+* `prevent_sudo (boolean)` - (Optional) Prevent the use of sudo while installing, configuring
+  and running the initial Chef Client run. This option is only used with `ssh` type
+  [connections](/docs/provisioners/connection.html).
+
+* `run_list (array)` - (Required) A list with recipes that will be invoked during the initial
+  Chef Client run. The run-list will also be saved to the Chef Server after a successful
+  initial run.
+
+* `server_url (string)` - (Required) The URL to the Chef server. This includes the path to
+  the organization. See the example.
+
+* `skip_install (boolean)` - (Optional) Skip the installation of Chef Client on the remote
+  machine. This assumes Chef Client is already installed when you run the `chef-client`
+  provisioner.
+
+* `ssl_verify_mode (string)` - (Optional) Use to set the verify mode for Chef Client HTTPS
+  requests.
+
+* `validation_client_name (string)` - (Required) The name of the validation client to use
+  for the initial communication with the Chef Server.
+
+* `validation_key_path (string)` - (Required) The path to the validation key that is needed
+  by the node to register itself with the Chef Server. The key will be uploaded to the remote
+  machine.
+
+* `version (string)` - (Optional) The Chef Client version to install on the remote machine.
+  If not set the latest available version will be installed.
diff --git a/website/source/docs/provisioners/file.html.markdown b/website/source/docs/provisioners/file.html.markdown
index 70a266c3b8dc..be50ed374d83 100644
--- a/website/source/docs/provisioners/file.html.markdown
+++ b/website/source/docs/provisioners/file.html.markdown
@@ -3,7 +3,7 @@ layout: "docs"
 page_title: "Provisioner: file"
 sidebar_current: "docs-provisioners-file"
 description: |-
-  The `file` provisioner is used to copy files or directories from the machine executing Terraform to the newly created resource. The `file` provisioner only supports `ssh` type connections.
+  The `file` provisioner is used to copy files or directories from the machine executing Terraform to the newly created resource. The `file` provisioner supports both `ssh` and `winrm` type connections.
 ---
 
 # File Provisioner
diff --git a/website/source/docs/provisioners/remote-exec.html.markdown b/website/source/docs/provisioners/remote-exec.html.markdown
index 79b7de9c0eb2..d771e558666b 100644
--- a/website/source/docs/provisioners/remote-exec.html.markdown
+++ b/website/source/docs/provisioners/remote-exec.html.markdown
@@ -3,7 +3,7 @@ layout: "docs"
 page_title: "Provisioner: remote-exec"
 sidebar_current: "docs-provisioners-remote"
 description: |-
-  The `remote-exec` provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. To invoke a local process, see the `local-exec` provisioner instead. The `remote-exec` provisioner only supports `ssh` type connections.
+  The `remote-exec` provisioner invokes a script on a remote resource after it is created. This can be used to run a configuration management tool, bootstrap into a cluster, etc. To invoke a local process, see the `local-exec` provisioner instead. The `remote-exec` provisioner supports both `ssh` and `winrm` type connections.
 ---
 
 # remote-exec Provisioner
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 493dc68161b3..7ff775168919 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -178,6 +178,10 @@
 				<li<%= sidebar_current("docs-provisioners") %>>
 				<a href="/docs/provisioners/index.html">Provisioners</a>
 				<ul class="nav">
+					<li<%= sidebar_current("docs-provisioners-chef-client") %>>
++					<a href="/docs/provisioners/chef-client.html">chef-client</a>
++					</li>
+
 					<li<%= sidebar_current("docs-provisioners-connection") %>>
 					<a href="/docs/provisioners/connection.html">connection</a>
 					</li>

From 4a99cf9e9f86617ce894baac9dd75ab2bec11f20 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 8 May 2015 14:52:25 +0200
Subject: [PATCH 2/7] Small update/fix to properly clean ANSI going to the
 logfile...

---
 builtin/provisioners/chef-client/resource_provisioner.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/builtin/provisioners/chef-client/resource_provisioner.go b/builtin/provisioners/chef-client/resource_provisioner.go
index e4c410e20408..f51804ee316e 100644
--- a/builtin/provisioners/chef-client/resource_provisioner.go
+++ b/builtin/provisioners/chef-client/resource_provisioner.go
@@ -9,6 +9,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"regexp"
 	"strings"
 	"text/template"
 	"time"
@@ -269,7 +270,13 @@ func (p *Provisioner) Output(output string) {
 	}
 	defer f.Close()
 
+	// These steps are needed to remove any ANSI escape codes used to colorize
+	// the output and to make sure we have proper line endings before writing
+	// the string to the logfile.
+	re := regexp.MustCompile(`\x1b\[[0-9;]+m`)
+	output = re.ReplaceAllString(output, "")
 	output = strings.Replace(output, "\r", "\n", -1)
+
 	if _, err := f.WriteString(output); err != nil {
 		log.Printf("Error writing output to logfile %s: %v", logFile, err)
 	}

From d4150d5b1a7869b5b511dd4becf3b470e98d3fd7 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 8 May 2015 18:17:57 +0200
Subject: [PATCH 3/7] Adding the tests...

---
 .../chef-client/resource_provisioner_test.go  |  93 ++++-
 .../chef-client/ssh_provisioner.go            |  10 +-
 .../chef-client/ssh_provisioner_test.go       | 278 ++++++++++++++
 .../chef-client/test-fixtures/validator.pem   |   1 +
 .../chef-client/winrm_provisioner.go          |   2 +-
 .../chef-client/winrm_provisioner_test.go     | 345 ++++++++++++++++++
 communicator/communicator_mock.go             |  91 +++++
 7 files changed, 808 insertions(+), 12 deletions(-)
 create mode 100644 builtin/provisioners/chef-client/test-fixtures/validator.pem
 create mode 100644 communicator/communicator_mock.go

diff --git a/builtin/provisioners/chef-client/resource_provisioner_test.go b/builtin/provisioners/chef-client/resource_provisioner_test.go
index 7c798c7e3958..6dfd3391678c 100644
--- a/builtin/provisioners/chef-client/resource_provisioner_test.go
+++ b/builtin/provisioners/chef-client/resource_provisioner_test.go
@@ -3,6 +3,7 @@ package chefclient
 import (
 	"testing"
 
+	"github.com/hashicorp/terraform/communicator"
 	"github.com/hashicorp/terraform/config"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -13,17 +14,16 @@ func TestResourceProvisioner_impl(t *testing.T) {
 
 func TestResourceProvider_Validate_good(t *testing.T) {
 	c := testConfig(t, map[string]interface{}{
-		"package":                "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.18.6-1.el6.x86_64.rpm",
-		"run_list":               []interface{}{"cookbook::recipe"},
-		"node_name":              "nodename1",
+		"attributes":             []interface{}{"key1 { subkey1 = value1 }"},
 		"environment":            "_default",
+		"node_name":              "nodename1",
+		"run_list":               []interface{}{"cookbook::recipe"},
 		"server_url":             "https://chef.local",
 		"validation_client_name": "validator",
 		"validation_key_path":    "validator.pem",
-		"attributes":             []interface{}{"key1 { subkey1 = value1 }"},
 	})
-	p := new(ResourceProvisioner)
-	warn, errs := p.Validate(c)
+	r := new(ResourceProvisioner)
+	warn, errs := r.Validate(c)
 	if len(warn) > 0 {
 		t.Fatalf("Warnings: %v", warn)
 	}
@@ -34,7 +34,7 @@ func TestResourceProvider_Validate_good(t *testing.T) {
 
 func TestResourceProvider_Validate_bad(t *testing.T) {
 	c := testConfig(t, map[string]interface{}{
-		"package": "nope",
+		"invalid": "nope",
 	})
 	p := new(ResourceProvisioner)
 	warn, errs := p.Validate(c)
@@ -54,3 +54,82 @@ func testConfig(t *testing.T, c map[string]interface{}) *terraform.ResourceConfi
 
 	return terraform.NewResourceConfig(r)
 }
+
+func TestResourceProvider_runChefClient(t *testing.T) {
+	cases := map[string]struct {
+		Config   *terraform.ResourceConfig
+		ConfDir  string
+		Commands map[string]bool
+	}{
+		"Sudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			ConfDir: linuxConfDir,
+
+			Commands: map[string]bool{
+				`sudo chef-client -j "/etc/chef/first-boot.json" -E "_default"`: true,
+			},
+		},
+
+		"NoSudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			ConfDir: linuxConfDir,
+
+			Commands: map[string]bool{
+				`chef-client -j "/etc/chef/first-boot.json" -E "_default"`: true,
+			},
+		},
+
+		"Environment": {
+			Config: testConfig(t, map[string]interface{}{
+				"environment":            "production",
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			ConfDir: windowsConfDir,
+
+			Commands: map[string]bool{
+				`chef-client -j "C:/chef/first-boot.json" -E "production"`: true,
+			},
+		},
+	}
+
+	r := new(ResourceProvisioner)
+	o := new(terraform.MockUIOutput)
+	c := new(communicator.MockCommunicator)
+
+	for k, tc := range cases {
+		c.Commands = tc.Commands
+
+		p, err := r.decodeConfig(tc.Config)
+		if err != nil {
+			t.Fatalf("Error: %v", err)
+		}
+
+		p.runChefClient = p.runChefClientFunc(tc.ConfDir)
+
+		err = p.runChefClient(o, c)
+		if err != nil {
+			t.Fatalf("Test %q failed: %v", k, err)
+		}
+	}
+}
diff --git a/builtin/provisioners/chef-client/ssh_provisioner.go b/builtin/provisioners/chef-client/ssh_provisioner.go
index 2f95f7cc4221..9efea5a7b22d 100644
--- a/builtin/provisioners/chef-client/ssh_provisioner.go
+++ b/builtin/provisioners/chef-client/ssh_provisioner.go
@@ -2,7 +2,6 @@ package chefclient
 
 import (
 	"bytes"
-	"fmt"
 	"strings"
 
 	"github.com/hashicorp/terraform/communicator"
@@ -30,7 +29,11 @@ func (p *Provisioner) sshInstallChefClient(
 	if p.Version != "" {
 		installCmd.WriteString(" -v " + p.Version)
 	}
-	installCmd.WriteString(" && rm -f install.sh")
+	installCmd.WriteString(" &&")
+	if !p.PreventSudo {
+		installCmd.WriteString(" sudo")
+	}
+	installCmd.WriteString(" rm -f install.sh")
 
 	// Execute the command to install Chef Client
 	return p.runCommand(o, comm, installCmd.String())
@@ -40,8 +43,7 @@ func (p *Provisioner) sshCreateConfigFiles(
 	o terraform.UIOutput,
 	comm communicator.Communicator) error {
 	// Make sure the config directory exists
-	cmd := fmt.Sprintf("mkdir -p %q", linuxConfDir)
-	if err := p.runCommand(o, comm, cmd); err != nil {
+	if err := p.runCommand(o, comm, "mkdir -p "+linuxConfDir); err != nil {
 		return err
 	}
 
diff --git a/builtin/provisioners/chef-client/ssh_provisioner_test.go b/builtin/provisioners/chef-client/ssh_provisioner_test.go
index 9378abfe0fc1..7e7389d21679 100644
--- a/builtin/provisioners/chef-client/ssh_provisioner_test.go
+++ b/builtin/provisioners/chef-client/ssh_provisioner_test.go
@@ -1 +1,279 @@
 package chefclient
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/communicator"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestResourceProvider_sshInstallChefClient(t *testing.T) {
+	cases := map[string]struct {
+		Config   *terraform.ResourceConfig
+		Commands map[string]bool
+	}{
+		"Sudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"sudo curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
+					"sudo bash ./install.sh && sudo rm -f install.sh": true,
+			},
+		},
+
+		"NoSudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
+					"bash ./install.sh && rm -f install.sh": true,
+			},
+		},
+
+		"HTTPProxy": {
+			Config: testConfig(t, map[string]interface{}{
+				"http_proxy":             "http://proxy.local",
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"curl --proxy http://proxy.local -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
+					"bash ./install.sh && rm -f install.sh": true,
+			},
+		},
+
+		"NOProxy": {
+			Config: testConfig(t, map[string]interface{}{
+				"http_proxy":             "http://proxy.local",
+				"no_proxy":               []interface{}{"http://local.local", "http://local.org"},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"curl --proxy http://proxy.local --noproxy http://local.local,http://local.org -LO " +
+					"https://www.chef.io/chef/install.sh 2>/dev/null && bash ./install.sh && " +
+					"rm -f install.sh": true,
+			},
+		},
+
+		"Version": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+				"version":                "11.18.6",
+			}),
+
+			Commands: map[string]bool{
+				"curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
+					"bash ./install.sh -v 11.18.6 && rm -f install.sh": true,
+			},
+		},
+	}
+
+	r := new(ResourceProvisioner)
+	o := new(terraform.MockUIOutput)
+	c := new(communicator.MockCommunicator)
+
+	for k, tc := range cases {
+		c.Commands = tc.Commands
+
+		p, err := r.decodeConfig(tc.Config)
+		if err != nil {
+			t.Fatalf("Error: %v", err)
+		}
+
+		err = p.sshInstallChefClient(o, c)
+		if err != nil {
+			t.Fatalf("Test %q failed: %v", k, err)
+		}
+	}
+}
+
+func TestResourceProvider_sshCreateConfigFiles(t *testing.T) {
+	cases := map[string]struct {
+		Config   *terraform.ResourceConfig
+		Commands map[string]bool
+		Uploads  map[string]string
+	}{
+		"Sudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"sudo mkdir -p " + linuxConfDir:           true,
+				"sudo chmod 777 " + linuxConfDir:          true,
+				"sudo chmod 755 " + linuxConfDir:          true,
+				"sudo chown -R root.root " + linuxConfDir: true,
+			},
+
+			Uploads: map[string]string{
+				"/etc/chef/validation.pem":  "VALIDATOR-PEM-FILE",
+				"/etc/chef/client.rb":       defaultSSHClientConf,
+				"/etc/chef/first-boot.json": `{"run_list":["cookbook::recipe"]}`,
+			},
+		},
+
+		"NoSudo": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"mkdir -p " + linuxConfDir: true,
+			},
+
+			Uploads: map[string]string{
+				"/etc/chef/validation.pem":  "VALIDATOR-PEM-FILE",
+				"/etc/chef/client.rb":       defaultSSHClientConf,
+				"/etc/chef/first-boot.json": `{"run_list":["cookbook::recipe"]}`,
+			},
+		},
+
+		"Proxy": {
+			Config: testConfig(t, map[string]interface{}{
+				"http_proxy":             "http://proxy.local",
+				"https_proxy":            "https://proxy.local",
+				"no_proxy":               []interface{}{"http://local.local", "https://local.local"},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"mkdir -p " + linuxConfDir: true,
+			},
+
+			Uploads: map[string]string{
+				"/etc/chef/validation.pem":  "VALIDATOR-PEM-FILE",
+				"/etc/chef/client.rb":       proxySSHClientConf,
+				"/etc/chef/first-boot.json": `{"run_list":["cookbook::recipe"]}`,
+			},
+		},
+
+		"Attributes": {
+			Config: testConfig(t, map[string]interface{}{
+				"attributes": []map[string]interface{}{
+					map[string]interface{}{
+						"key1": []map[string]interface{}{
+							map[string]interface{}{
+								"subkey1": []map[string]interface{}{
+									map[string]interface{}{
+										"subkey2a": []interface{}{
+											"val1", "val2", "val3",
+										},
+										"subkey2b": []map[string]interface{}{
+											map[string]interface{}{
+												"subkey3": "value3",
+											},
+										},
+									},
+								},
+							},
+						},
+						"key2": "value2",
+					},
+				},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true,
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"mkdir -p " + linuxConfDir: true,
+			},
+
+			Uploads: map[string]string{
+				"/etc/chef/validation.pem": "VALIDATOR-PEM-FILE",
+				"/etc/chef/client.rb":      defaultSSHClientConf,
+				"/etc/chef/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` +
+					`"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`,
+			},
+		},
+	}
+
+	r := new(ResourceProvisioner)
+	o := new(terraform.MockUIOutput)
+	c := new(communicator.MockCommunicator)
+
+	for k, tc := range cases {
+		c.Commands = tc.Commands
+		c.Uploads = tc.Uploads
+
+		p, err := r.decodeConfig(tc.Config)
+		if err != nil {
+			t.Fatalf("Error: %v", err)
+		}
+
+		err = p.sshCreateConfigFiles(o, c)
+		if err != nil {
+			t.Fatalf("Test %q failed: %v", k, err)
+		}
+	}
+}
+
+const defaultSSHClientConf = `log_location            STDOUT
+chef_server_url         "https://chef.local"
+validation_client_name  "validator"
+node_name               "nodename1"`
+
+const proxySSHClientConf = `log_location            STDOUT
+chef_server_url         "https://chef.local"
+validation_client_name  "validator"
+node_name               "nodename1"
+
+
+http_proxy          "http://proxy.local"
+ENV['http_proxy'] = "http://proxy.local"
+ENV['HTTP_PROXY'] = "http://proxy.local"
+
+
+
+https_proxy          "https://proxy.local"
+ENV['https_proxy'] = "https://proxy.local"
+ENV['HTTPS_PROXY'] = "https://proxy.local"
+
+
+no_proxy "http://local.local,https://local.local"`
diff --git a/builtin/provisioners/chef-client/test-fixtures/validator.pem b/builtin/provisioners/chef-client/test-fixtures/validator.pem
new file mode 100644
index 000000000000..03e6d6de7668
--- /dev/null
+++ b/builtin/provisioners/chef-client/test-fixtures/validator.pem
@@ -0,0 +1 @@
+VALIDATOR-PEM-FILE
diff --git a/builtin/provisioners/chef-client/winrm_provisioner.go b/builtin/provisioners/chef-client/winrm_provisioner.go
index 6b4edcf5f46c..7f3426e76a72 100644
--- a/builtin/provisioners/chef-client/winrm_provisioner.go
+++ b/builtin/provisioners/chef-client/winrm_provisioner.go
@@ -49,7 +49,7 @@ Start-Process -FilePath msiexec -ArgumentList /qn, /i, $dest -Wait
 func (p *Provisioner) winrmInstallChefClient(
 	o terraform.UIOutput,
 	comm communicator.Communicator) error {
-	script := path.Join(path.Dir(comm.ScriptPath()), "chefclient.ps1")
+	script := path.Join(path.Dir(comm.ScriptPath()), "ChefClient.ps1")
 	content := fmt.Sprintf(installScript, p.Version, p.HTTPProxy, strings.Join(p.NOProxy, ","))
 
 	// Copy the script to the new instance
diff --git a/builtin/provisioners/chef-client/winrm_provisioner_test.go b/builtin/provisioners/chef-client/winrm_provisioner_test.go
index 9378abfe0fc1..95fb38773689 100644
--- a/builtin/provisioners/chef-client/winrm_provisioner_test.go
+++ b/builtin/provisioners/chef-client/winrm_provisioner_test.go
@@ -1 +1,346 @@
 package chefclient
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/communicator"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestResourceProvider_winrmInstallChefClient(t *testing.T) {
+	cases := map[string]struct {
+		Config        *terraform.ResourceConfig
+		Commands      map[string]bool
+		UploadScripts map[string]string
+	}{
+		"Default": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"powershell -NoProfile -ExecutionPolicy Bypass -File ChefClient.ps1": true,
+			},
+
+			UploadScripts: map[string]string{
+				"ChefClient.ps1": defaultWinRMInstallScript,
+			},
+		},
+
+		"Proxy": {
+			Config: testConfig(t, map[string]interface{}{
+				"http_proxy":             "http://proxy.local",
+				"no_proxy":               []interface{}{"http://local.local", "http://local.org"},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				"powershell -NoProfile -ExecutionPolicy Bypass -File ChefClient.ps1": true,
+			},
+
+			UploadScripts: map[string]string{
+				"ChefClient.ps1": proxyWinRMInstallScript,
+			},
+		},
+
+		"Version": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "validator.pem",
+				"version":                "11.18.6",
+			}),
+
+			Commands: map[string]bool{
+				"powershell -NoProfile -ExecutionPolicy Bypass -File ChefClient.ps1": true,
+			},
+
+			UploadScripts: map[string]string{
+				"ChefClient.ps1": versionWinRMInstallScript,
+			},
+		},
+	}
+
+	r := new(ResourceProvisioner)
+	o := new(terraform.MockUIOutput)
+	c := new(communicator.MockCommunicator)
+
+	for k, tc := range cases {
+		c.Commands = tc.Commands
+		c.UploadScripts = tc.UploadScripts
+
+		p, err := r.decodeConfig(tc.Config)
+		if err != nil {
+			t.Fatalf("Error: %v", err)
+		}
+
+		err = p.winrmInstallChefClient(o, c)
+		if err != nil {
+			t.Fatalf("Test %q failed: %v", k, err)
+		}
+	}
+}
+
+func TestResourceProvider_winrmCreateConfigFiles(t *testing.T) {
+	cases := map[string]struct {
+		Config   *terraform.ResourceConfig
+		Commands map[string]bool
+		Uploads  map[string]string
+	}{
+		"Default": {
+			Config: testConfig(t, map[string]interface{}{
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				fmt.Sprintf("if not exist %q mkdir %q", windowsConfDir, windowsConfDir): true,
+			},
+
+			Uploads: map[string]string{
+				"C:/chef/validation.pem":  "VALIDATOR-PEM-FILE",
+				"C:/chef/client.rb":       defaultWinRMClientConf,
+				"C:/chef/first-boot.json": `{"run_list":["cookbook::recipe"]}`,
+			},
+		},
+
+		"Proxy": {
+			Config: testConfig(t, map[string]interface{}{
+				"http_proxy":             "http://proxy.local",
+				"https_proxy":            "https://proxy.local",
+				"no_proxy":               []interface{}{"http://local.local", "https://local.local"},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				fmt.Sprintf("if not exist %q mkdir %q", windowsConfDir, windowsConfDir): true,
+			},
+
+			Uploads: map[string]string{
+				"C:/chef/validation.pem":  "VALIDATOR-PEM-FILE",
+				"C:/chef/client.rb":       proxyWinRMClientConf,
+				"C:/chef/first-boot.json": `{"run_list":["cookbook::recipe"]}`,
+			},
+		},
+
+		"Attributes": {
+			Config: testConfig(t, map[string]interface{}{
+				"attributes": []map[string]interface{}{
+					map[string]interface{}{
+						"key1": []map[string]interface{}{
+							map[string]interface{}{
+								"subkey1": []map[string]interface{}{
+									map[string]interface{}{
+										"subkey2a": []interface{}{
+											"val1", "val2", "val3",
+										},
+										"subkey2b": []map[string]interface{}{
+											map[string]interface{}{
+												"subkey3": "value3",
+											},
+										},
+									},
+								},
+							},
+						},
+						"key2": "value2",
+					},
+				},
+				"node_name":              "nodename1",
+				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
+				"run_list":               []interface{}{"cookbook::recipe"},
+				"server_url":             "https://chef.local",
+				"validation_client_name": "validator",
+				"validation_key_path":    "test-fixtures/validator.pem",
+			}),
+
+			Commands: map[string]bool{
+				fmt.Sprintf("if not exist %q mkdir %q", windowsConfDir, windowsConfDir): true,
+			},
+
+			Uploads: map[string]string{
+				"C:/chef/validation.pem": "VALIDATOR-PEM-FILE",
+				"C:/chef/client.rb":      defaultWinRMClientConf,
+				"C:/chef/first-boot.json": `{"key1":{"subkey1":{"subkey2a":["val1","val2","val3"],` +
+					`"subkey2b":{"subkey3":"value3"}}},"key2":"value2","run_list":["cookbook::recipe"]}`,
+			},
+		},
+	}
+
+	r := new(ResourceProvisioner)
+	o := new(terraform.MockUIOutput)
+	c := new(communicator.MockCommunicator)
+
+	for k, tc := range cases {
+		c.Commands = tc.Commands
+		c.Uploads = tc.Uploads
+
+		p, err := r.decodeConfig(tc.Config)
+		if err != nil {
+			t.Fatalf("Error: %v", err)
+		}
+
+		err = p.winrmCreateConfigFiles(o, c)
+		if err != nil {
+			t.Fatalf("Test %q failed: %v", k, err)
+		}
+	}
+}
+
+const defaultWinRMInstallScript = `
+$winver = [System.Environment]::OSVersion.Version | % {"{0}.{1}" -f $_.Major,$_.Minor}
+
+switch ($winver)
+{
+  "6.0" {$machine_os = "2008"}
+  "6.1" {$machine_os = "2008r2"}
+  "6.2" {$machine_os = "2012"}
+  "6.3" {$machine_os = "2012"}
+  default {$machine_os = "2008r2"}
+}
+
+if ([System.IntPtr]::Size -eq 4) {$machine_arch = "i686"} else {$machine_arch = "x86_64"}
+
+$url = "http://www.chef.io/chef/download?p=windows&pv=$machine_os&m=$machine_arch&v="
+$dest = [System.IO.Path]::GetTempFileName()
+$dest = [System.IO.Path]::ChangeExtension($dest, ".msi")
+$downloader = New-Object System.Net.WebClient
+
+$http_proxy = ''
+if ($http_proxy -ne '') {
+	$no_proxy = ''
+  if ($no_proxy -eq ''){
+    $no_proxy = "127.0.0.1"
+  }
+
+  $proxy = New-Object System.Net.WebProxy($http_proxy, $true, ,$no_proxy.Split(','))
+  $downloader.proxy = $proxy
+}
+
+Write-Host 'Downloading Chef Client...'
+$downloader.DownloadFile($url, $dest)
+
+Write-Host 'Installing Chef Client...'
+Start-Process -FilePath msiexec -ArgumentList /qn, /i, $dest -Wait
+`
+
+const proxyWinRMInstallScript = `
+$winver = [System.Environment]::OSVersion.Version | % {"{0}.{1}" -f $_.Major,$_.Minor}
+
+switch ($winver)
+{
+  "6.0" {$machine_os = "2008"}
+  "6.1" {$machine_os = "2008r2"}
+  "6.2" {$machine_os = "2012"}
+  "6.3" {$machine_os = "2012"}
+  default {$machine_os = "2008r2"}
+}
+
+if ([System.IntPtr]::Size -eq 4) {$machine_arch = "i686"} else {$machine_arch = "x86_64"}
+
+$url = "http://www.chef.io/chef/download?p=windows&pv=$machine_os&m=$machine_arch&v="
+$dest = [System.IO.Path]::GetTempFileName()
+$dest = [System.IO.Path]::ChangeExtension($dest, ".msi")
+$downloader = New-Object System.Net.WebClient
+
+$http_proxy = 'http://proxy.local'
+if ($http_proxy -ne '') {
+	$no_proxy = 'http://local.local,http://local.org'
+  if ($no_proxy -eq ''){
+    $no_proxy = "127.0.0.1"
+  }
+
+  $proxy = New-Object System.Net.WebProxy($http_proxy, $true, ,$no_proxy.Split(','))
+  $downloader.proxy = $proxy
+}
+
+Write-Host 'Downloading Chef Client...'
+$downloader.DownloadFile($url, $dest)
+
+Write-Host 'Installing Chef Client...'
+Start-Process -FilePath msiexec -ArgumentList /qn, /i, $dest -Wait
+`
+
+const versionWinRMInstallScript = `
+$winver = [System.Environment]::OSVersion.Version | % {"{0}.{1}" -f $_.Major,$_.Minor}
+
+switch ($winver)
+{
+  "6.0" {$machine_os = "2008"}
+  "6.1" {$machine_os = "2008r2"}
+  "6.2" {$machine_os = "2012"}
+  "6.3" {$machine_os = "2012"}
+  default {$machine_os = "2008r2"}
+}
+
+if ([System.IntPtr]::Size -eq 4) {$machine_arch = "i686"} else {$machine_arch = "x86_64"}
+
+$url = "http://www.chef.io/chef/download?p=windows&pv=$machine_os&m=$machine_arch&v=11.18.6"
+$dest = [System.IO.Path]::GetTempFileName()
+$dest = [System.IO.Path]::ChangeExtension($dest, ".msi")
+$downloader = New-Object System.Net.WebClient
+
+$http_proxy = ''
+if ($http_proxy -ne '') {
+	$no_proxy = ''
+  if ($no_proxy -eq ''){
+    $no_proxy = "127.0.0.1"
+  }
+
+  $proxy = New-Object System.Net.WebProxy($http_proxy, $true, ,$no_proxy.Split(','))
+  $downloader.proxy = $proxy
+}
+
+Write-Host 'Downloading Chef Client...'
+$downloader.DownloadFile($url, $dest)
+
+Write-Host 'Installing Chef Client...'
+Start-Process -FilePath msiexec -ArgumentList /qn, /i, $dest -Wait
+`
+
+const defaultWinRMClientConf = `log_location            STDOUT
+chef_server_url         "https://chef.local"
+validation_client_name  "validator"
+node_name               "nodename1"`
+
+const proxyWinRMClientConf = `log_location            STDOUT
+chef_server_url         "https://chef.local"
+validation_client_name  "validator"
+node_name               "nodename1"
+
+
+http_proxy          "http://proxy.local"
+ENV['http_proxy'] = "http://proxy.local"
+ENV['HTTP_PROXY'] = "http://proxy.local"
+
+
+
+https_proxy          "https://proxy.local"
+ENV['https_proxy'] = "https://proxy.local"
+ENV['HTTPS_PROXY'] = "https://proxy.local"
+
+
+no_proxy "http://local.local,https://local.local"`
diff --git a/communicator/communicator_mock.go b/communicator/communicator_mock.go
new file mode 100644
index 000000000000..f1c5ad5e6fdc
--- /dev/null
+++ b/communicator/communicator_mock.go
@@ -0,0 +1,91 @@
+package communicator
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform/communicator/remote"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// MockCommunicator is an implementation of Communicator that can be used for tests.
+type MockCommunicator struct {
+	RemoteScriptPath string
+	Commands         map[string]bool
+	Uploads          map[string]string
+	UploadScripts    map[string]string
+	UploadDirs       map[string]string
+}
+
+// Connect implementation of communicator.Communicator interface
+func (c *MockCommunicator) Connect(o terraform.UIOutput) error {
+	return nil
+}
+
+// Disconnect implementation of communicator.Communicator interface
+func (c *MockCommunicator) Disconnect() error {
+	return nil
+}
+
+// Timeout implementation of communicator.Communicator interface
+func (c *MockCommunicator) Timeout() time.Duration {
+	return time.Duration(5 * time.Second)
+}
+
+// ScriptPath implementation of communicator.Communicator interface
+func (c *MockCommunicator) ScriptPath() string {
+	return c.RemoteScriptPath
+}
+
+// Start implementation of communicator.Communicator interface
+func (c *MockCommunicator) Start(r *remote.Cmd) error {
+	if !c.Commands[r.Command] {
+		return fmt.Errorf("Command not found!")
+	}
+
+	r.SetExited(0)
+
+	return nil
+}
+
+// Upload implementation of communicator.Communicator interface
+func (c *MockCommunicator) Upload(path string, input io.Reader) error {
+	f, ok := c.Uploads[path]
+	if !ok {
+		return fmt.Errorf("Path %q not found!", path)
+	}
+
+	var buf bytes.Buffer
+	buf.ReadFrom(input)
+	content := strings.TrimSpace(buf.String())
+
+	f = strings.TrimSpace(f)
+	if f != content {
+		return fmt.Errorf("expected: %q\n\ngot: %q\n", f, content)
+	}
+
+	return nil
+}
+
+// UploadScript implementation of communicator.Communicator interface
+func (c *MockCommunicator) UploadScript(path string, input io.Reader) error {
+	c.Uploads = c.UploadScripts
+	return c.Upload(path, input)
+}
+
+// UploadDir implementation of communicator.Communicator interface
+func (c *MockCommunicator) UploadDir(dst string, src string) error {
+	v, ok := c.UploadDirs[src]
+	if !ok {
+		return fmt.Errorf("Directory not found!")
+	}
+
+	if v != dst {
+		return fmt.Errorf("expected: %q\n\ngot: %q\n", v, dst)
+	}
+
+	return nil
+}

From c19d92fb6790ac8626afcfe8c93abdbad928b3fd Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 8 May 2015 23:25:24 +0200
Subject: [PATCH 4/7] Refactored quite a few things after review...
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also renamed the provisioner to just `chef` as it’s out intention to
end up with one provisioner for all types of `chef` clients.
---
 .../main.go                                   |  4 +-
 .../main_test.go                              |  0
 .../resource_provisioner.go                   | 42 ++++++++++++-------
 .../resource_provisioner_test.go              |  2 +-
 .../{chef-client => chef}/ssh_provisioner.go  | 42 ++++++++++---------
 .../ssh_provisioner_test.go                   | 29 ++++++++-----
 .../test-fixtures/validator.pem               |  0
 .../winrm_provisioner.go                      |  2 +-
 .../winrm_provisioner_test.go                 |  2 +-
 ...lient.html.markdown => chef.html.markdown} | 24 +++++++----
 website/source/layouts/docs.erb               |  6 +--
 11 files changed, 90 insertions(+), 63 deletions(-)
 rename builtin/bins/{provisioner-chef-client => provisioner-chef}/main.go (66%)
 rename builtin/bins/{provisioner-chef-client => provisioner-chef}/main_test.go (100%)
 rename builtin/provisioners/{chef-client => chef}/resource_provisioner.go (87%)
 rename builtin/provisioners/{chef-client => chef}/resource_provisioner_test.go (99%)
 rename builtin/provisioners/{chef-client => chef}/ssh_provisioner.go (59%)
 rename builtin/provisioners/{chef-client => chef}/ssh_provisioner_test.go (86%)
 rename builtin/provisioners/{chef-client => chef}/test-fixtures/validator.pem (100%)
 rename builtin/provisioners/{chef-client => chef}/winrm_provisioner.go (99%)
 rename builtin/provisioners/{chef-client => chef}/winrm_provisioner_test.go (99%)
 rename website/source/docs/provisioners/{chef-client.html.markdown => chef.html.markdown} (77%)

diff --git a/builtin/bins/provisioner-chef-client/main.go b/builtin/bins/provisioner-chef/main.go
similarity index 66%
rename from builtin/bins/provisioner-chef-client/main.go
rename to builtin/bins/provisioner-chef/main.go
index ca483ad760b9..a12c65cf7607 100644
--- a/builtin/bins/provisioner-chef-client/main.go
+++ b/builtin/bins/provisioner-chef/main.go
@@ -1,7 +1,7 @@
 package main
 
 import (
-	"github.com/hashicorp/terraform/builtin/provisioners/chef-client"
+	"github.com/hashicorp/terraform/builtin/provisioners/chef"
 	"github.com/hashicorp/terraform/plugin"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -9,7 +9,7 @@ import (
 func main() {
 	plugin.Serve(&plugin.ServeOpts{
 		ProvisionerFunc: func() terraform.ResourceProvisioner {
-			return new(chefclient.ResourceProvisioner)
+			return new(chef.ResourceProvisioner)
 		},
 	})
 }
diff --git a/builtin/bins/provisioner-chef-client/main_test.go b/builtin/bins/provisioner-chef/main_test.go
similarity index 100%
rename from builtin/bins/provisioner-chef-client/main_test.go
rename to builtin/bins/provisioner-chef/main_test.go
diff --git a/builtin/provisioners/chef-client/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
similarity index 87%
rename from builtin/provisioners/chef-client/resource_provisioner.go
rename to builtin/provisioners/chef/resource_provisioner.go
index f51804ee316e..07c2812aa2ac 100644
--- a/builtin/provisioners/chef-client/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -1,4 +1,4 @@
-package chefclient
+package chef
 
 import (
 	"bytes"
@@ -22,9 +22,12 @@ import (
 )
 
 const (
+	clienrb        = "client.rb"
+	defaultChefEnv = "_default"
 	firstBoot      = "first-boot.json"
 	logfileDir     = "logfiles"
 	linuxConfDir   = "/etc/chef"
+	validationKey  = "validation.pem"
 	windowsConfDir = "C:/chef"
 )
 
@@ -52,7 +55,7 @@ ENV['HTTPS_PROXY'] = "{{ .HTTPSProxy }}"
 
 // Provisioner represents a specificly configured chef provisioner
 type Provisioner struct {
-	Attributes           interface{} `mapstructure:"-"`
+	Attributes           interface{} `mapstructure:"attributes"`
 	Environment          string      `mapstructure:"environment"`
 	LogToFile            bool        `mapstructure:"log_to_file"`
 	HTTPProxy            string      `mapstructure:"http_proxy"`
@@ -169,6 +172,7 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis
 	p := new(Provisioner)
 
 	decConf := &mapstructure.DecoderConfig{
+		ErrorUnused:      true,
 		WeaklyTypedInput: true,
 		Result:           p,
 	}
@@ -182,7 +186,7 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis
 	}
 
 	if p.Environment == "" {
-		p.Environment = "_default"
+		p.Environment = defaultChefEnv
 	}
 
 	if attrs, ok := c.Raw["attributes"]; ok {
@@ -241,7 +245,7 @@ func (p *Provisioner) runChefClientFunc(
 		cmd := fmt.Sprintf("chef-client -j %q -E %q", fb, p.Environment)
 
 		if p.LogToFile {
-			if err := os.MkdirAll(logfileDir, 0777); err != nil {
+			if err := os.MkdirAll(logfileDir, 0755); err != nil {
 				return fmt.Errorf("Error creating logfile directory %s: %v", logfileDir, err)
 			}
 
@@ -290,16 +294,16 @@ func (p *Provisioner) deployConfigFiles(
 	o terraform.UIOutput,
 	comm communicator.Communicator,
 	confDir string) error {
-	// Open the validation .pem file
+	// Open the validation  key file
 	f, err := os.Open(p.ValidationKeyPath)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 
-	// Copy the validation .pem to the new instance
-	if err := comm.Upload(path.Join(confDir, "validation.pem"), f); err != nil {
-		return fmt.Errorf("Uploading validation.pem failed: %v", err)
+	// Copy the validation key to the new instance
+	if err := comm.Upload(path.Join(confDir, validationKey), f); err != nil {
+		return fmt.Errorf("Uploading %s failed: %v", validationKey, err)
 	}
 
 	// Make strings.Join available for use within the template
@@ -307,18 +311,18 @@ func (p *Provisioner) deployConfigFiles(
 		"join": strings.Join,
 	}
 
-	// Create a new template and parse the client.rb into it
-	t := template.Must(template.New("client.rb").Funcs(funcMap).Parse(clientConf))
+	// Create a new template and parse the client config into it
+	t := template.Must(template.New(clienrb).Funcs(funcMap).Parse(clientConf))
 
 	var buf bytes.Buffer
 	err = t.Execute(&buf, p)
 	if err != nil {
-		return fmt.Errorf("Error executing client.rb template: %s", err)
+		return fmt.Errorf("Error executing %s template: %s", clienrb, err)
 	}
 
-	// Copy the client.rb to the new instance
-	if err := comm.Upload(path.Join(confDir, "client.rb"), &buf); err != nil {
-		return fmt.Errorf("Uploading client.rb failed: %v", err)
+	// Copy the client config to the new instance
+	if err := comm.Upload(path.Join(confDir, clienrb), &buf); err != nil {
+		return fmt.Errorf("Uploading %s failed: %v", clienrb, err)
 	}
 
 	// Create a map with first boot settings
@@ -327,6 +331,13 @@ func (p *Provisioner) deployConfigFiles(
 		fb = p.Attributes.(map[string]interface{})
 	}
 
+	// Check if the run_list was also in the attributes and if so log a warning
+	// that it will be overwritten with the value of the run_list argument.
+	if _, found := fb["run_list"]; found {
+		log.Printf("[WARNING] Found a 'run_list' specified in the configured attributes! " +
+			"This value will be overwritten by the value of the `run_list` argument!")
+	}
+
 	// Add the initial runlist to the first boot settings
 	fb["run_list"] = p.RunList
 
@@ -338,7 +349,7 @@ func (p *Provisioner) deployConfigFiles(
 
 	// Copy the first-boot.json to the new instance
 	if err := comm.Upload(path.Join(confDir, firstBoot), bytes.NewReader(d)); err != nil {
-		return fmt.Errorf("Uploading first-boot.json failed: %v", err)
+		return fmt.Errorf("Uploading %s failed: %v", firstBoot, err)
 	}
 
 	return nil
@@ -369,6 +380,7 @@ func (p *Provisioner) runCommand(
 		Stderr:  errW,
 	}
 
+	log.Printf("[DEBUG] Executing remote command: %q", cmd.Command)
 	if err := comm.Start(cmd); err != nil {
 		return fmt.Errorf("Error executing command %q: %v", cmd.Command, err)
 	}
diff --git a/builtin/provisioners/chef-client/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go
similarity index 99%
rename from builtin/provisioners/chef-client/resource_provisioner_test.go
rename to builtin/provisioners/chef/resource_provisioner_test.go
index 6dfd3391678c..191b5a6203e7 100644
--- a/builtin/provisioners/chef-client/resource_provisioner_test.go
+++ b/builtin/provisioners/chef/resource_provisioner_test.go
@@ -1,4 +1,4 @@
-package chefclient
+package chef
 
 import (
 	"testing"
diff --git a/builtin/provisioners/chef-client/ssh_provisioner.go b/builtin/provisioners/chef/ssh_provisioner.go
similarity index 59%
rename from builtin/provisioners/chef-client/ssh_provisioner.go
rename to builtin/provisioners/chef/ssh_provisioner.go
index 9efea5a7b22d..e8f42c3fb47e 100644
--- a/builtin/provisioners/chef-client/ssh_provisioner.go
+++ b/builtin/provisioners/chef/ssh_provisioner.go
@@ -1,42 +1,44 @@
-package chefclient
+package chef
 
 import (
-	"bytes"
+	"fmt"
 	"strings"
 
 	"github.com/hashicorp/terraform/communicator"
 	"github.com/hashicorp/terraform/terraform"
 )
 
+const (
+	installURL = "https://www.chef.io/chef/install.sh"
+)
+
 func (p *Provisioner) sshInstallChefClient(
 	o terraform.UIOutput,
 	comm communicator.Communicator) error {
-	var installCmd bytes.Buffer
 
-	// Build up a single command based on the given config options
-	installCmd.WriteString("curl")
+	// Build up the command prefix
+	prefix := ""
 	if p.HTTPProxy != "" {
-		installCmd.WriteString(" --proxy " + p.HTTPProxy)
+		prefix += fmt.Sprintf("proxy_http='%s' ", p.HTTPProxy)
 	}
 	if p.NOProxy != nil {
-		installCmd.WriteString(" --noproxy " + strings.Join(p.NOProxy, ","))
+		prefix += fmt.Sprintf("no_proxy='%s' ", strings.Join(p.NOProxy, ","))
 	}
-	installCmd.WriteString(" -LO https://www.chef.io/chef/install.sh 2>/dev/null &&")
-	if !p.PreventSudo {
-		installCmd.WriteString(" sudo")
-	}
-	installCmd.WriteString(" bash ./install.sh")
-	if p.Version != "" {
-		installCmd.WriteString(" -v " + p.Version)
+
+	// First download the install.sh script from Chef
+	err := p.runCommand(o, comm, fmt.Sprintf("%scurl -LO %s", prefix, installURL))
+	if err != nil {
+		return err
 	}
-	installCmd.WriteString(" &&")
-	if !p.PreventSudo {
-		installCmd.WriteString(" sudo")
+
+	// Then execute the install.sh scrip to download and install Chef Client
+	err = p.runCommand(o, comm, fmt.Sprintf("%sbash ./install.sh -v %s", prefix, p.Version))
+	if err != nil {
+		return err
 	}
-	installCmd.WriteString(" rm -f install.sh")
 
-	// Execute the command to install Chef Client
-	return p.runCommand(o, comm, installCmd.String())
+	// And finally cleanup the install.sh script again
+	return p.runCommand(o, comm, fmt.Sprintf("%srm -f install.sh", prefix))
 }
 
 func (p *Provisioner) sshCreateConfigFiles(
diff --git a/builtin/provisioners/chef-client/ssh_provisioner_test.go b/builtin/provisioners/chef/ssh_provisioner_test.go
similarity index 86%
rename from builtin/provisioners/chef-client/ssh_provisioner_test.go
rename to builtin/provisioners/chef/ssh_provisioner_test.go
index 7e7389d21679..5673a4f4eccf 100644
--- a/builtin/provisioners/chef-client/ssh_provisioner_test.go
+++ b/builtin/provisioners/chef/ssh_provisioner_test.go
@@ -1,4 +1,4 @@
-package chefclient
+package chef
 
 import (
 	"testing"
@@ -22,8 +22,9 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			}),
 
 			Commands: map[string]bool{
-				"sudo curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
-					"sudo bash ./install.sh && sudo rm -f install.sh": true,
+				"sudo curl -LO https://www.chef.io/chef/install.sh": true,
+				"sudo bash ./install.sh -v ":                        true,
+				"sudo rm -f install.sh":                             true,
 			},
 		},
 
@@ -38,8 +39,9 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			}),
 
 			Commands: map[string]bool{
-				"curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
-					"bash ./install.sh && rm -f install.sh": true,
+				"curl -LO https://www.chef.io/chef/install.sh": true,
+				"bash ./install.sh -v ":                        true,
+				"rm -f install.sh":                             true,
 			},
 		},
 
@@ -55,8 +57,9 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			}),
 
 			Commands: map[string]bool{
-				"curl --proxy http://proxy.local -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
-					"bash ./install.sh && rm -f install.sh": true,
+				"proxy_http='http://proxy.local' curl -LO https://www.chef.io/chef/install.sh": true,
+				"proxy_http='http://proxy.local' bash ./install.sh -v ":                        true,
+				"proxy_http='http://proxy.local' rm -f install.sh":                             true,
 			},
 		},
 
@@ -73,8 +76,11 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			}),
 
 			Commands: map[string]bool{
-				"curl --proxy http://proxy.local --noproxy http://local.local,http://local.org -LO " +
-					"https://www.chef.io/chef/install.sh 2>/dev/null && bash ./install.sh && " +
+				"proxy_http='http://proxy.local' no_proxy='http://local.local,http://local.org' " +
+					"curl -LO https://www.chef.io/chef/install.sh": true,
+				"proxy_http='http://proxy.local' no_proxy='http://local.local,http://local.org' " +
+					"bash ./install.sh -v ": true,
+				"proxy_http='http://proxy.local' no_proxy='http://local.local,http://local.org' " +
 					"rm -f install.sh": true,
 			},
 		},
@@ -91,8 +97,9 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			}),
 
 			Commands: map[string]bool{
-				"curl -LO https://www.chef.io/chef/install.sh 2>/dev/null && " +
-					"bash ./install.sh -v 11.18.6 && rm -f install.sh": true,
+				"curl -LO https://www.chef.io/chef/install.sh": true,
+				"bash ./install.sh -v 11.18.6":                 true,
+				"rm -f install.sh":                             true,
 			},
 		},
 	}
diff --git a/builtin/provisioners/chef-client/test-fixtures/validator.pem b/builtin/provisioners/chef/test-fixtures/validator.pem
similarity index 100%
rename from builtin/provisioners/chef-client/test-fixtures/validator.pem
rename to builtin/provisioners/chef/test-fixtures/validator.pem
diff --git a/builtin/provisioners/chef-client/winrm_provisioner.go b/builtin/provisioners/chef/winrm_provisioner.go
similarity index 99%
rename from builtin/provisioners/chef-client/winrm_provisioner.go
rename to builtin/provisioners/chef/winrm_provisioner.go
index 7f3426e76a72..0b25c36d00fa 100644
--- a/builtin/provisioners/chef-client/winrm_provisioner.go
+++ b/builtin/provisioners/chef/winrm_provisioner.go
@@ -1,4 +1,4 @@
-package chefclient
+package chef
 
 import (
 	"fmt"
diff --git a/builtin/provisioners/chef-client/winrm_provisioner_test.go b/builtin/provisioners/chef/winrm_provisioner_test.go
similarity index 99%
rename from builtin/provisioners/chef-client/winrm_provisioner_test.go
rename to builtin/provisioners/chef/winrm_provisioner_test.go
index 95fb38773689..03edc11a5a2c 100644
--- a/builtin/provisioners/chef-client/winrm_provisioner_test.go
+++ b/builtin/provisioners/chef/winrm_provisioner_test.go
@@ -1,4 +1,4 @@
-package chefclient
+package chef
 
 import (
 	"fmt"
diff --git a/website/source/docs/provisioners/chef-client.html.markdown b/website/source/docs/provisioners/chef.html.markdown
similarity index 77%
rename from website/source/docs/provisioners/chef-client.html.markdown
rename to website/source/docs/provisioners/chef.html.markdown
index 758b8c31c3ed..b56fa4f7328b 100644
--- a/website/source/docs/provisioners/chef-client.html.markdown
+++ b/website/source/docs/provisioners/chef.html.markdown
@@ -1,16 +1,22 @@
 ---
 layout: "docs"
-page_title: "Provisioner: chef-client"
-sidebar_current: "docs-provisioners-chef-client"
+page_title: "Provisioner: chef"
+sidebar_current: "docs-provisioners-chef"
 description: |-
-  The `chef-client` provisioner invokes a Chef Client run on a remote resource after first installing and configuring Chef Client on the remote resource. The `chef-client` provisioner supports both `ssh` and `winrm` type connections.
+  The `chef` provisioner invokes a Chef Client run on a remote resource after first installing and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh` and `winrm` type connections.
 ---
 
-# chef Provisioner
+# Chef Provisioner
 
-The `chef-client` provisioner invokes a Chef Client run on a remote resource after first
-installing and configuring Chef Client on the remote resource. The `chef-client` provisioner
-supports both `ssh` and `winrm` type [connections](/docs/provisioners/connection.html).
+The `chef` provisioner invokes a Chef Client run on a remote resource after first installing
+and configuring Chef Client on the remote resource. The `chef` provisioner supports both `ssh`
+and `winrm` type [connections](/docs/provisioners/connection.html).
+
+## Requirements
+
+In order for the `chef` provisioner to work properly, you need either `cURL` (when using
+a `ssh` type connection) or `PowerShell 2.0` (when using a `winrm` type connection) to be
+available on the target machine.
 
 ## Example usage
 
@@ -18,7 +24,7 @@ supports both `ssh` and `winrm` type [connections](/docs/provisioners/connection
 # Start a initial chef run on a resource
 resource "aws_instance" "web" {
     ...
-    provisioner "chef-client"  {
+    provisioner "chef"  {
         attributes {
             "key" = "value"
             "app" {
@@ -73,7 +79,7 @@ The following arguments are supported:
   the organization. See the example.
 
 * `skip_install (boolean)` - (Optional) Skip the installation of Chef Client on the remote
-  machine. This assumes Chef Client is already installed when you run the `chef-client`
+  machine. This assumes Chef Client is already installed when you run the `chef`
   provisioner.
 
 * `ssl_verify_mode (string)` - (Optional) Use to set the verify mode for Chef Client HTTPS
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 7ff775168919..15029bc4cf57 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -178,9 +178,9 @@
 				<li<%= sidebar_current("docs-provisioners") %>>
 				<a href="/docs/provisioners/index.html">Provisioners</a>
 				<ul class="nav">
-					<li<%= sidebar_current("docs-provisioners-chef-client") %>>
-+					<a href="/docs/provisioners/chef-client.html">chef-client</a>
-+					</li>
+					<li<%= sidebar_current("docs-provisioners-chef") %>>
+					<a href="/docs/provisioners/chef.html">chef</a>
+					</li>
 
 					<li<%= sidebar_current("docs-provisioners-connection") %>>
 					<a href="/docs/provisioners/connection.html">connection</a>

From 2a5fffc24d97c58916ce5d401f0f2f296d169e02 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 8 May 2015 23:27:12 +0200
Subject: [PATCH 5/7] Small textual update...

---
 builtin/provisioners/chef/resource_provisioner.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index 07c2812aa2ac..6bf6d6d98019 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -23,7 +23,7 @@ import (
 
 const (
 	clienrb        = "client.rb"
-	defaultChefEnv = "_default"
+	defaultEnv     = "_default"
 	firstBoot      = "first-boot.json"
 	logfileDir     = "logfiles"
 	linuxConfDir   = "/etc/chef"
@@ -186,7 +186,7 @@ func (r *ResourceProvisioner) decodeConfig(c *terraform.ResourceConfig) (*Provis
 	}
 
 	if p.Environment == "" {
-		p.Environment = defaultChefEnv
+		p.Environment = defaultEnv
 	}
 
 	if attrs, ok := c.Raw["attributes"]; ok {

From a8dacede246ec469ca60f5f9a5c9fcdd13b00c85 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Mon, 11 May 2015 15:18:32 +0200
Subject: [PATCH 6/7] Improved some logging...
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I added a debug log line in the last commit, only to find out it’s now
logging the same info twice. So removed the double entry and tweaked
the existing once.
---
 builtin/provisioners/chef/resource_provisioner.go | 1 -
 communicator/ssh/communicator.go                  | 2 +-
 communicator/winrm/communicator.go                | 6 +++---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index 6bf6d6d98019..12071d6f4b8e 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -380,7 +380,6 @@ func (p *Provisioner) runCommand(
 		Stderr:  errW,
 	}
 
-	log.Printf("[DEBUG] Executing remote command: %q", cmd.Command)
 	if err := comm.Start(cmd); err != nil {
 		return fmt.Errorf("Error executing command %q: %v", cmd.Command, err)
 	}
diff --git a/communicator/ssh/communicator.go b/communicator/ssh/communicator.go
index ea6aa688701d..7cf03c870a90 100644
--- a/communicator/ssh/communicator.go
+++ b/communicator/ssh/communicator.go
@@ -252,7 +252,7 @@ func (c *Communicator) UploadScript(path string, input io.Reader) error {
 
 // UploadDir implementation of communicator.Communicator interface
 func (c *Communicator) UploadDir(dst string, src string) error {
-	log.Printf("Upload dir '%s' to '%s'", src, dst)
+	log.Printf("Uploading dir '%s' to '%s'", src, dst)
 	scpFunc := func(w io.Writer, r *bufio.Reader) error {
 		uploadEntries := func() error {
 			f, err := os.Open(src)
diff --git a/communicator/winrm/communicator.go b/communicator/winrm/communicator.go
index ad1d1d30e820..27ba31a83353 100644
--- a/communicator/winrm/communicator.go
+++ b/communicator/winrm/communicator.go
@@ -125,8 +125,6 @@ func (c *Communicator) ScriptPath() string {
 
 // Start implementation of communicator.Communicator interface
 func (c *Communicator) Start(rc *remote.Cmd) error {
-	log.Printf("starting remote command: %s", rc.Command)
-
 	err := c.Connect(nil)
 	if err != nil {
 		return err
@@ -137,6 +135,7 @@ func (c *Communicator) Start(rc *remote.Cmd) error {
 		return err
 	}
 
+	log.Printf("starting remote command: %s", rc.Command)
 	cmd, err := shell.Execute(rc.Command)
 	if err != nil {
 		return err
@@ -162,6 +161,7 @@ func (c *Communicator) Upload(path string, input io.Reader) error {
 	if err != nil {
 		return err
 	}
+	log.Printf("Uploading file to '%s'", path)
 	return wcp.Write(path, input)
 }
 
@@ -172,7 +172,7 @@ func (c *Communicator) UploadScript(path string, input io.Reader) error {
 
 // UploadDir implementation of communicator.Communicator interface
 func (c *Communicator) UploadDir(dst string, src string) error {
-	log.Printf("Upload dir '%s' to '%s'", src, dst)
+	log.Printf("Uploading dir '%s' to '%s'", src, dst)
 	wcp, err := c.newCopyClient()
 	if err != nil {
 		return err

From 11314a3d714390e5ad5b6fbb23652ebc18549f74 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Tue, 12 May 2015 10:37:38 +0200
Subject: [PATCH 7/7] Tweaking a few minor things according to the feedback on
 GH

---
 builtin/provisioners/chef/resource_provisioner.go      |  7 ++++---
 builtin/provisioners/chef/resource_provisioner_test.go |  1 +
 builtin/provisioners/chef/ssh_provisioner.go           |  4 ++--
 builtin/provisioners/chef/ssh_provisioner_test.go      |  4 ++++
 builtin/provisioners/chef/winrm_provisioner_test.go    | 10 ++++------
 website/source/docs/provisioners/chef.html.markdown    |  2 +-
 6 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index 12071d6f4b8e..e546588a5ae4 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -74,6 +74,7 @@ type Provisioner struct {
 	installChefClient func(terraform.UIOutput, communicator.Communicator) error
 	createConfigFiles func(terraform.UIOutput, communicator.Communicator) error
 	runChefClient     func(terraform.UIOutput, communicator.Communicator) error
+	useSudo           bool
 }
 
 // ResourceProvisioner represents a generic chef provisioner
@@ -93,15 +94,15 @@ func (r *ResourceProvisioner) Apply(
 	// Set some values based on the targeted OS
 	switch s.Ephemeral.ConnInfo["type"] {
 	case "ssh", "": // The default connection type is ssh, so if the type is empty use ssh
-		p.PreventSudo = p.PreventSudo || s.Ephemeral.ConnInfo["user"] == "root"
 		p.installChefClient = p.sshInstallChefClient
 		p.createConfigFiles = p.sshCreateConfigFiles
 		p.runChefClient = p.runChefClientFunc(linuxConfDir)
+		p.useSudo = !p.PreventSudo && s.Ephemeral.ConnInfo["user"] != "root"
 	case "winrm":
-		p.PreventSudo = true
 		p.installChefClient = p.winrmInstallChefClient
 		p.createConfigFiles = p.winrmCreateConfigFiles
 		p.runChefClient = p.runChefClientFunc(windowsConfDir)
+		p.useSudo = false
 	default:
 		return fmt.Errorf("Unsupported connection type: %s", s.Ephemeral.ConnInfo["type"])
 	}
@@ -363,7 +364,7 @@ func (p *Provisioner) runCommand(
 	var err error
 
 	// Unless prevented, prefix the command with sudo
-	if !p.PreventSudo {
+	if p.useSudo {
 		command = "sudo " + command
 	}
 
diff --git a/builtin/provisioners/chef/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go
index 191b5a6203e7..84a34351398d 100644
--- a/builtin/provisioners/chef/resource_provisioner_test.go
+++ b/builtin/provisioners/chef/resource_provisioner_test.go
@@ -126,6 +126,7 @@ func TestResourceProvider_runChefClient(t *testing.T) {
 		}
 
 		p.runChefClient = p.runChefClientFunc(tc.ConfDir)
+		p.useSudo = !p.PreventSudo
 
 		err = p.runChefClient(o, c)
 		if err != nil {
diff --git a/builtin/provisioners/chef/ssh_provisioner.go b/builtin/provisioners/chef/ssh_provisioner.go
index e8f42c3fb47e..c6d0fb011420 100644
--- a/builtin/provisioners/chef/ssh_provisioner.go
+++ b/builtin/provisioners/chef/ssh_provisioner.go
@@ -50,7 +50,7 @@ func (p *Provisioner) sshCreateConfigFiles(
 	}
 
 	// Make sure we have enough rights to upload the files if using sudo
-	if !p.PreventSudo {
+	if p.useSudo {
 		if err := p.runCommand(o, comm, "chmod 777 "+linuxConfDir); err != nil {
 			return err
 		}
@@ -61,7 +61,7 @@ func (p *Provisioner) sshCreateConfigFiles(
 	}
 
 	// When done copying the files restore the rights and make sure root is owner
-	if !p.PreventSudo {
+	if p.useSudo {
 		if err := p.runCommand(o, comm, "chmod 755 "+linuxConfDir); err != nil {
 			return err
 		}
diff --git a/builtin/provisioners/chef/ssh_provisioner_test.go b/builtin/provisioners/chef/ssh_provisioner_test.go
index 5673a4f4eccf..90e7b7d91b16 100644
--- a/builtin/provisioners/chef/ssh_provisioner_test.go
+++ b/builtin/provisioners/chef/ssh_provisioner_test.go
@@ -116,6 +116,8 @@ func TestResourceProvider_sshInstallChefClient(t *testing.T) {
 			t.Fatalf("Error: %v", err)
 		}
 
+		p.useSudo = !p.PreventSudo
+
 		err = p.sshInstallChefClient(o, c)
 		if err != nil {
 			t.Fatalf("Test %q failed: %v", k, err)
@@ -254,6 +256,8 @@ func TestResourceProvider_sshCreateConfigFiles(t *testing.T) {
 			t.Fatalf("Error: %v", err)
 		}
 
+		p.useSudo = !p.PreventSudo
+
 		err = p.sshCreateConfigFiles(o, c)
 		if err != nil {
 			t.Fatalf("Test %q failed: %v", k, err)
diff --git a/builtin/provisioners/chef/winrm_provisioner_test.go b/builtin/provisioners/chef/winrm_provisioner_test.go
index 03edc11a5a2c..075e261bd2a9 100644
--- a/builtin/provisioners/chef/winrm_provisioner_test.go
+++ b/builtin/provisioners/chef/winrm_provisioner_test.go
@@ -17,7 +17,6 @@ func TestResourceProvider_winrmInstallChefClient(t *testing.T) {
 		"Default": {
 			Config: testConfig(t, map[string]interface{}{
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -38,7 +37,6 @@ func TestResourceProvider_winrmInstallChefClient(t *testing.T) {
 				"http_proxy":             "http://proxy.local",
 				"no_proxy":               []interface{}{"http://local.local", "http://local.org"},
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -57,7 +55,6 @@ func TestResourceProvider_winrmInstallChefClient(t *testing.T) {
 		"Version": {
 			Config: testConfig(t, map[string]interface{}{
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -88,6 +85,8 @@ func TestResourceProvider_winrmInstallChefClient(t *testing.T) {
 			t.Fatalf("Error: %v", err)
 		}
 
+		p.useSudo = false
+
 		err = p.winrmInstallChefClient(o, c)
 		if err != nil {
 			t.Fatalf("Test %q failed: %v", k, err)
@@ -104,7 +103,6 @@ func TestResourceProvider_winrmCreateConfigFiles(t *testing.T) {
 		"Default": {
 			Config: testConfig(t, map[string]interface{}{
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -128,7 +126,6 @@ func TestResourceProvider_winrmCreateConfigFiles(t *testing.T) {
 				"https_proxy":            "https://proxy.local",
 				"no_proxy":               []interface{}{"http://local.local", "https://local.local"},
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -170,7 +167,6 @@ func TestResourceProvider_winrmCreateConfigFiles(t *testing.T) {
 					},
 				},
 				"node_name":              "nodename1",
-				"prevent_sudo":           true, // Needs to be set for ALL WinRM tests!
 				"run_list":               []interface{}{"cookbook::recipe"},
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
@@ -203,6 +199,8 @@ func TestResourceProvider_winrmCreateConfigFiles(t *testing.T) {
 			t.Fatalf("Error: %v", err)
 		}
 
+		p.useSudo = false
+
 		err = p.winrmCreateConfigFiles(o, c)
 		if err != nil {
 			t.Fatalf("Test %q failed: %v", k, err)
diff --git a/website/source/docs/provisioners/chef.html.markdown b/website/source/docs/provisioners/chef.html.markdown
index b56fa4f7328b..fb7bc44163a4 100644
--- a/website/source/docs/provisioners/chef.html.markdown
+++ b/website/source/docs/provisioners/chef.html.markdown
@@ -48,7 +48,7 @@ resource "aws_instance" "web" {
 
 The following arguments are supported:
 
-* `attributes (hash)` - (Optional) A hash with initial node attributes for the new node.
+* `attributes (map)` - (Optional) A map with initial node attributes for the new node.
   See example.
 
 * `environment (string)` - (Optional) The Chef environment the new node will be joining