As we all know, Golang is suitable for writing CLI tools, but you may not know that Golang can also package configuration files.
background
Recently, I am writing a CLI tool that involves managing Alibaba Cloud ECS. Of course, the security of Alibaba Cloud resources must be considered here. It is required that the AccessKeyId and AccessKeySecret of the Alibaba Cloud account cannot be distributed to the users of the CLI tool.
Therefore, here we choose to package a configuration file containing AccessKeyId and AccessKeySecret into the CLI tool. By default, the users of the CLI tool will use the packaged configuration file. Of course, they can also use the new configuration file by specifying the configuration file or passing parameters. configuration information.
accomplish
tool
Here we will introduce a Golang library that can convert arbitrary files into Go code go-bindata, which can be used to embed binary files into Go programs. Also, gzip is supported for compressing file data before converting to raw byte slices.
For a specific introduction to the tool, please go to github.com/go-bindata/…
Pack
Use the go-bindatatool to convert the configuration file containing sensitive information into Go source code. The following is part of the project Makefile. The name of the tool is called mycli.
NAME = mycli
CONFIG = configs/config.yaml
.PHONY: build
build:
cp $(CONFIG) config.yaml
mkdir -p cmd/mycli/asset
go-bindata -pkg asset -o cmd/mycli/asset/asset.go \
scripts/... \
config.yaml
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/linux/mycli cmd/mycli/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/darwin/mycli cmd/mycli/*.go
chmod +x ./bin/linux/mycli ./bin/darwin/mycli
rm -f config.yaml mycli
ln -s bin/linux/mycli mycli
复制代码The part that converts the file to Go source code is as follows:
go-bindata -pkg asset -o cmd/mycli/asset/asset.go \
scripts/... \
config.yaml
复制代码Option descriptions for the go-bindata command-line tool:
-pkgSpecify the package name, and the call will be written asasset.Asset("config.yaml")-oSpecifies the location where the generated Go source code is stored
The generated asset.gocode is as follows:
// Code generated by go-bindata.
// sources:
// scripts/create.sh
// scripts/sub/delete.sh
// config.yaml
// DO NOT EDIT!
package asset
func bindataRead(data []byte, name string) ([]byte, error) {
...
}
type asset struct {
bytes []byte
info os.FileInfo
}
type bindataFileInfo struct {
name string
size int64
mode os.FileMode
modTime time.Time
}
func (fi bindataFileInfo) Name() string {
return fi.name
}
func (fi bindataFileInfo) Size() int64 {
return fi.size
}
func (fi bindataFileInfo) Mode() os.FileMode {
return fi.mode
}
func (fi bindataFileInfo) ModTime() time.Time {
return fi.modTime
}
func (fi bindataFileInfo) IsDir() bool {
return false
}
func (fi bindataFileInfo) Sys() interface{} {
return nil
}
...
复制代码transfer
Use the Assetmethod to load the packaged configuration file:
const preloadConfigFile = "config.yaml"
type Config struct {
...
}
func PreloadConfig() (*Config, error) {
b, err := asset.Asset(preloadConfigFile)
if err != nil {
return nil, fmt.Errorf("failed to read config: %v", err)
}
var config *Config
err = yaml.Unmarshal(b, &config)
return config, err
}
复制代码Summarize
Use go-bindata to convert the file into Go source code, and then compile it into a binary file. Finally, you only need to hand the binary file to the user. In this way, the direct contact of the tool user with some sensitive information can be reduced and resources can be guaranteed. security.
In fact, to really achieve complete control over resource access, the CLI tool can be encapsulated again into a visual interface similar to Jenkins job, which is convenient for users and can limit the scope of the user's use of the tool, including the transmission to Parameters for the CLI tool.
Original link: k8scat.com/posts/build…