RubyGems - consult - Versions diffs - 0.6.0 → 0.7.1 - Mend

consult 0.6.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: aa590a02bf4aceb2c3b04e21c5737d1b7e86160db8cb1251c79dcf612eba6e9f
-  data.tar.gz: 29e80de8a03c8c52eb156dcabaed67b43bad22997e6c3532994d177afce5d4b0
+SHA1:
+  metadata.gz: 1e1427b4b6792bfd9723be2d22edacda36e0349e
+  data.tar.gz: a993feb5698c03865b75ce377ea0c8222d256672
 SHA512:
-  metadata.gz: 8d6aebe85871c232f97e9b760c811b18e98488149214fe9c7b3f618b601e69323ba6f2c30ff270afd6d68a5783492407cbc1446e455efccc1d031c0a880a3a44
-  data.tar.gz: 532d19aaf161adb255f1179958814d03f1d9ced811c4405dcd2f66244589aa58c08e83583b84720feb6a8d6187f3a991076d7d4524c81b27bcddaf38716354e3
+  metadata.gz: b9e9b8cef692b5713baaa1cbd0267c00041ac17e2499c3a5b217d816abdb869ff14e05f36ad218c10ca23cb6cf28ab66c0a33244ab095a976591262e8de777d4
+  data.tar.gz: 5488c26112399997e8818345aad315a711b5cd09759bbbeaba2e076846bae36a0795def1af07293c4e6616a15a501e5023e3494713f346158e1439c490186362

data/CHANGELOG.md CHANGED Viewed

@@ -1,7 +1,12 @@
-# 0.6.0
+#### 0.7.0
+* consult.yml configuration structure has changed, to enable environment specific configuration blocks (see readme for example)
+* Improve safety around edge cases
+#### 0.6.0
 * Fixed tests to account for versioned key-value stores in Vault 0.10+
-# 0.5.0
+#### 0.5.0
 Initial release.

data/README.md CHANGED Viewed

@@ -1,14 +1,18 @@
 # Consult
+Generate configuration and secrets for Rails apps automatically from [Consul](https://github.com/hashicorp/consul) & [Vault](https://github.com/hashicorp/vault).
 [![Gem Version](https://badge.fury.io/rb/consult.svg)](https://badge.fury.io/rb/consult)
 [![Build Status](https://travis-ci.org/veracross/consult.svg?branch=master)](https://travis-ci.org/veracross/consult)
 [![Maintainability](https://api.codeclimate.com/v1/badges/d7b048b7edd9f27c83b9/maintainability)](https://codeclimate.com/github/veracross/consult/maintainability)
-Render configuration and secrets from [Consul] and [Vault] with ERB templates.
+## Background
+This gem is a spiritual sibling to [Consul Template](https://github.com/hashicorp/consul-template), but specifically intended for use in Ruby/Rails environments. It does not have the same features as Consul Template; it is intended for simpler scenarios. Most importantly, leases and configuration changes are _not_ watched to automatically re-render. Consult is intended for more static or medium-to-long lived application configuration.
-This gem is a spiritual sibling to [Consul Template], but specifically intended for use in Ruby or Rails environments. It does not have the same features as Consul Template; it is intended for simpler scenarios. Most importantly, leases and configuration changes are _not_ watched to automatically re-render. Consult is intended for more static or medium-to-long lived configuration.
+We use Consul Template for server level configuration, but application level configuration is more tricky. It is difficult to solve the problem of fetching configuration and secrets in a consistent way in development, staging, and production. For example, we wanted to avoid having Consul Template used in production, but some other custom solution in development.
-If this gem is included in a Rails, the template will render on Rails boot. Because of this, configuration or credential changes can be picked up by restarting your app.
+With Consult the process is the same in all environments.
 This gem is considered _beta_. At Veracross, we are just beginning to use it in staging environments.
@@ -30,63 +34,73 @@ Or install it yourself as:
 ## Usage
-Using Consult requires a configuration YAML file and a series of templates. The configuration file serves as a manifest of templates and their settings, along with optional connection settings to Vault and Consul.
+Using Consult requires a configuration YAML file and a series of template files. The configuration file serves as a manifest of templates and their settings, along with optional connection settings to Vault and Consul.
+Pre-existing copies of files generated by Consult (such as `secrets.yml`, `database.yml`, etc) should be removed from your app's source control and added to your `.gitignore`. Only keep your templates in source control, not the generated files!
+If this gem is included in a Rails, the templates will render on Rails boot. Configuration or credential changes can be picked up by restarting your app.
 ### Configuration
 ```yaml
-# The environment you are operating it. Defaults to ENV['RAILS_ENV'] or Rails.env if Rails is present.
+# Optional; Consult will render this specific environment, if set
+# Defaults to ENV['RAILS_ENV'] or Rails.env if Rails is present
 env: test
-# Optional
-consul:
-  # Prefers `CONSUL_HTTP_ADDR` environment variable
-  address: http://0.0.0.0:8500
-  # Prefers `CONSUL_HTTP_TOKEN` environment variable, or a ~/.consul-token file.
-  # Setting a token here is not best practice because consul tokens should have a relatively short TTL
-  # and be read from the environment, but this is convenient for testing.
-  token: 5d3f1c66-d405-4ad1-b634-ea30be4fb539
-# Optional
-vault:
-  # Prefers `VAULT_ADDR` environment variable
-  address: http://0.0.0.0:8200
-  # Prefers `VAULT_TOKEN` environment variable, or a ~/.vault-token file
-  # Setting a token here is not best practice because vault tokens should have a relatively short TTL
-  # and be read from the environment, but this is convenient for testing.
-  token: 8fcd5aed-3eb9-412d-8923-1397af7aede2
-# Enumerate the templates.
-templates:
-  database:
-    # Relative paths are assumed to be in #{Rails.root}.
-    # Path to the template
-    path: config/templates/database.yml.erb
-    # Destination for the rendered template
-    dest: config/database.yml
-    # Which environments to render this template in
-    environments: all
-    # If the file is less than this old, do not re-render
-    ttl: 3600 # seconds
-  secrets:
-    path: config/templates/secrets.yml.erb
-    dest: config/secrets.yml
-    environments: test
-  should_be_excluded:
-    path: config/templates/fake.yml.erb
-    dest: config/fake.yml
-    environments: production # won't be rendered because it doesn't match `env` at the top
-```
-### Conventions
+# "shared" is the base configuration used for all environments by default
+# note: you do NOT need to use yaml merge syntax to have shared configuration included for specific environments
+shared:
+  # Optional
+  consul:
+    # Prefers `CONSUL_HTTP_ADDR` environment variable
+    address: http://0.0.0.0:8500
+    # Prefers `CONSUL_HTTP_TOKEN` environment variable, or a ~/.consul-token file.
+    # Setting a token here is not best practice because consul tokens should have a relatively short TTL
+    # and be read from the environment, but this is convenient for testing.
+    token: 5d3f1c66-d405-4ad1-b634-ea30be4fb539
+  # Optional
+  vault:
+    # Prefers `VAULT_ADDR` environment variable
+    address: http://0.0.0.0:8200
+    # Prefers `VAULT_TOKEN` environment variable, or a ~/.vault-token file
+    # Setting a token here is not best practice because vault tokens should have a relatively short TTL
+    # and be read from the environment, but this is convenient for testing.
+    token: 8fcd5aed-3eb9-412d-8923-1397af7aede2
+  # Enumerate the templates.
+  templates:
+    database:
+      # Relative paths are assumed to be in #{Rails.root}.
+      # Path to the template
+      path: config/templates/database.yml
+      # Destination for the rendered template
+      dest: config/database.yml
+      # If the file is less than this old, do not re-render
+      ttl: 3600 # seconds
+# environment specific configuration
+# NOTE: environment keys will be deep merged with the "shared" configuration
+test:
+  templates:
+    secrets:
+      path: config/templates/secrets.yml
+      dest: config/secrets.yml
-Because you can use this to fetch secrets or render out things like `database.yml`, you should delete `secrets.yml` and `database.yml` from your app and add them to `.gitignore`. Only keep your templates in source control.
+production:
+  # example: override vault token in production
+  vault:
+    token: 1397af7aede2-8923-412d-3eb9-8fcd5aed
+  templates:
+    # excluded from non-production environments
+    should_be_excluded:
+      path: config/templates/fake.yml
+      dest: config/fake.yml
+```
 ### Templates
-Templates are ERB files, and as such can do anything ERB can do. However, Consult does provide a few helper functions.
+Templates files are processed with ERB. As such, they can do anything ERB can do. Consult also provides a few helper functions.
 Note that under the hood, Consult is using [Diplomat](https://github.com/WeAreFarmGeek/diplomat) and the [Vault Gem](https://github.com/hashicorp/vault-ruby). Consul objects are therefore Diplomat objects, and likewise Vault objects are Vault Gem objects. See their API docs for more information. Diplomat generally returns structs with title cased properties.
@@ -203,10 +217,10 @@ password: <%= s.data[:password] %>
 #### More Full Examples
-Render multiple servers into a database.yml file, keyed by their name.
+Render multiple servers into a `database.yml` file, keyed by their name.
 ```yml
-# database.yml.erb
+# database.yml
 <% service("postgres").each do |node| %>
 '<%= node.Node %>':
   host: <%= node.Address %>
@@ -240,7 +254,7 @@ Yields something like
 #### Secrets
 ```yml
-# secrets.yml.erb
+# secrets.yml
 shared:
   rollbar_token: <%= secret('secrets/third_party').data[:rollbar] %>
   scout_token: <%= secret('secrets/third_party').data[:scout] %>
@@ -261,12 +275,6 @@ Rollbar.configure do |config|
 end
 ```
-## Why we built this
-We use [Consul Template] for server-level configuration, but application level configuration is more tricky. It is difficult to solve the problem of fetching secrets and config in a consistent way in both development and production. We wanted to avoid having [Consul Template] in use in production, but some other custom solution in development.
-Using this gem, the implementation is the same in dev and prod, and it is frictionless since the templates render when Rails boots.
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment. See below for testing instructions.
@@ -288,7 +296,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/veracr
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-[Vault]: https://github.com/hashicorp/vault
-[Consul]: https://github.com/hashicorp/consul
-[Consul Template]: https://github.com/hashicorp/consul-template

data/bin/console CHANGED Viewed

File without changes

data/bin/setup CHANGED Viewed

File without changes

data/lib/consult.rb CHANGED Viewed

@@ -23,9 +23,12 @@ module Consult
     def load(config_dir: nil)
       root directory: config_dir
       yaml = root.join('config', 'consult.yml')
-      @config = yaml.exist? ? YAML.safe_load(ERB.new(yaml.read).result, [], [], true) : {}
-      @config.deep_symbolize_keys!
-      @templates = @config[:templates]&.map { |name, config| Template.new(name, config) }
+      @all_config = yaml.exist? ? YAML.safe_load(ERB.new(yaml.read).result, [], [], true).to_h : {}
+      @all_config.deep_symbolize_keys!
+      @config = @all_config[:shared].to_h.deep_merge @all_config[env&.to_sym].to_h
+      @templates = @config[:templates]&.map { |name, config| Template.new(name, config) } || []
       configure_consul
       configure_vault
@@ -58,11 +61,11 @@ module Consult
     end
     def root(directory: nil)
-      @_root ||= directory ? Pathname.new(directory) : (!!defined?(Rails) && ::Rails.root)
+      @_root ||= directory ? Pathname.new(directory) : (defined?(::Rails) && ::Rails.root)
     end
     def env
-      @config[:env] || ENV['RAILS_ENV'] || Rails.env
+      @all_config[:env] || ENV['RAILS_ENV'] || (defined?(::Rails) && ::Rails.root)
     end
     # Return only the templates that are relevant for the current environment

data/lib/consult/template.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Consult
     end
     def should_render?
-      (@config[:environments] == 'all' || @config[:environments].include?(Consult.env)) && expired?
+      expired?
     end
     def expired?

data/lib/consult/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Consult
-  VERSION = '0.6.0'
+  VERSION = '0.7.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: consult
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Jeff Fraser
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-07-09 00:00:00.000000000 Z
+date: 2018-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -219,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: Manage consul/vault backed template files in Ruby.