Merge pull request #12 from Icinga/feature/no-tls

lazyfrosch · web-flow · commit d2d80865882e · 2020-09-07T10:28:01.000+02:00
diff --git a/README.md b/README.md
@@ -64,31 +64,29 @@ To compile for a specific platform, you have to set the GOOS and GOARCH environm
      GOOS=linux GOARCH=amd64 go build -o check_by_powershell main.go 
 
 ## Usage
-    ./check_by_powershell -h
-    Usage of check_by_powershell
-
-    This Plugin executes remote commands on Windows machines through the use of WinRM.
-
-    Arguments:
-      -H, --host string          Host name, IP Address of the remote host (default "127.0.0.1")
-      -p, --port int             Port number WinRM (default 5985)
-          --user string          Username of the remote host
-          --password string      Password of the user
-          --tls                  Use TLS connection (default: false)
-      -u, --unsecure             Verify the hostname on the returned certificate
-          --ca string            CA certificate
-          --cert string          Client certificate
-          --key string           Client Key
-          --cmd string           Command to execute on the remote machine
-          --icingacmd string     Executes commands of Icinga PowerShell Framework (e.g. Invoke-IcingaCheckCPU)
-          --auth string          Authentication mechanism - NTLM | SSH
-          --sshhost string       SSH Host (mandatory if --auth=SSH)
-          --sshuser string       SSH Username (mandatory if --auth=SSH)
-          --sshpassword string   SSH Password (mandatory if --auth=SSH)
-      -t, --timeout int          Abort the check after n seconds (default 10)
-      -d, --debug                Enable debug mode
-      -v, --verbose              Enable verbose mode
-      -V, --version              Print version and exit
+
+```
+Arguments:
+  -H, --host string          Host name, IP Address of the remote host (default "127.0.0.1")
+  -p, --port int             Port number WinRM
+  -U, --user string          Username of the remote host
+  -P, --password string      Password of the user
+  -k, --insecure             Don't verify the hostname on the returned certificate
+      --no-tls               Don't use a TLS connection, use the HTTP protocol
+      --ca string            CA certificate
+      --cert string          Client certificate
+      --key string           Client Key
+      --cmd string           Command to execute on the remote machine
+      --icingacmd string     Executes commands of Icinga PowerShell Framework (e.g. Invoke-IcingaCheckCPU)
+      --auth string          Authentication mechanism - NTLM | SSH (default "basic")
+      --sshhost string       SSH Host (mandatory if --auth=SSH)
+      --sshuser string       SSH Username (mandatory if --auth=SSH)
+      --sshpassword string   SSH Password (mandatory if --auth=SSH)
+  -t, --timeout int          Abort the check after n seconds (default 10)
+  -d, --debug                Enable debug mode
+  -v, --verbose              Enable verbose mode
+  -V, --version              Print version and exit
+```
 
 ### Execute a script over http
     ./check_by_powershell -H 192.168.172.217 -p 5985 --cmd "cscript.exe /T:30 /NoLogo C:\Windows\system32\check_time.vbs 1.de.pool.ntp.org 20 240" --user "windowsuser" --password 'secret!pw'
@@ -102,4 +100,4 @@ It is necessary that the PowerShell script exits with an exitcode like *exit 2*,
 
     [OK] Check package "CPU Load"
     | 'core_23_10'=2.31%;;;0;100 'core_23_3'=2.54%;;;0;100 'core_23_15'=2.12%;;;0;100 'core_23_5'=2.39%;;;0;100
-      'core_23_1'=2.04%;;;0;100 'core_23'=1.93%;;;0;100 'core_2_15'=2.78%;;;0;100 'core_2_10'=2.89%;;;0;100 [...]
+      'core_23_1'=2.04%;;;0;100 'core_23'=1.93%;;;0;100 'core_2_15'=2.78%;;;0;100 'core_2_10'=2.89%;;;0;100 [...]
diff --git a/check.go b/check.go
@@ -28,7 +28,7 @@ type Config struct {
 	Port          int
 	User          string
 	Password      string
-	Tls           bool
+	NoTls         bool
 	Insecure      bool
 	TlsCAPath     string
 	tlsCA         []byte
@@ -55,9 +55,9 @@ func BuildConfigFlags(fs *pflag.FlagSet) (config *Config) {
 	fs.StringVarP(&config.User, "user", "U", "", "Username of the remote host")
 	fs.StringVarP(&config.Password, "password", "P", "", "Password of the user")
 
-	fs.BoolVarP(&config.Tls, "tls", "S", false, "Use TLS connection (default: false)")
 	fs.BoolVarP(&config.Insecure, "insecure", "k", false,
 		"Don't verify the hostname on the returned certificate")
+	fs.BoolVar(&config.NoTls, "no-tls", false, "Don't use a TLS connection, use the HTTP protocol")
 	fs.StringVar(&config.TlsCAPath, "ca", "", "CA certificate")
 	fs.StringVar(&config.TlsCertPath, "cert", "", "Client certificate")
 	fs.StringVar(&config.TlsKeyPath, "key", "", "Client Key")
@@ -100,9 +100,9 @@ func (c *Config) Validate() (err error) {
 
 	// Set default port if unset
 	if c.Port < 1 {
-		c.Port = Port
-		if c.Tls {
-			c.Port = TlsPort
+		c.Port = TlsPort
+		if c.NoTls {
+			c.Port = Port
 		}
 	}
 
@@ -189,7 +189,7 @@ func (c *Config) Run(timeout time.Duration) (err error, rc int, output string) {
 	endpoint := winrm.NewEndpoint(
 		c.Host,     // Host to connect to
 		c.Port,     // Winrm port
-		c.Tls,      // Use TLS
+		!c.NoTls,   // Use TLS
 		c.Insecure, // Allow insecure connection
 		c.tlsCA,    // CA certificate
 		c.tlsCert,  // Client Certificate
diff --git a/check_test.go b/check_test.go
@@ -22,7 +22,8 @@ func TestConfig_Validate(t *testing.T) {
 	c.Password = "verysecret"
 
 	assert.NoError(t, c.Validate())
-	assert.Equal(t, c.Port, Port)
+	assert.Equal(t, c.Port, TlsPort)
+	assert.False(t, c.NoTls)
 	assert.Equal(t, c.AuthType, AuthBasic)
 	assert.True(t, c.validated)
 }
@@ -51,12 +52,13 @@ func TestConfig_Run_WithError(t *testing.T) {
 		User:     "admin",
 		Password: "test",
 		Command:  "Get-Host",
+		NoTls:    true,
 	}
 
 	err := c.Validate()
 	assert.NoError(t, err)
 
-	err, _, _ = c.Run(1 * time.Microsecond)
+	err, _, _ = c.Run(1 * time.Second)
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "dial tcp 192.0.2.11:")
 }
@@ -71,6 +73,7 @@ func TestConfig_Run_Basic(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthBasic)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -92,6 +95,7 @@ func TestConfig_Run_NTLM(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthNTLM)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -155,7 +159,6 @@ func setupTlsFromEnv(t *testing.T, c *Config) {
 		t.Skip("WINRM_SKIP_TLS has been set")
 	}
 
-	c.Tls = true
 	if os.Getenv("WINRM_INSECURE") != "" {
 		c.Insecure = true
 	}

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,8 @@ func TestConfig_Validate(t *testing.T) {`
`22`	`22`	`c.Password = "verysecret"`
`23`	`23`
`24`	`24`	`assert.NoError(t, c.Validate())`
`25`		`- assert.Equal(t, c.Port, Port)`
	`25`	`+ assert.Equal(t, c.Port, TlsPort)`
	`26`	`+ assert.False(t, c.NoTls)`
`26`	`27`	`assert.Equal(t, c.AuthType, AuthBasic)`
`27`	`28`	`assert.True(t, c.validated)`
`28`	`29`	`}`
`@@ -51,12 +52,13 @@ func TestConfig_Run_WithError(t *testing.T) {`
`51`	`52`	`User: "admin",`
`52`	`53`	`Password: "test",`
`53`	`54`	`Command: "Get-Host",`
	`55`	`+ NoTls: true,`
`54`	`56`	`}`
`55`	`57`
`56`	`58`	`err := c.Validate()`
`57`	`59`	`assert.NoError(t, err)`
`58`	`60`
`59`		`- err, _, _ = c.Run(1 * time.Microsecond)`
	`61`	`+ err, _, _ = c.Run(1 * time.Second)`
`60`	`62`	`assert.Error(t, err)`
`61`	`63`	`assert.Contains(t, err.Error(), "dial tcp 192.0.2.11:")`
`62`	`64`	`}`
`@@ -71,6 +73,7 @@ func TestConfig_Run_Basic(t *testing.T) {`
`71`	`73`	`}`
`72`	`74`
`73`	`75`	`c := buildEnvConfig(t, AuthBasic)`
	`76`	`+ c.NoTls = true`
`74`	`77`
`75`	`78`	`runCheck(t, c)`
`76`	`79`	`}`
`@@ -92,6 +95,7 @@ func TestConfig_Run_NTLM(t *testing.T) {`
`92`	`95`	`}`
`93`	`96`
`94`	`97`	`c := buildEnvConfig(t, AuthNTLM)`
	`98`	`+ c.NoTls = true`
`95`	`99`
`96`	`100`	`runCheck(t, c)`
`97`	`101`	`}`
`@@ -155,7 +159,6 @@ func setupTlsFromEnv(t testing.T, c Config) {`
`155`	`159`	`t.Skip("WINRM_SKIP_TLS has been set")`
`156`	`160`	`}`
`157`	`161`
`158`		`- c.Tls = true`
`159`	`162`	`if os.Getenv("WINRM_INSECURE") != "" {`
`160`	`163`	`c.Insecure = true`
`161`	`164`	`}`