A Go template-based CLI tool. gomplate
can be used as an alternative to
envsubst
but also supports
additional template datasources such as: JSON, YAML, AWS EC2 metadata, and
Hashicorp Vault secrets.
I really like envsubst
for use as a super-minimalist template processor. But its simplicity is also its biggest flaw: it's all-or-nothing with shell-like variables.
Gomplate is an alternative that will let you process templates which also include shell-like variables. Also there are some useful built-in functions that can be used to make templates even more expressive.
- gomplate
The simplest method for macOS is to use homebrew:
$ brew tap hairyhenderson/tap
$ brew install gomplate
...
A simple way to get started is with the Docker image.
$ docker run hairyhenderson/gomplate --version
Of course, there are some drawbacks - any files to be used for [datasources][] must be mounted and any environment variables to be used must be passed through:
$ echo 'My voice is my $THING. {{(datasource "vault").value}}' \
| docker run -e THING=passport -v /home/me/.vault-token:/root/.vault-token hairyhenderson/gomplate -d vault=vault:///secret/sneakers
My voice is my passport. Verify me.
It can be pretty awkward to always type docker run hairyhenderson/gomplate
,
so this can be made simpler with a shell alias:
$ alias gomplate=docker run hairyhenderson/gomplate
$ gomplate --version
gomplate version 1.2.3
- Get the latest
gomplate
for your platform from the releases page - Store the downloaded binary somewhere in your path as
gomplate
(orgomplate.exe
on Windows) - Make sure it's executable (on Linux/macOS)
- Test it out with
gomplate --help
!
In other words:
$ curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/<version>/gomplate_<os>-<arch>
$ chmod 755 /usr/local/bin/gomplate
$ gomplate --help
...
Please report any bugs found in the issue tracker.
The usual and most basic usage of gomplate
is to just replace environment variables. All environment variables are available by referencing .Env
(or getenv
) in the template.
The template is read from standard in, and written to standard out.
Use it like this:
$ echo "Hello, {{.Env.USER}}" | gomplate
Hello, hairyhenderson
Add a data source in name=URL
form. Specify multiple times to add multiple sources. The data can then be used by the datasource
function.
A few different forms are valid:
mydata=file:///tmp/my/file.json
- Create a data source named
mydata
which is read from/tmp/my/file.json
. This form is valid for any file in any path.
- Create a data source named
mydata=file.json
- Create a data source named
mydata
which is read fromfile.json
(in the current working directory). This form is only valid for files in the current directory.
- Create a data source named
mydata.json
- This form infers the name from the file name (without extension). Only valid for files in the current directory.
You can easily access environment variables with .Env
, but there's a catch:
if you try to reference an environment variable that doesn't exist, parsing
will fail and gomplate
will exit with an error condition.
Sometimes, this behaviour is desired; if the output is unusable without certain strings, this is a sure way to know that variables are missing!
If you want different behaviour, try getenv
(below).
In addition to all of the functions and operators that the Go template
language provides (if
, else
, eq
, and
, or
, range
, etc...), there are
some additional functions baked in to gomplate
:
Exposes the os.Getenv function.
This is a more forgiving alternative to using .Env
, since missing keys will
return an empty string.
An optional default value can be given as well.
$ echo 'Hello, {{getenv "USER"}}' | gomplate
Hello, hairyhenderson
$ echo 'Hey, {{getenv "FIRSTNAME" "you"}}!' | gomplate
Hey, you!
Converts a true-ish string to a boolean. Can be used to simplify conditional statements based on environment variables or other text input.
input.tmpl
:
{{if bool (getenv "FOO")}}foo{{else}}bar{{end}}
$ gomplate < input.tmpl
bar
$ FOO=true gomplate < input.tmpl
foo
Creates a slice. Useful when needing to range
over a bunch of variables.
input.tmpl
:
{{range slice "Bart" "Lisa" "Maggie"}}
Hello, {{.}}
{{- end}}
$ gomplate < input.tmpl
Hello, Bart
Hello, Lisa
Hello, Maggie
Converts a JSON string into an object. Only works for JSON Objects (not Arrays or other valid JSON types). This can be used to access properties of JSON objects.
input.tmpl
:
Hello {{ (getenv "FOO" | json).hello }}
$ export FOO='{"hello":"world"}'
$ gomplate < input.tmpl
Hello world
Converts a JSON string into a slice. Only works for JSON Arrays.
input.tmpl
:
Hello {{ index (getenv "FOO" | jsonArray) 1 }}
$ export FOO='[ "you", "world" ]'
$ gomplate < input.tmpl
Hello world
Converts a YAML string into an object. Only works for YAML Objects (not Arrays or other valid YAML types). This can be used to access properties of YAML objects.
input.tmpl
:
Hello {{ (getenv "FOO" | yaml).hello }}
$ export FOO='hello: world'
$ gomplate < input.tmpl
Hello world
Converts a YAML string into a slice. Only works for YAML Arrays.
input.tmpl
:
Hello {{ index (getenv "FOO" | yamlArray) 1 }}
$ export FOO='[ "you", "world" ]'
$ gomplate < input.tmpl
Hello world
Parses a given datasource (provided by the --datasource/-d
argument).
Currently, file://
, http://
, https://
, and vault://
URLs are supported.
Currently-supported formats are JSON and YAML.
person.json
:
{
"name": "Dave"
}
input.tmpl
:
Hello {{ (datasource "person").name }}
$ gomplate -d person.json < input.tmpl
Hello Dave
$ echo 'Hello there, {{(datasource "foo").headers.Host}}...' | gomplate -d foo=https://httpbin.org/get
Hello there, httpbin.org...
The special vault://
URL scheme can be used to retrieve data from Hashicorp
Vault. To use this, you must put the Vault server's
URL in the $VAULT_ADDR
environment variable.
Currently, the app-id
auth backend is supported, as well as Vault tokens obtained through external
means.
To use a Vault datasource with a single secret, just use a URL of
vault:///secret/mysecret
. Note the 3 /
s - the host portion of the URL is left
empty.
$ echo 'My voice is my passport. {{(datasource "vault").value}}' \
| gomplate -d vault=vault:///secret/sneakers
My voice is my passport. Verify me.
You can also specify the secret path in the template by using a URL of vault://
(or vault:///
, or vault:
):
$ echo 'My voice is my passport. {{(datasource "vault" "secret/sneakers").value}}' \
| gomplate -d vault=vault://
My voice is my passport. Verify me.
And the two can be mixed to scope secrets to a specific namespace:
$ echo 'db_password={{(datasource "vault" "db/pass").value}}' \
| gomplate -d vault=vault:///secret/production
db_password=prodsecret
Queries AWS EC2 Instance Metadata for information. This only retrieves data in the meta-data
path -- for data in the dynamic
path use ec2dynamic
.
This only works when running gomplate
on an EC2 instance. If the EC2 instance metadata API isn't available, the tool will timeout and fail.
$ echo '{{ec2meta "instance-id"}}' | gomplate
i-12345678
Queries AWS EC2 Instance Dynamic Metadata for information. This only retrieves data in the dynamic
path -- for data in the meta-data
path use ec2meta
.
This only works when running gomplate
on an EC2 instance. If the EC2 instance metadata API isn't available, the tool will timeout and fail.
$ echo '{{ (ec2dynamic "instance-identity/document" | json).region }}' | ./gomplate
us-east-1
Queries AWS to get the region. An optional default can be provided, or returns
unknown
if it can't be determined for some reason.
In EC2
$ echo '{{ ec2region }}' | ./gomplate
us-east-1
Not in EC2
$ echo '{{ ec2region }}' | ./gomplate
unknown
$ echo '{{ ec2region "foo" }}' | ./gomplate
foo
Queries the AWS EC2 API to find the value of the given user-defined tag. An optional default can be provided.
$ echo 'This server is in the {{ ec2tag "Account" }} account.' | ./gomplate
foo
$ echo 'I am a {{ ec2tag "classification" "meat popsicle" }}.' | ./gomplate
I am a meat popsicle.
input.tmpl
:
{{ $u := getenv "USER" }}
{{ if eq $u "root" -}}
You are root!
{{- else -}}
You are not root :(
{{- end}}
$ gomplate < input.tmpl
You are not root :(
$ sudo gomplate < input.tmpl
You are root!
Right now the release process is semi-automatic.
- Create a release tag:
git tag -a v0.0.9 -m "Releasing v0.9.9" && git push --tags
- Build binaries & compress most of them:
make build-release
- Create a release in github!
Copyright (c) 2016 Dave Henderson