Use a TLS connection by default

README.md

@@ -64,31 +64,29 @@ To compile for a specific platform, you have to set the GOOS and GOARCH environm
      GOOS=linux GOARCH=amd64 go build -o check_by_powershell main.go 
 
 ## Usage
-    ./check_by_powershell -h
-    Usage of check_by_powershell
-
-    This Plugin executes remote commands on Windows machines through the use of WinRM.
-
-    Arguments:
-      -H, --host string          Host name, IP Address of the remote host (default "127.0.0.1")
-      -p, --port int             Port number WinRM (default 5985)
-          --user string          Username of the remote host
-          --password string      Password of the user
-          --tls                  Use TLS connection (default: false)
-      -u, --unsecure             Verify the hostname on the returned certificate
-          --ca string            CA certificate
-          --cert string          Client certificate
-          --key string           Client Key
-          --cmd string           Command to execute on the remote machine
-          --icingacmd string     Executes commands of Icinga PowerShell Framework (e.g. Invoke-IcingaCheckCPU)
-          --auth string          Authentication mechanism - NTLM | SSH
-          --sshhost string       SSH Host (mandatory if --auth=SSH)
-          --sshuser string       SSH Username (mandatory if --auth=SSH)
-          --sshpassword string   SSH Password (mandatory if --auth=SSH)
-      -t, --timeout int          Abort the check after n seconds (default 10)
-      -d, --debug                Enable debug mode
-      -v, --verbose              Enable verbose mode
-      -V, --version              Print version and exit
+
+```
+Arguments:
+  -H, --host string          Host name, IP Address of the remote host (default "127.0.0.1")
+  -p, --port int             Port number WinRM
+  -U, --user string          Username of the remote host
+  -P, --password string      Password of the user
+  -k, --insecure             Don't verify the hostname on the returned certificate
+      --no-tls               Don't use a TLS connection, use the HTTP protocol
+      --ca string            CA certificate
+      --cert string          Client certificate
+      --key string           Client Key
+      --cmd string           Command to execute on the remote machine
+      --icingacmd string     Executes commands of Icinga PowerShell Framework (e.g. Invoke-IcingaCheckCPU)
+      --auth string          Authentication mechanism - NTLM | SSH (default "basic")
+      --sshhost string       SSH Host (mandatory if --auth=SSH)
+      --sshuser string       SSH Username (mandatory if --auth=SSH)
+      --sshpassword string   SSH Password (mandatory if --auth=SSH)
+  -t, --timeout int          Abort the check after n seconds (default 10)
+  -d, --debug                Enable debug mode
+  -v, --verbose              Enable verbose mode
+  -V, --version              Print version and exit
+```
 
 ### Execute a script over http
     ./check_by_powershell -H 192.168.172.217 -p 5985 --cmd "cscript.exe /T:30 /NoLogo C:\Windows\system32\check_time.vbs 1.de.pool.ntp.org 20 240" --user "windowsuser" --password 'secret!pw'
@@ -102,4 +100,4 @@ It is necessary that the PowerShell script exits with an exitcode like *exit 2*,
 
     [OK] Check package "CPU Load"
     | 'core_23_10'=2.31%;;;0;100 'core_23_3'=2.54%;;;0;100 'core_23_15'=2.12%;;;0;100 'core_23_5'=2.39%;;;0;100
-      'core_23_1'=2.04%;;;0;100 'core_23'=1.93%;;;0;100 'core_2_15'=2.78%;;;0;100 'core_2_10'=2.89%;;;0;100 [...]
+      'core_23_1'=2.04%;;;0;100 'core_23'=1.93%;;;0;100 'core_2_15'=2.78%;;;0;100 'core_2_10'=2.89%;;;0;100 [...]

check.go

@@ -28,7 +28,7 @@ type Config struct {
 	Port          int
 	User          string
 	Password      string
-	Tls           bool
+	NoTls         bool
 	Insecure      bool
 	TlsCAPath     string
 	tlsCA         []byte
@@ -55,9 +55,9 @@ func BuildConfigFlags(fs *pflag.FlagSet) (config *Config) {
 	fs.StringVarP(&config.User, "user", "U", "", "Username of the remote host")
 	fs.StringVarP(&config.Password, "password", "P", "", "Password of the user")
 
-	fs.BoolVarP(&config.Tls, "tls", "S", false, "Use TLS connection (default: false)")
 	fs.BoolVarP(&config.Insecure, "insecure", "k", false,
 		"Don't verify the hostname on the returned certificate")
+	fs.BoolVar(&config.NoTls, "no-tls", false, "Don't use a TLS connection, use the HTTP protocol")
 	fs.StringVar(&config.TlsCAPath, "ca", "", "CA certificate")
 	fs.StringVar(&config.TlsCertPath, "cert", "", "Client certificate")
 	fs.StringVar(&config.TlsKeyPath, "key", "", "Client Key")
@@ -100,9 +100,9 @@ func (c *Config) Validate() (err error) {
 
 	// Set default port if unset
 	if c.Port < 1 {
-		c.Port = Port
-		if c.Tls {
-			c.Port = TlsPort
+		c.Port = TlsPort
+		if c.NoTls {
+			c.Port = Port
 		}
 	}
 
@@ -189,7 +189,7 @@ func (c *Config) Run(timeout time.Duration) (err error, rc int, output string) {
 	endpoint := winrm.NewEndpoint(
 		c.Host,     // Host to connect to
 		c.Port,     // Winrm port
-		c.Tls,      // Use TLS
+		!c.NoTls,   // Use TLS
 		c.Insecure, // Allow insecure connection
 		c.tlsCA,    // CA certificate
 		c.tlsCert,  // Client Certificate

check_test.go

@@ -22,7 +22,8 @@ func TestConfig_Validate(t *testing.T) {
 	c.Password = "verysecret"
 
 	assert.NoError(t, c.Validate())
-	assert.Equal(t, c.Port, Port)
+	assert.Equal(t, c.Port, TlsPort)
+	assert.False(t, c.NoTls)
 	assert.Equal(t, c.AuthType, AuthBasic)
 	assert.True(t, c.validated)
 }
@@ -51,12 +52,13 @@ func TestConfig_Run_WithError(t *testing.T) {
 		User:     "admin",
 		Password: "test",
 		Command:  "Get-Host",
+		NoTls:    true,
 	}
 
 	err := c.Validate()
 	assert.NoError(t, err)
 
-	err, _, _ = c.Run(1 * time.Microsecond)
+	err, _, _ = c.Run(1 * time.Second)
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "dial tcp 192.0.2.11:")
 }
@@ -71,6 +73,7 @@ func TestConfig_Run_Basic(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthBasic)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -92,6 +95,7 @@ func TestConfig_Run_NTLM(t *testing.T) {
 	}
 
 	c := buildEnvConfig(t, AuthNTLM)
+	c.NoTls = true
 
 	runCheck(t, c)
 }
@@ -155,7 +159,6 @@ func setupTlsFromEnv(t *testing.T, c *Config) {
 		t.Skip("WINRM_SKIP_TLS has been set")
 	}
 
-	c.Tls = true
 	if os.Getenv("WINRM_INSECURE") != "" {
 		c.Insecure = true
 	}