Updated release docs for alternate user identity support in execute resources

Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>

1 files changed, 73 insertions, 0 deletions

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index d9c33dc769..6d3f13663d 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -7,6 +7,79 @@ _This file holds "in progress" release notes for the current release under devel
 - You can now specify the acceptable return codes from the chocolatey_package resource using the returns property.
 - You can now enable chef-client to run as a scheduled task directly from the client MSI on Windows hosts.
 - The package provider now supports DNF packages for Fedora and upcoming RHEL releases
+- Added support for windows alternate user identity in execute resources.
+
+### Windows alternate user identity execute support
+
+The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script`now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials.
+
+#### Properties
+
+The following properties are new or updated for the `execute`, `script`, `batch`, and `powershell_script` resources and any resources derived from them:
+
+  *   `user`</br>
+      **Ruby types:** String</br>
+      The user name of the user identity with which to launch the new process.
+      Default value: `nil`. The user name may optionally be specifed
+      with a domain, i.e. `domain\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN)
+      format. It can also be specified without a domain simply as `user` if the domain is
+      instead specified using the `domain` attribute. On Windows only, if this property is specified, the `password`
+      property **must** be specified.
+
+  *   `password`</br>
+      **Ruby types** String</br>
+      *Windows only:* The password of the user specified by the `user` property.
+      Default value: `nil`. This property is mandatory if `user` is specified on Windows and may only
+      be specified if `user` is specified. The `sensitive` property for this resource will
+      automatically be set to `true` if `password` is specified.
+
+  *   `domain`</br>
+      **Ruby types** String</br>
+      *Windows only:* The domain of the user user specified by the `user` property.
+      Default value: `nil`. If not specified, the user name and password specified
+      by the `user` and `password` properties will be used to resolve
+      that user against the domain in which the system running Chef client
+      is joined, or if that system is not joined to a domain it will resolve the user
+      as a local account on that system. An alternative way to specify the domain is to leave
+      this property unspecified and specify the domain as part of the `user` property.
+
+#### Usage
+
+The following examples explain how alternate user identity properties can be used in the execute resources:
+
+```ruby
+powershell_script 'create powershell-test file' do
+  code <<-EOH
+  $stream = [System.IO.StreamWriter] "#{Chef::Config[:file_cache_path]}/powershell-test.txt"
+  $stream.WriteLine("In #{Chef::Config[:file_cache_path]}...word.")
+  $stream.close()
+  EOH
+  user 'username'
+  password 'password'
+end
+
+execute 'mkdir test_dir' do
+  cwd Chef::Config[:file_cache_path]
+  domain "domain-name"
+  user "user"
+  password "password"
+end
+
+script 'create test_dir' do
+  interpreter "bash"
+  code  "mkdir test_dir"
+  cwd Chef::Config[:file_cache_path]
+  user "domain-name\\username"
+  password "password"
+end
+
+batch 'create test_dir' do
+  code "mkdir test_dir"
+  cwd Chef::Config[:file_cache_path]
+  user "username@domain-name"
+  password "password"
+end
+```
 
 ## Highlighted bug fixes for this release: