inspec · clintoncwolfe · Dec 20, 2018 · Dec 12, 2018 · Dec 12, 2018 · Dec 19, 2018
diff --git a/inspec-core.gemspec b/inspec-core.gemspec
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train-core', '~> 1.5', '>= 1.5.11'
+  spec.add_dependency 'train-core', '~> 1.5', '>= 1.6.3'
   spec.add_dependency 'thor', '~> 0.20'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'method_source', '~> 0.8'

diff --git a/inspec.gemspec b/inspec.gemspec
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train', '~> 1.5', '>= 1.5.11'
+  spec.add_dependency 'train', '~> 1.5', '>= 1.6.3'
   spec.add_dependency 'thor', '~> 0.20'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'method_source', '~> 0.8'

diff --git a/lib/inspec/base_cli.rb b/lib/inspec/base_cli.rb
@@ -69,6 +69,12 @@ def self.target_options # rubocop:disable MethodLength
         desc: 'Use SSL for transport layer encryption (WinRM).'
       option :self_signed, type: :boolean,
         desc: 'Allow remote scans with self-signed certificates (WinRM).'
+      option :winrm_transport, type: :string, default: 'negotiate',
+        desc: 'Specify which transport to use, defaults to negotiate (WinRM).'
+      option :winrm_disable_sspi, type: :boolean,
+        desc: 'Whether to use disable sspi authentication, defaults to false (WinRM).'
+      option :winrm_basic_auth, type: :boolean,
+        desc: 'Whether to use basic authentication, defaults to false (WinRM).'
       option :json_config, type: :string,
         desc: 'Read configuration from JSON file (`-` reads from stdin).'
       option :proxy_command, type: :string,

diff --git a/test/functional/inspec_exec_test.rb b/test/functional/inspec_exec_test.rb
@@ -412,6 +412,14 @@
     end
   end
 
+  describe 'when --winrm-transport is used' do
+    it 'raises an exception when an invalid transport is given' do
+      out = inspec('exec ' + example_profile + ' -t winrm://administrator@dummy --password dummy --winrm-transport kerberos')
+      out.exit_status.must_equal 1
+      out.stderr.must_include "Client error, can't connect to 'winrm' backend: Unsupported transport type: :kerberos\n"
+    end
+  end
+
   describe 'with sensitive resources' do
     it 'hides sensitive output' do
       out = inspec('exec ' + sensitive_profile  + ' --no-create-lockfile')