Use a TLS connection by default

Add a flag to disable TLS, and use HTTP

Author: lazyfrosch

check.go

@@ -28,7 +28,7 @@ type Config struct {
 	Port          int
 	User          string
 	Password      string
-	Tls           bool
+	NoTls         bool
 	Insecure      bool
 	TlsCAPath     string
 	tlsCA         []byte
@@ -55,9 +55,9 @@ func BuildConfigFlags(fs *pflag.FlagSet) (config *Config) {
 	fs.StringVarP(&config.User, "user", "U", "", "Username of the remote host")
 	fs.StringVarP(&config.Password, "password", "P", "", "Password of the user")
 
-	fs.BoolVarP(&config.Tls, "tls", "S", false, "Use TLS connection (default: false)")
 	fs.BoolVarP(&config.Insecure, "insecure", "k", false,
 		"Don't verify the hostname on the returned certificate")
+	fs.BoolVar(&config.NoTls, "no-tls", false, "Don't use a TLS connection, use the HTTP protocol")
 	fs.StringVar(&config.TlsCAPath, "ca", "", "CA certificate")
 	fs.StringVar(&config.TlsCertPath, "cert", "", "Client certificate")
 	fs.StringVar(&config.TlsKeyPath, "key", "", "Client Key")
@@ -100,9 +100,9 @@ func (c *Config) Validate() (err error) {
 
 	// Set default port if unset
 	if c.Port < 1 {
-		c.Port = Port
-		if c.Tls {
-			c.Port = TlsPort
+		c.Port = TlsPort
+		if c.NoTls {
+			c.Port = Port
 		}
 	}
 
@@ -189,7 +189,7 @@ func (c *Config) Run(timeout time.Duration) (err error, rc int, output string) {
 	endpoint := winrm.NewEndpoint(
 		c.Host,     // Host to connect to
 		c.Port,     // Winrm port
-		c.Tls,      // Use TLS
+		!c.NoTls,   // Use TLS
 		c.Insecure, // Allow insecure connection
 		c.tlsCA,    // CA certificate
 		c.tlsCert,  // Client Certificate

check_test.go

@@ -22,7 +22,8 @@ func TestConfig_Validate(t *testing.T) {
 	c.Password = "verysecret"
 
 	assert.NoError(t, c.Validate())
-	assert.Equal(t, c.Port, Port)
+	assert.Equal(t, c.Port, TlsPort)
+	assert.False(t, c.NoTls)
 	assert.Equal(t, c.AuthType, AuthBasic)
 	assert.True(t, c.validated)
 }
@@ -51,12 +52,13 @@ func TestConfig_Run_WithError(t *testing.T) {
 		User:     "admin",
 		Password: "test",
 		Command:  "Get-Host",
+		NoTls:    true,
 	}
 
 	err := c.Validate()
 	assert.NoError(t, err)
 
-	err, _, _ = c.Run(1 * time.Microsecond)
+	err, _, _ = c.Run(1 * time.Second)
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "dial tcp 192.0.2.11:")
 }
@@ -71,6 +73,7 @@ func TestConfig_Run_Basic(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthBasic)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -92,6 +95,7 @@ func TestConfig_Run_NTLM(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthNTLM)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -155,7 +159,6 @@ func setupTlsFromEnv(t *testing.T, c *Config) {
 		t.Skip("WINRM_SKIP_TLS has been set")
 	}
 
-	c.Tls = true
 	if os.Getenv("WINRM_INSECURE") != "" {
 		c.Insecure = true
 	}