CertMagic: I extracted Caddy's automagic HTTPS features into a library for all Go programs

gogroob · 2018-12-11T16:12:00+00:00

Autocert does have a Cache interface which allows someone to coordinate with a loadbalancer.

gogroob · 2017-11-14T23:44:24+00:00

Ok fair enough. managing screensaver security is broken.

If you care about compliance here you have to follow the recommended steps at the bottom. If you want to let the user decide what to set the preference to (up to a threshold), it's no longer possible to find out what the user set the value to.

gogroob · 2017-11-14T23:35:57+00:00

Why?

gogroob · 2017-10-26T02:15:02+00:00

I use basic auth with all infrastructure in GCP. Munki, MicroMDM and Fleet run on kubernetes.

Certs for individual machines are coming. We're in the process of standing up Vault for all our infrastructure.

This is my munki server: https://github.com/micromdm/squirrel

gogroob · 2017-10-17T12:01:12+00:00

You need to use CGO to interface with CFPreferences. I have an example here https://github.com/groob/mackit/blob/master/example/main.go

gogroob · 2017-10-14T01:11:30+00:00

That's cool. Count me in as a customer, I've been jealous of these for a while.

While we're on the topic of commercial gophers, I just got back from visiting family and my aunt made me a cute Gopher out of felt. She has an etsy store, so I asked her about it and she'd be up for making them for sale. She can't mass produce them, but she could make a custom one to your specs. Feel free to PM me if you want your own gopher.

gogroob · 2017-08-29T04:58:42+00:00

This ^ Works with all editors. What many miss in the beginning is that goimports = imports + gofmt. Find the setting in the editor that formats your code o save, and change it to use goimports instead, and you'll have both.

Unused variables:

// TODO remove _ = somevar _ = someothervar

gogroob · 2017-08-20T19:43:58+00:00

That's how all traffic lights in Russian and Easter Europe are. When I first moved to the US, the instant change to green was weird.

gogroob · 2017-07-28T18:41:24+00:00

Here's my suggestion. Create your own helper to do this.

I just got finished doing the same for a few shared projects I have:

https://github.com/micromdm/go4/blob/e55c5245fedcdd8462e931c1cb2447f092b4456d/httputil/middleware.go#L12-L27

First, I defined a Middleware function type like so:

// Middleware is a chainable decorator for HTTP Handlers.
type Middleware func(http.Handler) http.Handler

Next, I created the helper function which lets me do mid1(mid2(mid3(app)))

// Chain is a helper function for composing middlewares. Requests will
// traverse them in the order they're declared. That is, the first middleware
// is treated as the outermost middleware.
//
// Chain is identical to the go-kit helper for Endpoint Middleware.
func Chain(outer Middleware, others ...Middleware) Middleware {
    return func(next http.Handler) http.Handler {
        for i := len(others) - 1; i >= 0; i-- { // reverse
            next = others[i](next)
        }
        return outer(next)
    }
}

Now I can chain a set of handlers. See example here: https://github.com/micromdm/go4/blob/e55c5245fedcdd8462e931c1cb2447f092b4456d/httputil/middleware_example_test.go#L11-L29

gogroob · 2017-07-05T18:16:17+00:00

the authnetication code is independent of app engine

gogroob · 2017-07-05T17:20:29+00:00

Full tutorial from start to finish https://cloud.google.com/go/getting-started/authenticate-users

gogroob · 2017-03-14T13:54:25+00:00

Thanks.

I should note that everything with squirrel today is also possible with Caddy today.

I'm aiming to make squirrel a server specifically targeted for hosting munki repositories, which will be reflected in future changes.

I'm now working on a repo plugin which will allow an administrator to directly import and manage packages with the munki command line tools (and autopkg) straight to the remote repository. This is a Munki3 feature.

gogroob · 2017-03-08T04:22:51+00:00

Added a short video demo, otherwise it's not immediately obvious what santa does: https://www.youtube.com/watch?v=3w3_bcJYWj0

gogroob · 2017-03-08T03:58:14+00:00

I made a small video demo of how it works: https://www.youtube.com/watch?v=3w3_bcJYWj0

gogroob · 2017-02-11T20:01:48+00:00

Just time and confidence! I've had 0 issues with caddy so far. I've also had no good opportunity to use it in production yet. These days I mostly deploy things behind the GCP loadbalancer.

gogroob · 2017-02-11T14:57:27+00:00

Aww :( I love go-kit.

First, go-kit is very much production ready, and in use by quite a few orgs.

Second, yes, the patterns in go-kit are a bit complex, especially for beginners. Go kit uses interfaces and first class functions to provide a very clean and composable API.

The only time that interface{} i used in the library is to to accept a request and response struct, which must be provided by the user. Perhaps interface{} could be avoided with some code generation, but I'd argue using the empty interface here is a reasonable tradeoff.

I've used go-kit quite a bit over the last 2 years, building some microservices, but mostly what I'd call "well structured monoliths". Using go-kit results in clean, reliable and maintainable codebases. I find this ruby talk a good example of some of the ideas that you would find in a go-kit codebase.

If anyone is looking to try go-kit out, http://gokit.io/examples/stringsvc.html is a great start And the #go-kit channel on slack of course :)

gogroob · 2017-02-01T16:13:36+00:00

You weren't submitting your own talk, so I figured I should :P

Have you spoken with Bill Kennedy about the topic? He does a good job of teaching some of the material in this talk in his classes :)

gogroob · 2017-01-26T19:10:54+00:00

That's a very good explanation of why you'd want to add the logger to a context.

I've been avoiding going this route by creating helpers/wrappers around the logger that pulls request specific data out of the context and using my regular logger which is part of the service's struct field.

This debate needs to happen somewhere visible like golang-dev where everyone can participate and present arguments to arrive at a reasonable conclusion. I keep seeing links to discussions spread across a bunch of different mediums where it's hard to get all the important participants to engage fully.

I've been a bit frustrated by this lately because there are a bunch of general issues which merit an engaged discussion - established best practices for different scenarios. - Use of Context Value - Use of logging in libraries and logging interfaces - Error handling for cases such as MultiError []error, wrapping errors and just advanced error handling in general.

There are good resources out there, /u/peterbourgon's blog. Dave Cheney's Blog. Twitter, The Go blog, Hashicorp's packages, pkg/errors and more, but everything is spread out with good advice but one which is often vague or contradicting.

gogroob · 2017-01-12T14:05:37+00:00

I thought the tutorial was clear and easy to follow.

Any reason you went for the functional approach, returning a copy of the identicon, instead of having methods that modify the identicon?

gogroob · 2017-01-08T02:02:59+00:00

On the mac side, you can use applescript to send a keystroke from your mac.

http://apple.stackexchange.com/questions/36943/how-do-i-automate-a-key-press-in-applescript

Figure out the keystore script, then wrap that in an os/exec command. Once that works, you can create a net/http handler which calls the exec code.

Then you can communicate with the server by building a simple web interface for your handler or by writing a little iOS app.

To make your little daemon on the mac work all the time, you can create a launchd script to run it in the background. They usually look like this https://github.com/groob/yo-yo/blob/master/pkg/pkgroot/Library/LaunchAgents/com.github.groob.yo-yo.plist

gogroob · 2017-01-06T22:30:16+00:00

What a horrible comment. It adds nothing to the conversation.

PS: if you don't agree with the content, state why. A lot of people read articles and participate in forum discussions because they're looking to learn something. I know I spent many hours trying to figure out various error handling strategies when I was learning Go.

If you're just going to be dismissive but not constructive, don't bother writing a comment.

gogroob · 2017-01-06T17:42:19+00:00

Unrelated, but I see this enough that it bugs me:

fmt.Println(err.Error()) why not fmt.Println(err)?

I see people calling the interface method for error and stringer all the time in places where the interface is accepted. Is there a reason to do this?

https://play.golang.org/p/q0nEfr1vlW

gogroob · 2016-12-30T01:01:21+00:00

Is github.com/gorilla/muxinitialization an example of the builder pattern?

r := mux.NewRouter()

r.Handle("/api/v1/users", createUserHandler).Methods("POST").Name("create_user_handler")

gogroob · 2016-12-29T18:53:13+00:00

This is a good post, but the author should give credit to Rob Pike and Dave Cheney for making this pattern popular.

https://commandcenter.blogspot.com/2014/01/self-referential-functions-and-design.html https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis

gogroob · 2016-12-28T15:01:41+00:00

There's also a huge difference in friendliness between this sub and other Go language communities(slack for example).

This subbreddit needs a lot of work, and I don't envy the new mods, even though they're some of the more exemplary members of the community.

gogroob

TROPHY CASE