consult 0.6.0 → 0.7.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: aa590a02bf4aceb2c3b04e21c5737d1b7e86160db8cb1251c79dcf612eba6e9f
4
- data.tar.gz: 29e80de8a03c8c52eb156dcabaed67b43bad22997e6c3532994d177afce5d4b0
2
+ SHA1:
3
+ metadata.gz: 1e1427b4b6792bfd9723be2d22edacda36e0349e
4
+ data.tar.gz: a993feb5698c03865b75ce377ea0c8222d256672
5
5
  SHA512:
6
- metadata.gz: 8d6aebe85871c232f97e9b760c811b18e98488149214fe9c7b3f618b601e69323ba6f2c30ff270afd6d68a5783492407cbc1446e455efccc1d031c0a880a3a44
7
- data.tar.gz: 532d19aaf161adb255f1179958814d03f1d9ced811c4405dcd2f66244589aa58c08e83583b84720feb6a8d6187f3a991076d7d4524c81b27bcddaf38716354e3
6
+ metadata.gz: b9e9b8cef692b5713baaa1cbd0267c00041ac17e2499c3a5b217d816abdb869ff14e05f36ad218c10ca23cb6cf28ab66c0a33244ab095a976591262e8de777d4
7
+ data.tar.gz: 5488c26112399997e8818345aad315a711b5cd09759bbbeaba2e076846bae36a0795def1af07293c4e6616a15a501e5023e3494713f346158e1439c490186362
data/CHANGELOG.md CHANGED
@@ -1,7 +1,12 @@
1
- # 0.6.0
1
+ #### 0.7.0
2
+
3
+ * consult.yml configuration structure has changed, to enable environment specific configuration blocks (see readme for example)
4
+ * Improve safety around edge cases
5
+
6
+ #### 0.6.0
2
7
 
3
8
  * Fixed tests to account for versioned key-value stores in Vault 0.10+
4
9
 
5
- # 0.5.0
10
+ #### 0.5.0
6
11
 
7
12
  Initial release.
data/README.md CHANGED
@@ -1,14 +1,18 @@
1
1
  # Consult
2
2
 
3
+ Generate configuration and secrets for Rails apps automatically from [Consul](https://github.com/hashicorp/consul) & [Vault](https://github.com/hashicorp/vault).
4
+
3
5
  [![Gem Version](https://badge.fury.io/rb/consult.svg)](https://badge.fury.io/rb/consult)
4
6
  [![Build Status](https://travis-ci.org/veracross/consult.svg?branch=master)](https://travis-ci.org/veracross/consult)
5
7
  [![Maintainability](https://api.codeclimate.com/v1/badges/d7b048b7edd9f27c83b9/maintainability)](https://codeclimate.com/github/veracross/consult/maintainability)
6
8
 
7
- Render configuration and secrets from [Consul] and [Vault] with ERB templates.
9
+ ## Background
10
+
11
+ This gem is a spiritual sibling to [Consul Template](https://github.com/hashicorp/consul-template), but specifically intended for use in Ruby/Rails environments. It does not have the same features as Consul Template; it is intended for simpler scenarios. Most importantly, leases and configuration changes are _not_ watched to automatically re-render. Consult is intended for more static or medium-to-long lived application configuration.
8
12
 
9
- This gem is a spiritual sibling to [Consul Template], but specifically intended for use in Ruby or Rails environments. It does not have the same features as Consul Template; it is intended for simpler scenarios. Most importantly, leases and configuration changes are _not_ watched to automatically re-render. Consult is intended for more static or medium-to-long lived configuration.
13
+ We use Consul Template for server level configuration, but application level configuration is more tricky. It is difficult to solve the problem of fetching configuration and secrets in a consistent way in development, staging, and production. For example, we wanted to avoid having Consul Template used in production, but some other custom solution in development.
10
14
 
11
- If this gem is included in a Rails, the template will render on Rails boot. Because of this, configuration or credential changes can be picked up by restarting your app.
15
+ With Consult the process is the same in all environments.
12
16
 
13
17
  This gem is considered _beta_. At Veracross, we are just beginning to use it in staging environments.
14
18
 
@@ -30,63 +34,73 @@ Or install it yourself as:
30
34
 
31
35
  ## Usage
32
36
 
33
- Using Consult requires a configuration YAML file and a series of templates. The configuration file serves as a manifest of templates and their settings, along with optional connection settings to Vault and Consul.
37
+ Using Consult requires a configuration YAML file and a series of template files. The configuration file serves as a manifest of templates and their settings, along with optional connection settings to Vault and Consul.
38
+
39
+ Pre-existing copies of files generated by Consult (such as `secrets.yml`, `database.yml`, etc) should be removed from your app's source control and added to your `.gitignore`. Only keep your templates in source control, not the generated files!
40
+
41
+ If this gem is included in a Rails, the templates will render on Rails boot. Configuration or credential changes can be picked up by restarting your app.
34
42
 
35
43
  ### Configuration
36
44
 
37
45
  ```yaml
38
- # The environment you are operating it. Defaults to ENV['RAILS_ENV'] or Rails.env if Rails is present.
46
+ # Optional; Consult will render this specific environment, if set
47
+ # Defaults to ENV['RAILS_ENV'] or Rails.env if Rails is present
39
48
  env: test
40
49
 
41
- # Optional
42
- consul:
43
- # Prefers `CONSUL_HTTP_ADDR` environment variable
44
- address: http://0.0.0.0:8500
45
- # Prefers `CONSUL_HTTP_TOKEN` environment variable, or a ~/.consul-token file.
46
- # Setting a token here is not best practice because consul tokens should have a relatively short TTL
47
- # and be read from the environment, but this is convenient for testing.
48
- token: 5d3f1c66-d405-4ad1-b634-ea30be4fb539
49
-
50
- # Optional
51
- vault:
52
- # Prefers `VAULT_ADDR` environment variable
53
- address: http://0.0.0.0:8200
54
- # Prefers `VAULT_TOKEN` environment variable, or a ~/.vault-token file
55
- # Setting a token here is not best practice because vault tokens should have a relatively short TTL
56
- # and be read from the environment, but this is convenient for testing.
57
- token: 8fcd5aed-3eb9-412d-8923-1397af7aede2
58
-
59
- # Enumerate the templates.
60
- templates:
61
- database:
62
- # Relative paths are assumed to be in #{Rails.root}.
63
- # Path to the template
64
- path: config/templates/database.yml.erb
65
- # Destination for the rendered template
66
- dest: config/database.yml
67
- # Which environments to render this template in
68
- environments: all
69
- # If the file is less than this old, do not re-render
70
- ttl: 3600 # seconds
71
-
72
- secrets:
73
- path: config/templates/secrets.yml.erb
74
- dest: config/secrets.yml
75
- environments: test
76
-
77
- should_be_excluded:
78
- path: config/templates/fake.yml.erb
79
- dest: config/fake.yml
80
- environments: production # won't be rendered because it doesn't match `env` at the top
81
- ```
82
-
83
- ### Conventions
50
+ # "shared" is the base configuration used for all environments by default
51
+ # note: you do NOT need to use yaml merge syntax to have shared configuration included for specific environments
52
+ shared:
53
+ # Optional
54
+ consul:
55
+ # Prefers `CONSUL_HTTP_ADDR` environment variable
56
+ address: http://0.0.0.0:8500
57
+ # Prefers `CONSUL_HTTP_TOKEN` environment variable, or a ~/.consul-token file.
58
+ # Setting a token here is not best practice because consul tokens should have a relatively short TTL
59
+ # and be read from the environment, but this is convenient for testing.
60
+ token: 5d3f1c66-d405-4ad1-b634-ea30be4fb539
61
+
62
+ # Optional
63
+ vault:
64
+ # Prefers `VAULT_ADDR` environment variable
65
+ address: http://0.0.0.0:8200
66
+ # Prefers `VAULT_TOKEN` environment variable, or a ~/.vault-token file
67
+ # Setting a token here is not best practice because vault tokens should have a relatively short TTL
68
+ # and be read from the environment, but this is convenient for testing.
69
+ token: 8fcd5aed-3eb9-412d-8923-1397af7aede2
70
+
71
+ # Enumerate the templates.
72
+ templates:
73
+ database:
74
+ # Relative paths are assumed to be in #{Rails.root}.
75
+ # Path to the template
76
+ path: config/templates/database.yml
77
+ # Destination for the rendered template
78
+ dest: config/database.yml
79
+ # If the file is less than this old, do not re-render
80
+ ttl: 3600 # seconds
81
+
82
+ # environment specific configuration
83
+ # NOTE: environment keys will be deep merged with the "shared" configuration
84
+ test:
85
+ templates:
86
+ secrets:
87
+ path: config/templates/secrets.yml
88
+ dest: config/secrets.yml
84
89
 
85
- Because you can use this to fetch secrets or render out things like `database.yml`, you should delete `secrets.yml` and `database.yml` from your app and add them to `.gitignore`. Only keep your templates in source control.
90
+ production:
91
+ # example: override vault token in production
92
+ vault:
93
+ token: 1397af7aede2-8923-412d-3eb9-8fcd5aed
94
+ templates:
95
+ # excluded from non-production environments
96
+ should_be_excluded:
97
+ path: config/templates/fake.yml
98
+ dest: config/fake.yml
99
+ ```
86
100
 
87
101
  ### Templates
88
102
 
89
- Templates are ERB files, and as such can do anything ERB can do. However, Consult does provide a few helper functions.
103
+ Templates files are processed with ERB. As such, they can do anything ERB can do. Consult also provides a few helper functions.
90
104
 
91
105
  Note that under the hood, Consult is using [Diplomat](https://github.com/WeAreFarmGeek/diplomat) and the [Vault Gem](https://github.com/hashicorp/vault-ruby). Consul objects are therefore Diplomat objects, and likewise Vault objects are Vault Gem objects. See their API docs for more information. Diplomat generally returns structs with title cased properties.
92
106
 
@@ -203,10 +217,10 @@ password: <%= s.data[:password] %>
203
217
 
204
218
  #### More Full Examples
205
219
 
206
- Render multiple servers into a database.yml file, keyed by their name.
220
+ Render multiple servers into a `database.yml` file, keyed by their name.
207
221
 
208
222
  ```yml
209
- # database.yml.erb
223
+ # database.yml
210
224
  <% service("postgres").each do |node| %>
211
225
  '<%= node.Node %>':
212
226
  host: <%= node.Address %>
@@ -240,7 +254,7 @@ Yields something like
240
254
  #### Secrets
241
255
 
242
256
  ```yml
243
- # secrets.yml.erb
257
+ # secrets.yml
244
258
  shared:
245
259
  rollbar_token: <%= secret('secrets/third_party').data[:rollbar] %>
246
260
  scout_token: <%= secret('secrets/third_party').data[:scout] %>
@@ -261,12 +275,6 @@ Rollbar.configure do |config|
261
275
  end
262
276
  ```
263
277
 
264
- ## Why we built this
265
-
266
- We use [Consul Template] for server-level configuration, but application level configuration is more tricky. It is difficult to solve the problem of fetching secrets and config in a consistent way in both development and production. We wanted to avoid having [Consul Template] in use in production, but some other custom solution in development.
267
-
268
- Using this gem, the implementation is the same in dev and prod, and it is frictionless since the templates render when Rails boots.
269
-
270
278
  ## Development
271
279
 
272
280
  After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment. See below for testing instructions.
@@ -288,7 +296,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/veracr
288
296
  ## License
289
297
 
290
298
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
291
-
292
- [Vault]: https://github.com/hashicorp/vault
293
- [Consul]: https://github.com/hashicorp/consul
294
- [Consul Template]: https://github.com/hashicorp/consul-template
data/bin/console CHANGED
File without changes
data/bin/setup CHANGED
File without changes
data/lib/consult.rb CHANGED
@@ -23,9 +23,12 @@ module Consult
23
23
  def load(config_dir: nil)
24
24
  root directory: config_dir
25
25
  yaml = root.join('config', 'consult.yml')
26
- @config = yaml.exist? ? YAML.safe_load(ERB.new(yaml.read).result, [], [], true) : {}
27
- @config.deep_symbolize_keys!
28
- @templates = @config[:templates]&.map { |name, config| Template.new(name, config) }
26
+
27
+ @all_config = yaml.exist? ? YAML.safe_load(ERB.new(yaml.read).result, [], [], true).to_h : {}
28
+ @all_config.deep_symbolize_keys!
29
+
30
+ @config = @all_config[:shared].to_h.deep_merge @all_config[env&.to_sym].to_h
31
+ @templates = @config[:templates]&.map { |name, config| Template.new(name, config) } || []
29
32
 
30
33
  configure_consul
31
34
  configure_vault
@@ -58,11 +61,11 @@ module Consult
58
61
  end
59
62
 
60
63
  def root(directory: nil)
61
- @_root ||= directory ? Pathname.new(directory) : (!!defined?(Rails) && ::Rails.root)
64
+ @_root ||= directory ? Pathname.new(directory) : (defined?(::Rails) && ::Rails.root)
62
65
  end
63
66
 
64
67
  def env
65
- @config[:env] || ENV['RAILS_ENV'] || Rails.env
68
+ @all_config[:env] || ENV['RAILS_ENV'] || (defined?(::Rails) && ::Rails.root)
66
69
  end
67
70
 
68
71
  # Return only the templates that are relevant for the current environment
@@ -34,7 +34,7 @@ module Consult
34
34
  end
35
35
 
36
36
  def should_render?
37
- (@config[:environments] == 'all' || @config[:environments].include?(Consult.env)) && expired?
37
+ expired?
38
38
  end
39
39
 
40
40
  def expired?
@@ -1,3 +1,3 @@
1
1
  module Consult
2
- VERSION = '0.6.0'
2
+ VERSION = '0.7.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: consult
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Fraser
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-07-09 00:00:00.000000000 Z
11
+ date: 2018-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -219,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
219
219
  version: '0'
220
220
  requirements: []
221
221
  rubyforge_project:
222
- rubygems_version: 2.7.3
222
+ rubygems_version: 2.6.14
223
223
  signing_key:
224
224
  specification_version: 4
225
225
  summary: Manage consul/vault backed template files in Ruby.