consult 0.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 31a2190f1f1f38f5b2f674fa7d1ed91be5522d335e10c655f05493cbfdc056c3
+  data.tar.gz: 0c51acfbd537bb327f6360a4e6ef59fa8ec79b35c7326e421b14362f7a47d827
+SHA512:
+  metadata.gz: b68efe09e942c634da159734f792da61e9fe16dc288e95b3cfafa1c0392457998f4149d0a6c5c1748238ff7ac3bf1165e63c80ed2d956914a372e591dbfc1545
+  data.tar.gz: 14b46ab1dccee0d9739ec820ee94c89af221aedf83e5ec46f072df6fbe9b78c353cc603cd6274d68c8f5eafecde2adb20653c0ef322881843971d17465b209ef

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/spec/support/rendered/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,34 @@
+AllCops:
+  TargetRubyVersion: 2.4
+
+Metrics/LineLength:
+  Max: 117
+
+Metrics/MethodLength:
+  Max: 20
+
+Metrics/ClassLength:
+  Max: 400
+
+Metrics/AbcSize:
+  Max: 30
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*_spec.rb'
+    - 'test/**/*_test.rb'
+    - '*.gemspec'
+    - 'Gemfile'
+    - 'Guardfile'
+
+# Reserve space for blocks to visually distinguish blocks from hashes
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+
+# use 'raise' instead of 'fail'
+Style/SignalException:
+  EnforcedStyle: only_raise
+
+# mixed: Use slashes on single-line regexes, and %r on multi-line regexes.
+Style/RegexpLiteral:
+  EnforcedStyle: mixed

data/.travis.yml

@@ -0,0 +1,15 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.5.0
+  - 2.4.1
+
+services:
+  - docker
+
+before_install:
+  - gem install bundler -v 1.16.1
+  - docker pull consul
+  - docker pull vault
+  - docker run -d --name=dev-consul -p 8500:8500 consul
+  - docker run -d --name=dev-vault -p 8200:8200 --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=94e1a9ed-5d72-5677-27ab-ebc485cca368' vault

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in consult.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,106 @@
+PATH
+  remote: .
+  specs:
+    consult (0.5.0)
+      activesupport (> 4, < 6)
+      diplomat
+      vault
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.1.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    byebug (9.1.0)
+    coderay (1.1.2)
+    concurrent-ruby (1.0.5)
+    diff-lcs (1.3)
+    diplomat (2.0.2)
+      faraday (~> 0.9)
+      json
+    docile (1.1.5)
+    faraday (0.14.0)
+      multipart-post (>= 1.2, < 3)
+    ffi (1.9.18)
+    formatador (0.2.5)
+    guard (2.14.1)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    lumberjack (1.0.12)
+    method_source (0.9.0)
+    minitest (5.11.3)
+    multipart-post (2.0.0)
+    nenv (0.3.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rake (10.5.0)
+    rb-fsevent (0.10.2)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.0)
+    ruby_dep (1.5.0)
+    shellany (0.0.1)
+    simplecov (0.15.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    vault (0.10.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  byebug
+  consult!
+  guard
+  guard-rspec
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  simplecov
+
+BUNDLED WITH
+   1.16.1

data/Guardfile

@@ -0,0 +1,42 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features) \
+#  .select{|d| Dir.exists?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Fraser
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Procfile

@@ -0,0 +1,3 @@
+consul: consul agent -dev
+vault: vault server -dev -dev-root-token-id=94e1a9ed-5d72-5677-27ab-ebc485cca368
+#guard: bundle exec guard

data/README.md

@@ -0,0 +1,289 @@
+# Consult
+
+Render configuration and secrets from [Consul] and [Vault] with ERB templates.
+
+This gem is a spiritual sibling to [Consul Template], but specifically intended for use in Ruby or Rails environments. It does not have the same features as Consul Template; it is intended for simpler scenarios. Most importantly, leases and configuration changes are _not_ watched to automatically re-render. Consult is intended for more static or medium-to-long lived configuration.
+
+If this gem is included in a Rails, the template will render on Rails boot. Because of this, configuration or credential changes can be picked up by restarting your app.
+
+This gem is considered _beta_. At Veracross, we are just beginning to use it in staging environments.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'consult'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install consult
+
+## Usage
+
+Using Consult requires a configuration YAML file and a series of templates. The configuration file serves as a manifest of templates and their settings, along with optional connection settings to Vault and Consul.
+
+### Configuration
+
+```yaml
+# The environment you are operating it. Defaults to ENV['RAILS_ENV'] or Rails.env if Rails is present.
+env: test
+
+# Optional
+consul:
+  # Prefers `CONSUL_HTTP_ADDR` environment variable
+  address: http://0.0.0.0:8500
+  # Prefers `CONSUL_HTTP_TOKEN` environment variable, or a ~/.consul-token file.
+  # Setting a token here is not best practice because consul tokens should have a relatively short TTL
+  # and be read from the environment, but this is convenient for testing.
+  token: 5d3f1c66-d405-4ad1-b634-ea30be4fb539
+
+# Optional
+vault:
+  # Prefers `VAULT_ADDR` environment variable
+  address: http://0.0.0.0:8200
+  # Prefers `VAULT_TOKEN` environment variable, or a ~/.vault-token file
+  # Setting a token here is not best practice because vault tokens should have a relatively short TTL
+  # and be read from the environment, but this is convenient for testing.
+  token: 8fcd5aed-3eb9-412d-8923-1397af7aede2
+
+# Enumerate the templates.
+templates:
+  database:
+    # Relative paths are assumed to be in #{Rails.root}/config.
+    # Path to the template
+    path: templates/database.yml.erb
+    # Destination for the rendered template
+    dest: rendered/database.yml
+    # Which environments to render this template in
+    environments: all
+    # If the file is less than this old, do not re-render
+    ttl: 3600 # seconds
+
+  secrets:
+    path: templates/secrets.yml.erb
+    dest: rendered/secrets.yml
+    environments: test
+
+  should_be_excluded:
+    path: templates/fake.yml.erb
+    dest: rendered/fake.yml
+    environments: production # won't be rendered because it doesn't match `env` at the top
+```
+
+### Conventions
+
+Because you can use this to fetch secrets or render out things like `database.yml`, you should delete `secrets.yml` and `database.yml` from your app and add them to `.gitignore`. Only keep your templates in source control.
+
+### Templates
+
+Templates are ERB files, and as such can do anything ERB can do. However, Consult does provide a few helper functions.
+
+Note that under the hood, Consult is using [Diplomat](https://github.com/WeAreFarmGeek/diplomat) and the [Vault Gem](https://github.com/hashicorp/vault-ruby). Consul objects are therefore Diplomat objects, and likewise Vault objects are Vault Gem objects. See their API docs for more information. Diplomat generally returns structs with title cased properties.
+
+#### Consul Functions
+
+**service(name)** - Fetch the nodes for the specified service.
+
+```yaml
+<% service("redis").each do |node| %>
+host: <%= node.Address %>
+port: <%= node.ServicePort %>
+<% end %>
+```
+
+returns
+
+    host: redis1.local
+    port: 6379
+
+**query(name_or_id, options: nil)** - Execute the specified prepared Query by name or ID
+
+```ruby
+<% query('pg-production').tap do |result| %>
+  service: <%= result.Service %>
+  nodes:
+  <% result.Nodes.each do |node| %>
+    address: <%= node['Node']['Address']
+  <% end %>
+<% end %>
+```
+
+**query_nodes(name_or_id, options: nil)** - Return only the nodes from a prepared query
+
+```yml
+<% query_nodes('pg-production').each do |node| %>
+<%= node['Node'] %>:
+  host: <%= node['Address'] %>
+  datacenter: <%= node['Datacenter'] %>
+<% end %>
+```
+
+    pg1:
+      host: 10.0.100.101
+      datacenter: us-east-1
+    pg2:
+      host: 10.0.100.102
+      datacenter: us-east-2
+
+#### Vault Functions
+
+**secret(path)** - Fetch a secret at the given path.
+
+    username: <%= secret('secret/credentials').data[:username] %>
+
+yields
+
+    username: kylo.ren
+
+**secrets(path)** - List all secrets at the given path
+
+```ruby
+<% secrets('secret').each do |path| %>
+  <%= path %>
+<% end %>
+```
+
+yields
+
+    foo
+    bar
+    baz
+
+#### Utility Functions
+
+**timestamp** - Renders the current utc timestamp.
+
+    <%= timestamp %>
+
+renders
+
+    2018-02-23 14:20:29 UTC
+
+**indent(string, level, separator = '\n')** - Indents a multi-line string by `level`
+
+```yml
+keys:
+  multi_line: |
+<%= indent secret('secret/keys/multi_line).data[:value], 4 %>
+```
+
+renders
+
+```yml
+keys:
+  multi_line: |
+    30ada39cccf79aadbd1d870bc15f0086
+    7ea8d734e81e9c6710faa15b0aff516c
+    27778ab3b1e10db2028352f12c3c07bb
+    e7ec40d1e45834681b4dc3548230d1ca
+```
+
+**with(whatever)** - takes `whatever` and yields it back. Equivalent to `tap`, but provided as a bridge from [Consul Template]/Go template conventions.
+
+```yml
+<% with secret "secrets/credentials" do |s| %>
+username: <%= s.data[:username] %>
+password: <%= s.data[:password] %>
+<% end %>
+```
+
+#### More Full Examples
+
+Render multiple servers into a database.yml file, keyed by their name.
+
+```yml
+# database.yml.erb
+<% service("postgres").each do |node| %>
+'<%= node.Node %>':
+  host: <%= node.Address %>
+  port: <%= node.ServicePort %>
+  <%- with secret "secret/base/sql-server/#{node.Node}/web" do |s| -%>
+  # Credential lease good until <%= (timestamp + s.lease_duration).to_s %>
+  username: <%= s.data[:username] %>
+  password: <%= s.data[:password] %>
+  <% end -%>
+<% end %>
+```
+
+Yields something like
+
+```yml
+# database.yml
+'db1':
+  host: 10.0.100.101
+  port: 5432
+  # Credential lease good until 2018-02-24 16:08:29 UTC
+  username: foo
+  password: bar
+'db2':
+  host: 10.0.100.102
+  port: 5432
+  # Credential lease good until 2018-02-24 16:08:29 UTC
+  username: baz
+  password: qux
+```
+
+#### Secrets
+
+```yml
+# secrets.yml.erb
+shared:
+  rollbar_token: <%= secret('secrets/third_party').data[:rollbar] %>
+  scout_token: <%= secret('secrets/third_party').data[:scout] %>
+
+development:
+  secret_key_base: abcd1234....
+
+production:
+  secret_key_base: <%= secret('secret/apps/myapp').data[:secret_key_base] %>
+```
+
+Then reference secrets in your app with `Rails.application.secrets`.
+
+```ruby
+# config/intiializers/rollbar.rb
+Rollbar.configure do |config|
+  config.access_token = Rails.application.secrets.rollbar_token
+end
+```
+
+## Why we built this
+
+We use [Consul Template] for server-level configuration, but application level configuration is more tricky. It is difficult to solve the problem of fetching secrets and config in a consistent way in both development and production. We wanted to avoid having [Consul Template] in use in production, but some other custom solution in development.
+
+Using this gem, the implementation is the same in dev and prod, and it is frictionless since the templates render when Rails boots.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment. See below for testing instructions.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+### Testing
+
+Testing is easiest by running Consul and Vault in Docker. Just boot up their minimal containers:
+
+    $ docker pull consul
+    $ docker pull vault
+    $ docker run -d --name=dev-consul -p 8500:8500 consul
+    $ docker run -d --name=dev-vault -p 8200:8200 --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=94e1a9ed-5d72-5677-27ab-ebc485cca368' vault
+
+Then run `bundle exec rspec`, or `bundle exec guard`.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/veracross/consult.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+[Vault]: https://github.com/hashicorp/vault
+[Consul]: https://github.com/hashicorp/consul
+[Consul Template]: https://github.com/hashicorp/consul-template

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'consult'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+Consult.load config_dir: 'spec/support'
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require 'pry'
+Pry.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+# Do any other automated setup that you need to do here

data/consult.gemspec

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'consult/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'consult'
+  spec.version       = Consult::VERSION
+  spec.authors       = ['Jeff Fraser']
+  spec.email         = ['jeff.fraser@veracross.com']
+
+  spec.summary       = 'Manage consul/vault backed template files in Ruby.'
+  spec.description   = 'Manage consul/vault backed template files in Ruby.'
+  spec.homepage      = 'https://github.com/veracross/consult'
+  spec.license       = 'MIT'
+
+  spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'activesupport', '> 4', '< 6'
+  spec.add_dependency 'diplomat'
+  spec.add_dependency 'vault'
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'simplecov'
+end

data/lib/consult.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'pathname'
+require 'yaml'
+require 'active_support/core_ext/hash'
+require 'erb'
+require 'vault'
+require 'diplomat'
+
+require 'consult/version'
+require 'consult/utilities'
+require 'consult/template'
+
+module Consult
+  @config = {}
+  @templates = []
+
+  CONSUL_DISK_TOKEN = Pathname.new("#{Dir.home}/.consul-token").freeze
+
+  class << self
+    attr_reader :config, :templates
+
+    def load(config_dir: nil)
+      root directory: config_dir
+      yaml = root.join('config', 'consult.yml')
+      @config = yaml.exist? ? YAML.safe_load(ERB.new(yaml.read).result, [], [], true) : {}
+      @config.deep_symbolize_keys!
+      @templates = @config[:templates]&.map { |name, config| Template.new(name, config) }
+
+      configure_consul
+      configure_vault
+    end
+
+    def configure_consul
+      @config[:consul] ||= {}
+
+      # We map conventional `address` and `token` params to Diplomat's unconventional `url` and `acl_token` settings
+      # Additionally: prefer env vars over explicit config
+      configured_address = @config[:consul].delete(:address)
+      @config[:consul][:url] = ENV['CONSUL_HTTP_ADDR'] || configured_address || @config[:consul][:url]
+      @config[:consul][:acl_token] = consul_token
+
+      Diplomat.configure do |c|
+        @config[:consul].each do |opt, val|
+          c.send "#{opt}=".to_sym, val
+        end
+      end
+    end
+
+    def configure_vault
+      return unless @config.key? :vault
+
+      Vault.configure do |c|
+        @config[:vault].each do |opt, val|
+          c.send "#{opt}=".to_sym, val
+        end
+      end
+    end
+
+    def root(directory: nil)
+      @_root ||= directory ? Pathname.new(directory) : (!!defined?(Rails) && ::Rails.root)
+    end
+
+    def env
+      @config[:env] || ENV['RAILS_ENV'] || Rails.env
+    end
+
+    # Return only the templates that are relevant for the current environment
+    def active_templates
+      templates.select(&:should_render?)
+    end
+
+    # Render templates.
+    def render!
+      active_templates.each(&:render)
+    end
+
+    # Map more conventional `token` parameter to Diplomat's `acl_token` configuration.
+    # Additionally, we support ~/.consul-token, similar to Vault's support for ~/.vault-token
+    def consul_token
+      ENV['CONSUL_HTTP_TOKEN'] ||
+        @config[:consul].delete(:token) ||
+        @config[:consul][:acl_token] ||
+        CONSUL_DISK_TOKEN.read.chomp
+    end
+  end
+end
+
+require 'consult/rails/engine' if defined?(Rails)

data/lib/consult/rails/engine.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Consult
+  module Rails
+    # When using Rails, this will render your templates
+    # on app boot.
+    class Railtie < ::Rails::Railtie
+      config.before_configuration do
+        Consult.load
+        Consult.render!
+      end
+    end
+  end
+end

data/lib/consult/template.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'consult/template_functions'
+
+module Consult
+  class Template
+    include Utilities
+    include TemplateFunctions
+
+    attr_reader :name, :config
+
+    def initialize(name, config)
+      @name = name
+      @config = config
+    end
+
+    def render(save: true)
+      renderer = ERB.new(File.read(path, encoding: 'utf-8'), nil, '-')
+      result = renderer.result(binding)
+
+      File.open(dest, 'w') { |f| f << result } if save
+      result
+    rescue StandardError => e
+      puts "Error rendering template: #{name}"
+      raise e
+    end
+
+    def path
+      resolve @config.fetch(:path)
+    end
+
+    def dest
+      resolve @config.fetch(:dest)
+    end
+
+    def should_render?
+      (@config[:environments] == 'all' || @config[:environments].include?(Consult.env)) && expired?
+    end
+
+    def expired?
+      # Treat renders as expired if a TTL isn't set, or it has never been rendered before
+      return true if !config.key?(:ttl) || !dest.exist?
+      dest.mtime < (Time.now - @config[:ttl].to_i)
+    end
+  end
+end

data/lib/consult/template_functions.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Consult
+  module TemplateFunctions
+    ############
+    # Vault
+    ############
+    def secret(path)
+      Vault.logical.read(path)
+    end
+
+    def secrets(path)
+      Vault.logical.list(path)
+    end
+
+    ############
+    # Consul
+    ############
+    def service(key, scope: :all, options: nil, meta: nil)
+      Diplomat::Service.get(key, scope, options, meta)
+    end
+
+    # Execute a prepared query
+    def query(name_or_id, options: nil)
+      Diplomat::Query.execute(name_or_id, options)
+    end
+
+    # Return just the nodes from a prepared query
+    def query_nodes(*args)
+      query(*args)&.Nodes&.map { |node| node['Node'] }
+    end
+
+    ############
+    # Utility
+    ############
+    # Provided as a bridge to consul-template/go conventions. Simply yields
+    # back whatever was provided.
+    def with(whatever)
+      yield whatever
+    end
+
+    def timestamp
+      Time.now.utc
+    end
+
+    # Indent a multi-line string by the provided amount.
+    def indent(string, level, separator = "\n")
+      string.split(separator).map do |line|
+        ' ' * level + line
+      end.join(separator)
+    end
+  end
+end

data/lib/consult/utilities.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Consult
+  module Utilities
+    def resolve(path)
+      pathname = Pathname.new(path)
+      pathname.relative? ? Consult.root.join(pathname) : pathname
+    end
+  end
+end

data/lib/consult/version.rb

@@ -0,0 +1,3 @@
+module Consult
+  VERSION = '0.5.0'
+end

metadata

@@ -0,0 +1,225 @@
+--- !ruby/object:Gem::Specification
+name: consult
+version: !ruby/object:Gem::Version
+  version: 0.5.0
+platform: ruby
+authors:
+- Jeff Fraser
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-02-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: diplomat
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Manage consul/vault backed template files in Ruby.
+email:
+- jeff.fraser@veracross.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.txt
+- Procfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- consult.gemspec
+- lib/consult.rb
+- lib/consult/rails/engine.rb
+- lib/consult/template.rb
+- lib/consult/template_functions.rb
+- lib/consult/utilities.rb
+- lib/consult/version.rb
+homepage: https://github.com/veracross/consult
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Manage consul/vault backed template files in Ruby.
+test_files: []