constancy 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7ada530fb88ee051c876720fd885e77cf72ca7fcd5428a1b67b2ee4af6a8783
-  data.tar.gz: 55258aafabeb7c9e59fa99761f09ed7840271f4a0c48e621fa46f4c5a62b4059
+  metadata.gz: 4f4ece9e3ea596821b57e8e4e2f4e11d70833df49f3480082a4438a1a018a69b
+  data.tar.gz: 5cead608d291729245435375774093004032877b5e4e447aa7ebf0ff8a7b0e2a
 SHA512:
-  metadata.gz: dea0a26adaa5c4c7497ce11748353c4219549fdff1a4a0035d45ec7620cda19b013d7f85f4d97da4167e8940eebc03ede5717d0a1c04092c1525468721df3b0b
-  data.tar.gz: f59c3ae823a87ac7e8c47ccea89cbc035a6676025c65b1a42907eae2567d5efee5f3413a145d7a554b827cf6a49d669ccc702947226b5e404a87360f6d605b22
+  metadata.gz: 7b40eb6bc0491fce5719d10c44cd11b154f71ea6415a5f5564b116ed7814a8d796deb046cf18e6d74cf17b8da15a5726a094141ae491506d1e5a3739c192f6b6
+  data.tar.gz: c45737ecc9a1c1aa92b0bfb46594dbe5ce8be6dac55f4e9efb3e30655b65bec9ec1cccec1895a0805da86c9b8bd6193f5116b11798c3e2a1a24d2f6d3b159d24

data/README.md

@@ -20,14 +20,14 @@ synchronize the changes from the filesystem to Consul.
     local:consul/config => consul:dc1:config/myapp
       Keys scanned: 80
 
-    UPDATE config/myapp/prod/ip-whitelist.json
+    UPDATE config/myapp/prod/ip-allowlist.json
     -------------------------------------------------------------------------------------
     -["10.8.0.0/16"]
     +["10.8.0.0/16","10.9.10.0/24"]
     -------------------------------------------------------------------------------------
 
     Keys to update: 1
-    ~ config/myapp/prod/ip-whitelist.json
+    ~ config/myapp/prod/ip-allowlist.json
 
 You can also limit your command to specific synchronization targets by using
 the `--target` flag:
@@ -38,19 +38,19 @@ the `--target` flag:
     local:consul/config => consul:dc1:config/myapp
       Keys scanned: 80
 
-    UPDATE config/myapp/prod/ip-whitelist.json
+    UPDATE config/myapp/prod/ip-allowlist.json
     -------------------------------------------------------------------------------------
     -["10.8.0.0/16"]
     +["10.8.0.0/16","10.9.10.0/24"]
     -------------------------------------------------------------------------------------
 
     Keys to update: 1
-    ~ config/myapp/prod/ip-whitelist.json
+    ~ config/myapp/prod/ip-allowlist.json
 
     Do you want to push these changes?
       Enter 'yes' to continue: yes
 
-    UPDATE config/myapp/prod/ip-whitelist.json   OK
+    UPDATE config/myapp/prod/ip-allowlist.json   OK
 
 Run `constancy --help` for additional options and commands.
 
@@ -127,6 +127,9 @@ required. An example `constancy.yml` is below including explanatory comments:
       #   'none': expect no Consul token (although env vars will be used if they are set)
       #   'env': expect Consul token to be set in CONSUL_TOKEN or CONSUL_HTTP_TOKEN
       #   'vault': read Consul token from Vault based on settings in the 'vault' section
+      #   'vault.<label>': a named Vault token source, eg `vault.us-east-1` or `vault.dev`
+      #      NOTE: labels must begin with a letter and may contain only (ASCII) letters,
+      #            numbers, hyphens, and underscores
 
     # the vault section is only necessary if consul.token_source is set to 'vault'
     vault:
@@ -146,6 +149,15 @@ required. An example `constancy.yml` is below including explanatory comments:
       #   but can be set to something else for static values.
       consul_token_field: token
 
+    # You can define one or more 'vault.<label>' sections to define alternative Vault
+    # token sources for use in individual sync targets.
+    vault.other:
+      url: https://your.vault.example
+      consul_token_path: consul/creds/my-other-role
+    vault.dev:
+      url: https://dev.vault.example
+      consul_token_path: consul/creds/my-dev-role
+
     sync:
       # sync is an array of hashes of sync target configurations
       #   Fields:
@@ -167,6 +179,10 @@ required. An example `constancy.yml` is below including explanatory comments:
       #       containing a hash of remote keys if this sync target has
       #       type=file. This path is calculated relative to the directory
       #       containing the configuration file.
+      #     token_source - An alternative token source other than the
+      #       default. Potential values are the same as for the
+      #       consul.token_source config value: 'none', 'env', 'vault',
+      #       or 'vault.<label>'.
       #     delete - Whether or not to delete remote keys that do not exist
       #       in the local filesystem. This inherits the setting from the
       #       `constancy` section, or if not specified, defaults to `false`.
@@ -195,6 +211,7 @@ required. An example `constancy.yml` is below including explanatory comments:
         type: dir
         datacenter: dc1
         path: consul/private
+        token_source: vault.dev
         delete: true
       - name: yourapp-config
         prefix: config/yourapp
@@ -354,10 +371,10 @@ Constancy may be partially configured using environment variables:
   interacting with the API. Otherwise, by default the agent's `acl_token`
   setting is used implicitly.
 * `VAULT_ADDR` and `VAULT_TOKEN` - if `consul.token_source` is set to `vault`
-  these variables are used to authenticate to Vault. If `VAULT_TOKEN` is not
-  set, Constancy will attempt to read a token from `~/.vault-token`. If the
-  `url` field is set, it will take priority over the `VAULT_ADDR` environment
-  variable, but one or the other must be set.
+  or `vault.<label>`, these variables are used to authenticate to Vault. If
+  `VAULT_TOKEN` is not set, Constancy will attempt to read a token from
+  `~/.vault-token`. If the `url` field is set, it will take priority over the
+  `VAULT_ADDR` environment variable, but one or the other must be set.
 
 
 ## Roadmap

data/lib/constancy.rb

@@ -4,10 +4,12 @@ require 'erb'
 require 'imperium'
 require 'fileutils'
 require 'ostruct'
+require 'vault'
 require 'yaml'
 
 require_relative 'constancy/version'
 require_relative 'constancy/config'
+require_relative 'constancy/token_source'
 require_relative 'constancy/diff'
 require_relative 'constancy/sync_target'
 

data/lib/constancy/cli/config_command.rb

@@ -8,18 +8,25 @@ class Constancy
           Constancy::CLI.configure(call_external_apis: false)
 
           puts " Config file: #{Constancy.config.config_file}"
-          puts "  Consul URL: #{Constancy.config.consul.url}"
+          puts "  Consul URL: #{Constancy.config.consul_url}"
           puts "     Verbose: #{Constancy.config.verbose?.to_s.bold}"
-          if Constancy.config.consul_token_source == "env"
-            puts
-            puts "Token Source: CONSUL_TOKEN or CONSUL_HTTP_TOKEN environment variable"
-
-          elsif Constancy.config.consul_token_source == "vault"
+          puts
+          puts " Defined Consul Token Sources:"
+          default_src_name = Constancy.config.default_consul_token_source.name
+          srcs = Constancy.config.consul_token_sources
+          ( %w( none env ) + ( srcs.keys.sort - %w( none env ) ) ).each do |name|
             puts
-            puts "Token Source: Vault"
-            puts "   Vault URL: #{Constancy.config.vault_config.url}"
-            puts "  Token Path: #{Constancy.config.vault_config.consul_token_path}"
-            puts " Token Field: #{Constancy.config.vault_config.consul_token_field}"
+            puts "   #{name}:#{ default_src_name == name ? " (DEFAULT)".bold : ""}"
+            case name
+            when "none"
+              puts "     uses CONSUL_HTTP_TOKEN or CONSUL_TOKEN env var if available"
+            when "env"
+              puts "     requires CONSUL_HTTP_TOKEN or CONSUL_TOKEN env var"
+            when /^vault/
+              puts "     address: #{srcs[name].vault_addr}"
+              puts "        path: #{srcs[name].consul_token_path}"
+              puts "       field: #{srcs[name].consul_token_field}"
+            end
           end
           puts
           puts "Sync target defaults:"
@@ -35,16 +42,17 @@ class Constancy
             else
               print '*'
             end
-            puts " Datacenter: #{target.datacenter}"
-            puts "  Local type: #{target.type == :dir ? 'Directory' : 'Single file'}"
-            puts "   #{target.type == :dir ? " Dir" : "File"} path: #{target.path}"
-            puts "      Prefix: #{target.prefix}"
-            puts "   Autochomp? #{target.chomp?}"
-            puts "      Delete? #{target.delete?}"
+            puts "   Datacenter: #{target.datacenter}"
+            puts "    Local type: #{target.type == :dir ? 'Directory' : 'Single file'}"
+            puts "     #{target.type == :dir ? " Dir" : "File"} path: #{target.path}"
+            puts "        Prefix: #{target.prefix}"
+            puts "  Token Source: #{target.token_source.name}"
+            puts "     Autochomp? #{target.chomp?}"
+            puts "        Delete? #{target.delete?}"
             if not target.exclude.empty?
-              puts "  Exclusions:"
+              puts "    Exclusions:"
               target.exclude.each do |exclusion|
-                puts "    - #{exclusion}"
+                puts "      - #{exclusion}"
               end
             end
             puts

data/lib/constancy/config.rb

@@ -11,6 +11,8 @@ class Constancy
   class Config
     CONFIG_FILENAMES = %w( constancy.yml )
     VALID_CONFIG_KEYS = %w( sync consul vault constancy )
+    VALID_VAULT_KEY_PATTERNS = [ %r{^vault\.[A-Za-z][A-Za-z0-9_-]*$}, %r{^vault$} ]
+    VALID_CONFIG_KEY_PATTERNS = VALID_VAULT_KEY_PATTERNS
     VALID_CONSUL_CONFIG_KEYS = %w( url datacenter token_source )
     VALID_VAULT_CONFIG_KEYS = %w( url consul_token_path consul_token_field )
     VALID_CONSTANCY_CONFIG_KEYS = %w( verbose chomp delete color )
@@ -18,7 +20,8 @@ class Constancy
     DEFAULT_CONSUL_TOKEN_SOURCE = "none"
     DEFAULT_VAULT_CONSUL_TOKEN_FIELD = "token"
 
-    attr_accessor :config_file, :base_dir, :consul, :consul_token_source, :sync_targets, :target_whitelist, :call_external_apis, :vault_config
+    attr_accessor :config_file, :base_dir, :consul_url, :default_consul_token_source,
+      :sync_targets, :target_allowlist, :call_external_apis, :consul_token_sources
 
     class << self
       # discover the nearest config file
@@ -34,6 +37,15 @@ class Constancy
 
         dir == "/" ? nil : self.discover(dir: File.dirname(dir))
       end
+
+      def only_valid_config_keys!(keylist)
+        (keylist - VALID_CONFIG_KEYS).each do |key|
+          if not VALID_CONFIG_KEY_PATTERNS.find { |pattern| key =~ pattern }
+            raise Constancy::ConfigFileInvalid.new("'#{key}' is not a valid configuration key")
+          end
+        end
+        true
+      end
     end
 
     def initialize(path: nil, targets: nil, call_external_apis: true)
@@ -51,7 +63,7 @@ class Constancy
 
       self.config_file = File.expand_path(self.config_file)
       self.base_dir = File.dirname(self.config_file)
-      self.target_whitelist = targets
+      self.target_allowlist = targets
       self.call_external_apis = call_external_apis
       parse!
     end
@@ -72,7 +84,11 @@ class Constancy
       @use_color
     end
 
-    private
+    def parse_vault_token_sources!(raw)
+      raw.keys.select { |key| VALID_VAULT_KEY_PATTERNS.find { |pattern| key =~ pattern } }.collect do |key|
+        [key, Constancy::VaultTokenSource.new(name: key, config: raw[key])]
+      end.to_h
+    end
 
     def parse!
       raw = {}
@@ -91,116 +107,40 @@ class Constancy
         raise Constancy::ConfigFileInvalid.new("Config file must form a hash")
       end
 
-      if (raw.keys - Constancy::Config::VALID_CONFIG_KEYS) != []
-        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid at the top level of the config: #{Constancy::Config::VALID_CONFIG_KEYS.join(", ")}")
-      end
+      Constancy::Config.only_valid_config_keys!(raw.keys)
+
+      self.consul_token_sources = {
+        "none" => Constancy::PassiveTokenSource.new,
+        "env" => Constancy::EnvTokenSource.new,
+      }.merge(
+        self.parse_vault_token_sources!(raw),
+      )
 
       raw['consul'] ||= {}
       if not raw['consul'].is_a? Hash
         raise Constancy::ConfigFileInvalid.new("'consul' must be a hash")
       end
 
-      if (raw['consul'].keys - Constancy::Config::VALID_CONSUL_CONFIG_KEYS) != []
-        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in the consul config: #{Constancy::Config::VALID_CONSUL_CONFIG_KEYS.join(", ")}")
+      if (raw['consul'].keys - VALID_CONSUL_CONFIG_KEYS) != []
+        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in the consul config: #{VALID_CONSUL_CONFIG_KEYS.join(", ")}")
       end
 
-      consul_url = raw['consul']['url'] || Constancy::Config::DEFAULT_CONSUL_URL
-
-      # start with a token from the environment, regardless of the token_source setting
-      consul_token = ENV['CONSUL_HTTP_TOKEN'] || ENV['CONSUL_TOKEN']
-
-      self.consul_token_source = raw['consul']['token_source'] || Constancy::Config::DEFAULT_CONSUL_TOKEN_SOURCE
-      case self.consul_token_source
-      when "none"
-        # nothing to do
-
-      when "env"
-        if consul_token.nil? or consul_token == ""
-          raise Constancy::ConsulTokenRequired.new("Consul token_source is set to 'env' but neither CONSUL_TOKEN nor CONSUL_HTTP_TOKEN is set")
-        end
-
-      when "vault"
-        require 'vault'
-
-        raw['vault'] ||= {}
-        if not raw['vault'].is_a? Hash
-          raise Constancy::ConfigFileInvalid.new("'vault' must be a hash")
-        end
-
-        if (raw['vault'].keys - Constancy::Config::VALID_VAULT_CONFIG_KEYS) != []
-          raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in the vault config: #{Constancy::Config::VALID_VAULT_CONFIG_KEYS.join(", ")}")
-        end
-
-        vault_path = raw['vault']['consul_token_path']
-        if vault_path.nil? or vault_path == ""
-          raise Constancy::ConfigFileInvalid.new("vault.consul_token_path must be specified to use vault as a token source")
-        end
-
-        # prioritize the config file over environment variables for vault address
-        vault_addr = raw['vault']['url'] || ENV['VAULT_ADDR']
-        if vault_addr.nil? or vault_addr == ""
-          raise Constancy::VaultConfigInvalid.new("Vault address must be set in vault.url or VAULT_ADDR")
-        end
-
-        vault_token = ENV['VAULT_TOKEN']
-        if vault_token.nil? or vault_token == ""
-          vault_token_file = File.expand_path("~/.vault-token")
-          if File.exist?(vault_token_file)
-            vault_token = File.read(vault_token_file)
-          else
-            raise Constancy::VaultConfigInvalid.new("Vault token must be set in ~/.vault-token or VAULT_TOKEN")
+      self.consul_url = raw['consul']['url'] || DEFAULT_CONSUL_URL
+      srcname = raw['consul']['token_source'] || DEFAULT_CONSUL_TOKEN_SOURCE
+      self.default_consul_token_source =
+        self.consul_token_sources[srcname].tap do |src|
+          if src.nil?
+            raise Constancy::ConfigFileInvalid.new("Consul token source '#{consul_token_source}' is not defined")
           end
         end
 
-        vault_field = raw['vault']['consul_token_field'] || Constancy::Config::DEFAULT_VAULT_CONSUL_TOKEN_FIELD
-
-        self.vault_config = OpenStruct.new(
-          url: vault_addr,
-          consul_token_path: vault_path,
-          consul_token_field: vault_field,
-        )
-
-        # don't waste time talking to Vault if this is just a config parsing run
-        if self.call_external_apis
-          ENV['VAULT_ADDR'] = vault_addr
-          ENV['VAULT_TOKEN'] = vault_token
-
-          begin
-            response = Vault.logical.read(vault_path)
-            consul_token = response.data[vault_field.to_sym]
-
-            if response.lease_id
-              at_exit {
-                begin
-                  Vault.sys.revoke(response.lease_id)
-                rescue => e
-                  # this is fine
-                end
-              }
-            end
-
-          rescue => e
-            raise Constancy::VaultConfigInvalid.new("Are you logged in to Vault?\n\n#{e}")
-          end
-
-          if consul_token.nil? or consul_token == ""
-            raise Constancy::VaultConfigInvalid.new("Could not acquire a Consul token from Vault")
-          end
-        end
-
-      else
-        raise Constancy::ConfigFileInvalid.new("Only the following values are valid for token_source: none, env, vault")
-      end
-
-      self.consul = Imperium::Configuration.new(url: consul_url, token: consul_token)
-
       raw['constancy'] ||= {}
       if not raw['constancy'].is_a? Hash
         raise Constancy::ConfigFileInvalid.new("'constancy' must be a hash")
       end
 
-      if (raw['constancy'].keys - Constancy::Config::VALID_CONSTANCY_CONFIG_KEYS) != []
-        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in the 'constancy' config block: #{Constancy::Config::VALID_CONSTANCY_CONFIG_KEYS.join(", ")}")
+      if (raw['constancy'].keys - VALID_CONSTANCY_CONFIG_KEYS) != []
+        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in the 'constancy' config block: #{VALID_CONSTANCY_CONFIG_KEYS.join(", ")}")
       end
 
       # verbose: default false
@@ -233,6 +173,7 @@ class Constancy
 
       self.sync_targets = []
       raw['sync'].each do |target|
+        token_source = self.default_consul_token_source
         if target.is_a? Hash
           target['datacenter'] ||= raw['consul']['datacenter']
           if target['chomp'].nil?
@@ -241,19 +182,31 @@ class Constancy
           if target['delete'].nil?
             target['delete'] = self.delete?
           end
+          if not target['token_source'].nil?
+            token_source = self.consul_token_sources[target['token_source']]
+            if token_source.nil?
+              raise Constancy::ConfigFileInvalid.new("Consul token source '#{target['token_source']}' is not defined")
+            end
+            target.delete('token_source')
+          end
         end
 
-        if not self.target_whitelist.nil?
-          # unnamed targets cannot be whitelisted
+        if not self.target_allowlist.nil?
+          # unnamed targets cannot be allowlisted
           next if target['name'].nil?
 
-          # named targets must be on the whitelist
-          next if not self.target_whitelist.include?(target['name'])
+          # named targets must be on the allowlist
+          next if not self.target_allowlist.include?(target['name'])
         end
 
-        self.sync_targets << Constancy::SyncTarget.new(config: target, imperium_config: self.consul, base_dir: self.base_dir)
+        # only try to fetch consul tokens if we are actually going to do work
+        consul_token = if self.call_external_apis
+                         token_source.consul_token
+                       else
+                         ""
+                       end
+        self.sync_targets << Constancy::SyncTarget.new(config: target, consul_url: consul_url, token_source: token_source, base_dir: self.base_dir, call_external_apis: self.call_external_apis)
       end
-
     end
   end
 end

data/lib/constancy/sync_target.rb

@@ -3,13 +3,13 @@
 class Constancy
   class SyncTarget
     VALID_CONFIG_KEYS = %w( name type datacenter prefix path exclude chomp delete erb_enabled )
-    attr_accessor :name, :type, :datacenter, :prefix, :path, :exclude, :consul, :erb_enabled
+    attr_accessor :name, :type, :datacenter, :prefix, :path, :exclude, :consul, :erb_enabled, :consul_url, :token_source, :call_external_apis
 
     REQUIRED_CONFIG_KEYS = %w( prefix )
     VALID_TYPES = [ :dir, :file ]
     DEFAULT_TYPE = :dir
 
-    def initialize(config:, imperium_config:, base_dir:)
+    def initialize(config:, consul_url:, token_source:, base_dir:, call_external_apis: true)
       if not config.is_a? Hash
         raise Constancy::ConfigFileInvalid.new("Sync target entries must be specified as hashes")
       end
@@ -46,7 +46,15 @@ class Constancy
         @do_delete = false
       end
 
-      self.consul = Imperium::KV.new(imperium_config)
+      self.call_external_apis = call_external_apis
+      self.consul_url = consul_url
+      self.token_source = token_source
+      token = if self.call_external_apis
+                self.token_source.consul_token
+              else
+                ""
+              end
+      self.consul = Imperium::KV.new(Imperium::Configuration.new(url: self.consul_url, token: token))
       self.erb_enabled = config['erb_enabled']
     end
 

data/lib/constancy/token_source.rb

@@ -0,0 +1,94 @@
+# This software is public domain. No rights are reserved. See LICENSE for more information.
+
+class Constancy
+  # use env vars if defined, but otherwise just return an empty string
+  class PassiveTokenSource
+    def name
+      "none"
+    end
+
+    def consul_token
+      ENV['CONSUL_HTTP_TOKEN'] || ENV['CONSUL_TOKEN'] || ""
+    end
+  end
+
+  # use env vars and raise an error if none is found
+  class EnvTokenSource
+    def name
+      "env"
+    end
+
+    def consul_token
+      consul_token = ENV['CONSUL_HTTP_TOKEN'] || ENV['CONSUL_TOKEN']
+      if consul_token.nil? or consul_token == ""
+        raise Constancy::ConsulTokenRequired.new("Consul token_source was set to 'env' but neither CONSUL_TOKEN nor CONSUL_HTTP_TOKEN is set")
+      end
+    end
+  end
+
+  class VaultTokenSource
+    attr_accessor :name, :vault_addr, :vault_token, :consul_token_path, :consul_token_field
+
+    def initialize(name:, config:)
+      self.name = name
+
+      config ||= {}
+      if not config.is_a? Hash
+        raise Constancy::ConfigFileInvalid.new("'#{name}' must be a hash")
+      end
+
+      if (config.keys - Constancy::Config::VALID_VAULT_CONFIG_KEYS) != []
+        raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in a vault config: #{Constancy::Config::VALID_VAULT_CONFIG_KEYS.join(", ")}")
+      end
+
+      self.consul_token_path = config['consul_token_path']
+      if self.consul_token_path.nil? or self.consul_token_path == ""
+        raise Constancy::ConfigFileInvalid.new("consul_token_path must be specified to use '#{name}' as a token source")
+      end
+
+      # prioritize the config file over environment variables for vault address
+      self.vault_addr = config['url'] || ENV['VAULT_ADDR']
+      if self.vault_addr.nil? or self.vault_addr == ""
+        raise Constancy::VaultConfigInvalid.new("Vault address must be set in #{name}.vault_addr or VAULT_ADDR")
+      end
+
+      self.vault_token = ENV['VAULT_TOKEN']
+      if self.vault_token.nil? or self.vault_token == ""
+        vault_token_file = File.expand_path("~/.vault-token")
+        if File.exist?(vault_token_file)
+          self.vault_token = File.read(vault_token_file)
+        else
+          raise Constancy::VaultConfigInvalid.new("Vault token must be set in ~/.vault-token or VAULT_TOKEN")
+        end
+      end
+
+      self.consul_token_field = config['consul_token_field'] || Constancy::Config::DEFAULT_VAULT_CONSUL_TOKEN_FIELD
+    end
+
+    def consul_token
+      if @consul_token.nil?
+        begin
+          response = Vault::Client.new(address: self.vault_addr, token: self.vault_token).logical.read(self.consul_token_path)
+          @consul_token = response.data[self.consul_token_field.to_sym]
+          if response.lease_id
+            at_exit {
+              begin
+                Vault::Client.new(address: self.vault_addr, token: self.vault_token).sys.revoke(response.lease_id)
+              rescue => e
+                # this is fine
+              end
+            }
+          end
+
+        rescue => e
+          raise Constancy::VaultConfigInvalid.new("Are you logged in to Vault?\n\n#{e}")
+        end
+
+        if @consul_token.nil? or @consul_token == ""
+          raise Constancy::VaultConfigInvalid.new("Could not acquire a Consul token from Vault")
+        end
+      end
+      @consul_token
+    end
+  end
+end

data/lib/constancy/version.rb

@@ -1,5 +1,5 @@
 # This software is public domain. No rights are reserved. See LICENSE for more information.
 
 class Constancy
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: constancy
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - David Adams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-21 00:00:00.000000000 Z
+date: 2020-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: imperium
@@ -87,6 +87,7 @@ files:
 - lib/constancy/config.rb
 - lib/constancy/diff.rb
 - lib/constancy/sync_target.rb
+- lib/constancy/token_source.rb
 - lib/constancy/version.rb
 homepage: https://github.com/daveadams/constancy
 licenses: