From 73b126976ad7843eb47a84944cf191bf05b14216 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Tue, 9 Oct 2012 00:05:44 -0700
Subject: fixed paths

---
 DEVNOTES                                           |  69 +++++++
 Gemfile                                            |   2 +
 Gemfile.lock                                       |  22 +++
 README.md                                          | 133 +++++++++++++-
 Rakefile                                           |  44 +++++
 bin/leap                                           |  64 +++++++
 cli/DEVNOTES                                       |  97 ----------
 cli/Gemfile                                        |   2 -
 cli/Gemfile.lock                                   |  22 ---
 cli/README.md                                      | 132 --------------
 cli/Rakefile                                       |  44 -----
 cli/bin/leap                                       |  64 -------
 cli/leap_cli.gemspec                               |  45 -----
 cli/leap_cli.rdoc                                  |   5 -
 cli/lib/leap_cli.rb                                |  19 --
 cli/lib/leap_cli/commands/README                   | 101 -----------
 cli/lib/leap_cli/commands/compile.rb               |  15 --
 cli/lib/leap_cli/commands/deploy.rb                |  20 ---
 cli/lib/leap_cli/commands/init.rb                  |  24 ---
 cli/lib/leap_cli/commands/list.rb                  |  61 -------
 cli/lib/leap_cli/commands/pre.rb                   |  38 ----
 cli/lib/leap_cli/config.rb                         | 119 ------------
 cli/lib/leap_cli/config_list.rb                    |  77 --------
 cli/lib/leap_cli/config_manager.rb                 | 200 ---------------------
 cli/lib/leap_cli/init.rb                           |  74 --------
 cli/lib/leap_cli/log.rb                            |  44 -----
 cli/lib/leap_cli/path.rb                           |  79 --------
 cli/lib/leap_cli/version.rb                        |   3 -
 cli/test/default_test.rb                           |  14 --
 cli/test/provider/common.json                      |  11 --
 cli/test/provider/files/ca/ca.crt                  |  24 ---
 cli/test/provider/files/ca/ca.key                  |  41 -----
 .../files/public-definitions/provider.json.erb     |   0
 cli/test/provider/files/vpn1/vpn1.rewire.co.crt    |  26 ---
 cli/test/provider/files/vpn1/vpn1.rewire.co.key    |  41 -----
 cli/test/provider/hiera/couch1.rewire.yaml         |   8 -
 cli/test/provider/hiera/couch2.rewire.yaml         |   8 -
 cli/test/provider/hiera/ns1.rewire.yaml            |  25 ---
 cli/test/provider/hiera/ns2.rewire.yaml            |  25 ---
 cli/test/provider/hiera/vpn1.rewire.yaml           | 158 ----------------
 cli/test/provider/hiera/web1.rewire.yaml           |  16 --
 cli/test/provider/nodes/couch1.json                |   4 -
 cli/test/provider/nodes/couch2.json                |   4 -
 cli/test/provider/nodes/ns1.json                   |   8 -
 cli/test/provider/nodes/ns2.json                   |   8 -
 cli/test/provider/nodes/vpn1.json                  |   8 -
 cli/test/provider/nodes/web1.json                  |   4 -
 cli/test/provider/provider.json                    |  13 --
 cli/test/provider/services/couchdb.json            |   3 -
 cli/test/provider/services/dns.json                |   6 -
 cli/test/provider/services/openvpn.json            |  11 --
 cli/test/provider/services/webapp.json             |   7 -
 cli/test/provider/tags/production.json             |   3 -
 cli/test/test_helper.rb                            |   9 -
 leap_cli.gemspec                                   |  45 +++++
 leap_cli.rdoc                                      |   5 +
 lib/leap_cli.rb                                    |  19 ++
 lib/leap_cli/commands/README                       | 101 +++++++++++
 lib/leap_cli/commands/compile.rb                   |  15 ++
 lib/leap_cli/commands/deploy.rb                    |  20 +++
 lib/leap_cli/commands/init.rb                      |  24 +++
 lib/leap_cli/commands/list.rb                      |  61 +++++++
 lib/leap_cli/commands/pre.rb                       |  38 ++++
 lib/leap_cli/config.rb                             | 119 ++++++++++++
 lib/leap_cli/config_list.rb                        |  77 ++++++++
 lib/leap_cli/config_manager.rb                     | 200 +++++++++++++++++++++
 lib/leap_cli/init.rb                               |  74 ++++++++
 lib/leap_cli/log.rb                                |  44 +++++
 lib/leap_cli/path.rb                               |  79 ++++++++
 lib/leap_cli/version.rb                            |   3 +
 test/default_test.rb                               |  14 ++
 test/provider/common.json                          |  11 ++
 test/provider/files/ca/ca.crt                      |  24 +++
 test/provider/files/ca/ca.key                      |  41 +++++
 .../files/public-definitions/provider.json.erb     |   0
 test/provider/files/vpn1/vpn1.rewire.co.crt        |  26 +++
 test/provider/files/vpn1/vpn1.rewire.co.key        |  41 +++++
 test/provider/hiera/couch1.rewire.yaml             |   8 +
 test/provider/hiera/couch2.rewire.yaml             |   8 +
 test/provider/hiera/ns1.rewire.yaml                |  25 +++
 test/provider/hiera/ns2.rewire.yaml                |  25 +++
 test/provider/hiera/vpn1.rewire.yaml               | 158 ++++++++++++++++
 test/provider/hiera/web1.rewire.yaml               |  16 ++
 test/provider/nodes/couch1.json                    |   4 +
 test/provider/nodes/couch2.json                    |   4 +
 test/provider/nodes/ns1.json                       |   8 +
 test/provider/nodes/ns2.json                       |   8 +
 test/provider/nodes/vpn1.json                      |   8 +
 test/provider/nodes/web1.json                      |   4 +
 test/provider/provider.json                        |  13 ++
 test/provider/services/couchdb.json                |   3 +
 test/provider/services/dns.json                    |   6 +
 test/provider/services/openvpn.json                |  11 ++
 test/provider/services/webapp.json                 |   7 +
 test/provider/tags/production.json                 |   3 +
 test/test_helper.rb                                |   9 +
 96 files changed, 1742 insertions(+), 1771 deletions(-)
 create mode 100644 DEVNOTES
 create mode 100644 Gemfile
 create mode 100644 Gemfile.lock
 create mode 100644 Rakefile
 create mode 100755 bin/leap
 delete mode 100644 cli/DEVNOTES
 delete mode 100644 cli/Gemfile
 delete mode 100644 cli/Gemfile.lock
 delete mode 100644 cli/README.md
 delete mode 100644 cli/Rakefile
 delete mode 100755 cli/bin/leap
 delete mode 100644 cli/leap_cli.gemspec
 delete mode 100644 cli/leap_cli.rdoc
 delete mode 100644 cli/lib/leap_cli.rb
 delete mode 100644 cli/lib/leap_cli/commands/README
 delete mode 100644 cli/lib/leap_cli/commands/compile.rb
 delete mode 100644 cli/lib/leap_cli/commands/deploy.rb
 delete mode 100644 cli/lib/leap_cli/commands/init.rb
 delete mode 100644 cli/lib/leap_cli/commands/list.rb
 delete mode 100644 cli/lib/leap_cli/commands/pre.rb
 delete mode 100644 cli/lib/leap_cli/config.rb
 delete mode 100644 cli/lib/leap_cli/config_list.rb
 delete mode 100644 cli/lib/leap_cli/config_manager.rb
 delete mode 100644 cli/lib/leap_cli/init.rb
 delete mode 100644 cli/lib/leap_cli/log.rb
 delete mode 100644 cli/lib/leap_cli/path.rb
 delete mode 100644 cli/lib/leap_cli/version.rb
 delete mode 100644 cli/test/default_test.rb
 delete mode 100644 cli/test/provider/common.json
 delete mode 100644 cli/test/provider/files/ca/ca.crt
 delete mode 100644 cli/test/provider/files/ca/ca.key
 delete mode 100644 cli/test/provider/files/public-definitions/provider.json.erb
 delete mode 100644 cli/test/provider/files/vpn1/vpn1.rewire.co.crt
 delete mode 100644 cli/test/provider/files/vpn1/vpn1.rewire.co.key
 delete mode 100644 cli/test/provider/hiera/couch1.rewire.yaml
 delete mode 100644 cli/test/provider/hiera/couch2.rewire.yaml
 delete mode 100644 cli/test/provider/hiera/ns1.rewire.yaml
 delete mode 100644 cli/test/provider/hiera/ns2.rewire.yaml
 delete mode 100644 cli/test/provider/hiera/vpn1.rewire.yaml
 delete mode 100644 cli/test/provider/hiera/web1.rewire.yaml
 delete mode 100644 cli/test/provider/nodes/couch1.json
 delete mode 100644 cli/test/provider/nodes/couch2.json
 delete mode 100644 cli/test/provider/nodes/ns1.json
 delete mode 100644 cli/test/provider/nodes/ns2.json
 delete mode 100644 cli/test/provider/nodes/vpn1.json
 delete mode 100644 cli/test/provider/nodes/web1.json
 delete mode 100644 cli/test/provider/provider.json
 delete mode 100644 cli/test/provider/services/couchdb.json
 delete mode 100644 cli/test/provider/services/dns.json
 delete mode 100644 cli/test/provider/services/openvpn.json
 delete mode 100644 cli/test/provider/services/webapp.json
 delete mode 100644 cli/test/provider/tags/production.json
 delete mode 100644 cli/test/test_helper.rb
 create mode 100644 leap_cli.gemspec
 create mode 100644 leap_cli.rdoc
 create mode 100644 lib/leap_cli.rb
 create mode 100644 lib/leap_cli/commands/README
 create mode 100644 lib/leap_cli/commands/compile.rb
 create mode 100644 lib/leap_cli/commands/deploy.rb
 create mode 100644 lib/leap_cli/commands/init.rb
 create mode 100644 lib/leap_cli/commands/list.rb
 create mode 100644 lib/leap_cli/commands/pre.rb
 create mode 100644 lib/leap_cli/config.rb
 create mode 100644 lib/leap_cli/config_list.rb
 create mode 100644 lib/leap_cli/config_manager.rb
 create mode 100644 lib/leap_cli/init.rb
 create mode 100644 lib/leap_cli/log.rb
 create mode 100644 lib/leap_cli/path.rb
 create mode 100644 lib/leap_cli/version.rb
 create mode 100644 test/default_test.rb
 create mode 100644 test/provider/common.json
 create mode 100644 test/provider/files/ca/ca.crt
 create mode 100644 test/provider/files/ca/ca.key
 create mode 100644 test/provider/files/public-definitions/provider.json.erb
 create mode 100644 test/provider/files/vpn1/vpn1.rewire.co.crt
 create mode 100644 test/provider/files/vpn1/vpn1.rewire.co.key
 create mode 100644 test/provider/hiera/couch1.rewire.yaml
 create mode 100644 test/provider/hiera/couch2.rewire.yaml
 create mode 100644 test/provider/hiera/ns1.rewire.yaml
 create mode 100644 test/provider/hiera/ns2.rewire.yaml
 create mode 100644 test/provider/hiera/vpn1.rewire.yaml
 create mode 100644 test/provider/hiera/web1.rewire.yaml
 create mode 100644 test/provider/nodes/couch1.json
 create mode 100644 test/provider/nodes/couch2.json
 create mode 100644 test/provider/nodes/ns1.json
 create mode 100644 test/provider/nodes/ns2.json
 create mode 100644 test/provider/nodes/vpn1.json
 create mode 100644 test/provider/nodes/web1.json
 create mode 100644 test/provider/provider.json
 create mode 100644 test/provider/services/couchdb.json
 create mode 100644 test/provider/services/dns.json
 create mode 100644 test/provider/services/openvpn.json
 create mode 100644 test/provider/services/webapp.json
 create mode 100644 test/provider/tags/production.json
 create mode 100644 test/test_helper.rb

diff --git a/DEVNOTES b/DEVNOTES
new file mode 100644
index 0000000..64e0210
--- /dev/null
+++ b/DEVNOTES
@@ -0,0 +1,69 @@
+Features to add
+==========================
+
+templates
+--------------------
+
+templates for nodes and services stored in leap_platform
+
+commands:
+
+    leap add-service   # menu of services, copies from the template
+    leap add-node      # you pick a service among those enabled, then it copies template
+
+deploy
+---------------------
+
+    leap bootstrap
+    leap dryrun
+    leap deploy
+
+key management
+-------------------------
+
+    leap add-ssh-keypair
+    leap add-x509-keypair
+
+json validation
+------------------------
+
+json validation
+http://www.kuwata-lab.com/kwalify/ruby/users-guide.html
+
+
+useful liberaries
+================================
+
+notes to myself
+
+user interaction
+  readline
+  highline
+  terminal-tables
+  rainbow
+  http://stackoverflow.com/questions/9577718/what-ruby-libraries-should-i-use-for-building-a-console-based-application
+
+testing
+  aruba -- test for cli
+
+help
+  gem-man -- install man pages with gems
+  ronn -- write man pages in markdown
+
+push examples
+  https://github.com/net-ssh/net-ssh
+  https://github.com/seattlerb/rake-remote_task
+    http://docs.seattlerb.org/rake-remote_task/
+    https://github.com/seattlerb/rake-remote_task/blob/master/lib/rake/remote_task.rb
+  https://github.com/davidwinter/sooty
+    push puppet with rake/remote_task
+    https://github.com/davidwinter/sooty/blob/master/lib/sooty.rb
+  calling rsync from ruby
+    https://github.com/RichGuk/rrsync/blob/master/rrsync.rb
+    http://rubyforge.org/projects/six-rsync/
+  https://github.com/automateit/automateit
+  http://www.jedi.be/blog/2009/11/17/shell-scripting-dsl-in-ruby/
+  parallel shell
+    https://github.com/delano/rye
+    https://github.com/adamwiggins/rush
+
diff --git a/Gemfile b/Gemfile
new file mode 100644
index 0000000..e45e65f
--- /dev/null
+++ b/Gemfile
@@ -0,0 +1,2 @@
+source :rubygems
+gemspec
diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..60ce6f8
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,22 @@
+PATH
+  remote: .
+  specs:
+    leap_cli (0.0.1)
+      gli (~> 2.3)
+      oj
+      terminal-table
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    gli (2.3.0)
+    oj (1.3.7)
+    rake (0.9.2.2)
+    terminal-table (1.4.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  leap_cli!
+  rake
diff --git a/README.md b/README.md
index b597e4f..fccd6d1 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,132 @@
-more to come.
+About LEAP command line interface
+=================================
+
+This gem installs an executable 'leap' that allows you to manage servers using the leap platform.
+
+Installation
+=================================
+
+To install the gem:
+
+    gem install leap_cli
+
+To run from a clone of the git repo, see "Development", below.
+
+Usage
+=================================
+
+This tool is incomplete, so most commands don't yet work.
+
+Run `leap help` for a usage instructions.
+
+Here is an example usage:
+
+    leap init provider
+    cd provider
+    edit configuration files (see below)
+    leap compile
+
+Directories and Files
+=================================
+
+The general structure of leap project looks like this:
+
+    my_leap_project/                 # the 'root' directory
+      leap_platform/                 # a clone of the leap_platform puppet recipes
+      provider/                      # your provider-specific configurations
+
+The "leap" command should be run from within the "provider" directory.
+
+You can name these directories whatever you like. The leap command will walk up the directory tree until it finds a directory that looks like a 'root' directory.
+
+Within the "provider" directory:
+
+    nodes/               # one configuration file per node (i.e. server)
+    services/            # nodes inherit from these files if specified in node config.
+    tags/                # nodes inherit from these files if specified in node config.
+    files/               # text and binary files needed for services and nodes, including keypairs
+    users/               # crypto key material for sysadmins
+    common.yaml          # all nodes inherit these options
+    provider.yaml        # global service provider definition
+
+Configuration Files
+=================================
+
+All configuration files are in JSON format. For example
+
+    {
+      "key1": "value1",
+      "key2": "value2"
+    }
+
+Keys should match /[a-z0-9_]/
+
+Unlike traditional JSON, comments are allowed. If the first non-whitespace character is '#' the line is treated as a comment.
+
+    # this is a comment
+    {
+      # this is a comment
+      "key": "value"  # this is an error
+    }
+
+Options in the configuration files might be nested. For example:
+
+    {
+      "openvpn": {
+        "ip_address": "1.1.1.1"
+      }
+    }
+
+When compiled into hiera and made available in puppet, this becomes a Hash object with flattened keys:
+
+    {"openvpn.ip_address" => "1.1.1.1"}
+
+Node Configuration
+=================================
+
+The name of the file will be the hostname of the node.
+
+An example configuration "nodes/dns-europe.json"
+
+    {
+       "services": "dns",
+       "tags": ["production", "europe"],
+       "ip_address": "1.1.1.1"
+    }
+
+This node will have hostname "dns-europe" and it will inherit from the following files (in this order):
+
+    common.json
+    services/dns.json
+    tags/europe.json
+    tags/production.json
+
+Development
+=================================
+
+prerequisites:
+
+* rubygems (``apt-get install rubygems``)
+* bundler  (``gem install bundler``)
+
+Install command line ``leap``:
+
+    git clone git://leap.se/leap_cli   # clone leap cli code
+    cd leap_cli
+    bundle                             # install required gems
+    ln -s `pwd`/bin/leap ~/bin         # link executable somewhere in your bin path
+
+You can experiment using the example provider in the test directory
+
+    cd test/provider
+    leap
+
+Alternately, you can create your own provider for testing:
+
+    mkdir ~/dev/example.org
+    cd ~/dev/example.org
+    git clone git://leap.se/leap_platform
+    leap init provider
+    cd provider
+    leap
+
diff --git a/Rakefile b/Rakefile
new file mode 100644
index 0000000..c97688b
--- /dev/null
+++ b/Rakefile
@@ -0,0 +1,44 @@
+require 'rake/clean'
+require 'rubygems'
+require 'rubygems/package_task'
+require 'rdoc/task'
+require 'cucumber'
+require 'cucumber/rake/task'
+Rake::RDocTask.new do |rd|
+  rd.main = "README.rdoc"
+  rd.rdoc_files.include("README.rdoc","lib/**/*.rb","bin/**/*")
+  rd.title = 'Your application title'
+end
+
+spec = eval(File.read('leap_cli.gemspec'))
+
+Gem::PackageTask.new(spec) do |pkg|
+end
+CUKE_RESULTS = 'results.html'
+CLEAN << CUKE_RESULTS
+desc 'Run features'
+Cucumber::Rake::Task.new(:features) do |t|
+  opts = "features --format html -o #{CUKE_RESULTS} --format progress -x"
+  opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
+  t.cucumber_opts =  opts
+  t.fork = false
+end
+
+desc 'Run features tagged as work-in-progress (@wip)'
+Cucumber::Rake::Task.new('features:wip') do |t|
+  tag_opts = ' --tags ~@pending'
+  tag_opts = ' --tags @wip'
+  t.cucumber_opts = "features --format html -o #{CUKE_RESULTS} --format pretty -x -s#{tag_opts}"
+  t.fork = false
+end
+
+task :cucumber => :features
+task 'cucumber:wip' => 'features:wip'
+task :wip => 'features:wip'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/*_test.rb']
+end
+
+task :default => [:test,:features]
diff --git a/bin/leap b/bin/leap
new file mode 100755
index 0000000..4155b58
--- /dev/null
+++ b/bin/leap
@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+begin
+  require 'leap_cli'
+rescue LoadError
+  #
+  # When developing a gem with a command, you normally use `bundle exec bin/command-name`
+  # to run your app. At install-time, RubyGems will make sure lib, etc. are in the load path,
+  # so that you can run the command directly.
+  #
+  # However, I don't like using 'bundle exec'. It is slow, and limits which directory you can
+  # run in. So, instead, we fall back to some path manipulation hackery.
+  #
+  # This allows you to run the command directly while developing the gem, and also lets you
+  # run from anywhere (I like to link 'bin/leap' to /usr/local/bin/leap).
+  #
+  file = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
+  lib_dir = File.expand_path(File.dirname(file) + '/../lib')
+  $LOAD_PATH.unshift lib_dir unless $LOAD_PATH.include?(lib_dir)
+  require 'rubygems'
+  require 'leap_cli'
+end
+
+require 'gli'
+require 'highline'
+require 'forwardable'
+require 'terminal-table'
+
+#
+# Typically, GLI and Highline methods are loaded into the global namespace.
+# Instead, here we load these into the module LeapCli::Commands in order to
+# ensure that the cli logic and code is kept isolated to leap_cli/commands/*.rb
+#
+# no cheating!
+#
+module LeapCli::Commands
+  extend GLI::App
+  extend Forwardable
+  extend Terminal::Table::TableHelper
+
+  ENV['GLI_DEBUG'] = "true"
+
+  #
+  # delegate highline methods to make them available to sub-commands
+  #
+  @terminal = HighLine.new
+  def_delegator :@terminal, :ask, 'self.ask'
+  def_delegator :@terminal, :agree, 'self.agree'
+  def_delegator :@terminal, :ask, 'self.ask'
+  def_delegator :@terminal, :choose, 'self.choose'
+  def_delegator :@terminal, :say, 'self.say'
+
+  #
+  # info about leap command line suite
+  #
+  program_desc       'LEAP platform command line interface'
+  program_long_desc  'This is the long description. It is very interesting.'
+  version            LeapCli::VERSION
+
+  #
+  # load commands and run
+  #
+  commands_from('leap_cli/commands')
+  exit run(ARGV)
+end
diff --git a/cli/DEVNOTES b/cli/DEVNOTES
deleted file mode 100644
index eceac87..0000000
--- a/cli/DEVNOTES
+++ /dev/null
@@ -1,97 +0,0 @@
-Features to add
-==========================
-
-templates
---------------------
-
-templates for nodes and services stored in leap_platform
-
-commands:
-
-    leap add-service   # menu of services, adding copies the template
-    leap add-node      # you pick a service, then it copies template
-
-deploy
----------------------
-
-not yet working
-
-    leap bootstrap
-    leap dryrun
-    leap deploy
-
-key management
--------------------------
-
-not yet working
-
-    leap add-ssh-keypair
-    leap add-x509-keypair
-
-hiera logic
-------------------------
-
-leap_platform should be able insert ruby logic in the generation of hiera .yml files. for example, so say that a webapp node should get a list of all the couchdb nodes its config.
-
-this code might look like this
-
-    node['couchdb_ips'] = @nodes[:services => :couchdb].map(&:ip_address)
-
-or
-
-    node['couchdb_ips'] = @services[:couchdb].nodes.map(&:ip_address)
-
-maybe see http://blog.bigbinary.com/2008/10/17/under-the-hood-how-named-scope-works.html
-
-
-json validation
-------------------------
-
-json validation
-http://www.kuwata-lab.com/kwalify/ruby/users-guide.html
-
-
-useful liberaries
-================================
-
-user interaction
-
-  readline
-  highline
-  terminal-tables
-  rainbow
-  http://stackoverflow.com/questions/9577718/what-ruby-libraries-should-i-use-for-building-a-console-based-application
-
-testing
-
-  aruba -- test for cli
-
-help
-
-  gem-man -- install man pages with gems
-  ronn -- write man pages in markdown
-
-push examples
-
-  https://github.com/net-ssh/net-ssh
-
-  https://github.com/seattlerb/rake-remote_task
-    http://docs.seattlerb.org/rake-remote_task/
-    https://github.com/seattlerb/rake-remote_task/blob/master/lib/rake/remote_task.rb
-
-  https://github.com/davidwinter/sooty
-    push puppet with rake/remote_task
-    https://github.com/davidwinter/sooty/blob/master/lib/sooty.rb
-
-  calling rsync from ruby
-    https://github.com/RichGuk/rrsync/blob/master/rrsync.rb
-    http://rubyforge.org/projects/six-rsync/
-
-  https://github.com/automateit/automateit
-
-  http://www.jedi.be/blog/2009/11/17/shell-scripting-dsl-in-ruby/
-
-  parallel shell
-    https://github.com/delano/rye
-    https://github.com/adamwiggins/rush
-
diff --git a/cli/Gemfile b/cli/Gemfile
deleted file mode 100644
index e45e65f..0000000
--- a/cli/Gemfile
+++ /dev/null
@@ -1,2 +0,0 @@
-source :rubygems
-gemspec
diff --git a/cli/Gemfile.lock b/cli/Gemfile.lock
deleted file mode 100644
index 60ce6f8..0000000
--- a/cli/Gemfile.lock
+++ /dev/null
@@ -1,22 +0,0 @@
-PATH
-  remote: .
-  specs:
-    leap_cli (0.0.1)
-      gli (~> 2.3)
-      oj
-      terminal-table
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    gli (2.3.0)
-    oj (1.3.7)
-    rake (0.9.2.2)
-    terminal-table (1.4.5)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  leap_cli!
-  rake
diff --git a/cli/README.md b/cli/README.md
deleted file mode 100644
index fccd6d1..0000000
--- a/cli/README.md
+++ /dev/null
@@ -1,132 +0,0 @@
-About LEAP command line interface
-=================================
-
-This gem installs an executable 'leap' that allows you to manage servers using the leap platform.
-
-Installation
-=================================
-
-To install the gem:
-
-    gem install leap_cli
-
-To run from a clone of the git repo, see "Development", below.
-
-Usage
-=================================
-
-This tool is incomplete, so most commands don't yet work.
-
-Run `leap help` for a usage instructions.
-
-Here is an example usage:
-
-    leap init provider
-    cd provider
-    edit configuration files (see below)
-    leap compile
-
-Directories and Files
-=================================
-
-The general structure of leap project looks like this:
-
-    my_leap_project/                 # the 'root' directory
-      leap_platform/                 # a clone of the leap_platform puppet recipes
-      provider/                      # your provider-specific configurations
-
-The "leap" command should be run from within the "provider" directory.
-
-You can name these directories whatever you like. The leap command will walk up the directory tree until it finds a directory that looks like a 'root' directory.
-
-Within the "provider" directory:
-
-    nodes/               # one configuration file per node (i.e. server)
-    services/            # nodes inherit from these files if specified in node config.
-    tags/                # nodes inherit from these files if specified in node config.
-    files/               # text and binary files needed for services and nodes, including keypairs
-    users/               # crypto key material for sysadmins
-    common.yaml          # all nodes inherit these options
-    provider.yaml        # global service provider definition
-
-Configuration Files
-=================================
-
-All configuration files are in JSON format. For example
-
-    {
-      "key1": "value1",
-      "key2": "value2"
-    }
-
-Keys should match /[a-z0-9_]/
-
-Unlike traditional JSON, comments are allowed. If the first non-whitespace character is '#' the line is treated as a comment.
-
-    # this is a comment
-    {
-      # this is a comment
-      "key": "value"  # this is an error
-    }
-
-Options in the configuration files might be nested. For example:
-
-    {
-      "openvpn": {
-        "ip_address": "1.1.1.1"
-      }
-    }
-
-When compiled into hiera and made available in puppet, this becomes a Hash object with flattened keys:
-
-    {"openvpn.ip_address" => "1.1.1.1"}
-
-Node Configuration
-=================================
-
-The name of the file will be the hostname of the node.
-
-An example configuration "nodes/dns-europe.json"
-
-    {
-       "services": "dns",
-       "tags": ["production", "europe"],
-       "ip_address": "1.1.1.1"
-    }
-
-This node will have hostname "dns-europe" and it will inherit from the following files (in this order):
-
-    common.json
-    services/dns.json
-    tags/europe.json
-    tags/production.json
-
-Development
-=================================
-
-prerequisites:
-
-* rubygems (``apt-get install rubygems``)
-* bundler  (``gem install bundler``)
-
-Install command line ``leap``:
-
-    git clone git://leap.se/leap_cli   # clone leap cli code
-    cd leap_cli
-    bundle                             # install required gems
-    ln -s `pwd`/bin/leap ~/bin         # link executable somewhere in your bin path
-
-You can experiment using the example provider in the test directory
-
-    cd test/provider
-    leap
-
-Alternately, you can create your own provider for testing:
-
-    mkdir ~/dev/example.org
-    cd ~/dev/example.org
-    git clone git://leap.se/leap_platform
-    leap init provider
-    cd provider
-    leap
-
diff --git a/cli/Rakefile b/cli/Rakefile
deleted file mode 100644
index c97688b..0000000
--- a/cli/Rakefile
+++ /dev/null
@@ -1,44 +0,0 @@
-require 'rake/clean'
-require 'rubygems'
-require 'rubygems/package_task'
-require 'rdoc/task'
-require 'cucumber'
-require 'cucumber/rake/task'
-Rake::RDocTask.new do |rd|
-  rd.main = "README.rdoc"
-  rd.rdoc_files.include("README.rdoc","lib/**/*.rb","bin/**/*")
-  rd.title = 'Your application title'
-end
-
-spec = eval(File.read('leap_cli.gemspec'))
-
-Gem::PackageTask.new(spec) do |pkg|
-end
-CUKE_RESULTS = 'results.html'
-CLEAN << CUKE_RESULTS
-desc 'Run features'
-Cucumber::Rake::Task.new(:features) do |t|
-  opts = "features --format html -o #{CUKE_RESULTS} --format progress -x"
-  opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
-  t.cucumber_opts =  opts
-  t.fork = false
-end
-
-desc 'Run features tagged as work-in-progress (@wip)'
-Cucumber::Rake::Task.new('features:wip') do |t|
-  tag_opts = ' --tags ~@pending'
-  tag_opts = ' --tags @wip'
-  t.cucumber_opts = "features --format html -o #{CUKE_RESULTS} --format pretty -x -s#{tag_opts}"
-  t.fork = false
-end
-
-task :cucumber => :features
-task 'cucumber:wip' => 'features:wip'
-task :wip => 'features:wip'
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/*_test.rb']
-end
-
-task :default => [:test,:features]
diff --git a/cli/bin/leap b/cli/bin/leap
deleted file mode 100755
index 4155b58..0000000
--- a/cli/bin/leap
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env ruby
-begin
-  require 'leap_cli'
-rescue LoadError
-  #
-  # When developing a gem with a command, you normally use `bundle exec bin/command-name`
-  # to run your app. At install-time, RubyGems will make sure lib, etc. are in the load path,
-  # so that you can run the command directly.
-  #
-  # However, I don't like using 'bundle exec'. It is slow, and limits which directory you can
-  # run in. So, instead, we fall back to some path manipulation hackery.
-  #
-  # This allows you to run the command directly while developing the gem, and also lets you
-  # run from anywhere (I like to link 'bin/leap' to /usr/local/bin/leap).
-  #
-  file = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
-  lib_dir = File.expand_path(File.dirname(file) + '/../lib')
-  $LOAD_PATH.unshift lib_dir unless $LOAD_PATH.include?(lib_dir)
-  require 'rubygems'
-  require 'leap_cli'
-end
-
-require 'gli'
-require 'highline'
-require 'forwardable'
-require 'terminal-table'
-
-#
-# Typically, GLI and Highline methods are loaded into the global namespace.
-# Instead, here we load these into the module LeapCli::Commands in order to
-# ensure that the cli logic and code is kept isolated to leap_cli/commands/*.rb
-#
-# no cheating!
-#
-module LeapCli::Commands
-  extend GLI::App
-  extend Forwardable
-  extend Terminal::Table::TableHelper
-
-  ENV['GLI_DEBUG'] = "true"
-
-  #
-  # delegate highline methods to make them available to sub-commands
-  #
-  @terminal = HighLine.new
-  def_delegator :@terminal, :ask, 'self.ask'
-  def_delegator :@terminal, :agree, 'self.agree'
-  def_delegator :@terminal, :ask, 'self.ask'
-  def_delegator :@terminal, :choose, 'self.choose'
-  def_delegator :@terminal, :say, 'self.say'
-
-  #
-  # info about leap command line suite
-  #
-  program_desc       'LEAP platform command line interface'
-  program_long_desc  'This is the long description. It is very interesting.'
-  version            LeapCli::VERSION
-
-  #
-  # load commands and run
-  #
-  commands_from('leap_cli/commands')
-  exit run(ARGV)
-end
diff --git a/cli/leap_cli.gemspec b/cli/leap_cli.gemspec
deleted file mode 100644
index 208355d..0000000
--- a/cli/leap_cli.gemspec
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# Ensure we require the local version and not one we might have installed already
-#
-require File.join([File.dirname(__FILE__),'lib','leap_cli','version.rb'])
-
-spec = Gem::Specification.new do |s|
-
-  ##
-  ## ABOUT THIS GEM
-  ##
-  s.name = 'leap_cli'
-  s.version = LeapCli::VERSION
-  s.author = 'LEAP'
-  s.email = 'root@leap.se'
-  s.homepage = 'https://leap.se'
-  s.platform = Gem::Platform::RUBY
-  s.summary = 'Command line interface to the leap platform.'
-
-  ##
-  ## GEM FILES
-  ##
-  s.files = `find lib -name '*.rb'`.split("\n") << "bin/leap"
-  s.require_paths << 'lib'
-
-  s.bindir = 'bin'
-  s.executables << 'leap'
-
-  ##
-  ## DOCUMENTATION
-  ##
-  #s.has_rdoc = true
-  #s.extra_rdoc_files = ['README.rdoc','leap_cli.rdoc']
-  #s.rdoc_options << '--title' << 'leap_cli' << '--main' << 'README.rdoc' << '-ri'
-
-  ##
-  ## DEPENDENCIES
-  ##
-  s.add_development_dependency('rake')
-  #s.add_development_dependency('rdoc')
-  #s.add_development_dependency('aruba')
-
-  s.add_runtime_dependency('gli','~> 2.3')
-  s.add_runtime_dependency('oj')
-  s.add_runtime_dependency('terminal-table')
-end
diff --git a/cli/leap_cli.rdoc b/cli/leap_cli.rdoc
deleted file mode 100644
index 31d5deb..0000000
--- a/cli/leap_cli.rdoc
+++ /dev/null
@@ -1,5 +0,0 @@
-= leap_cli
-
-Generate this with
-    leap_cli rdoc
-After you have described your command line interface
\ No newline at end of file
diff --git a/cli/lib/leap_cli.rb b/cli/lib/leap_cli.rb
deleted file mode 100644
index b935e35..0000000
--- a/cli/lib/leap_cli.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-module LeapCli; end
-
-unless defined?(LeapCli::VERSION)
-  # ^^ I am not sure why this is needed.
-  require 'leap_cli/version.rb'
-end
-
-require 'leap_cli/init'
-require 'leap_cli/path'
-require 'leap_cli/log'
-require 'leap_cli/config'
-require 'leap_cli/config_list'
-require 'leap_cli/config_manager'
-
-unless String.method_defined?(:to_a)
-  class String
-    def to_a; [self]; end
-  end
-end
\ No newline at end of file
diff --git a/cli/lib/leap_cli/commands/README b/cli/lib/leap_cli/commands/README
deleted file mode 100644
index 00fcd84..0000000
--- a/cli/lib/leap_cli/commands/README
+++ /dev/null
@@ -1,101 +0,0 @@
-This directory contains ruby source files that define the available sub-commands of the `leap` executable.
-
-For example, the command:
-
-  leap init <directory>
-
-Lives in lib/leap_cli/commands/init.rb
-
-These files use a DSL (called GLI) for defining command suites.
-See https://github.com/davetron5000/gli for more information.
-
-
-      c.command
-      c.commands
-      c.default_command
-      c.default_value
-      c.get_default_command
-      c.commands
-      c.commands_declaration_order
-
-      c.flag
-      c.flags
-      c.switch
-      c.switches
-
-      c.long_desc
-
-      c.default_desc
-      c.default_description
-      c.desc
-      c.description
-      c.long_description
-      c.context_description
-      c.usage
-
-      c.arg_name
-      c.arguments_description
-      c.arguments_options
-
-      c.skips_post
-      c.skips_pre
-      c.skips_around
-
-      c.action
-
-      c.copy_options_to_aliases
-      c.nodoc
-      c.aliases
-      c.execute
-      c.names
-
-
-#desc 'Describe some switch here'
-#switch [:s,:switch]
-
-#desc 'Describe some flag here'
-#default_value 'the default'
-#arg_name 'The name of the argument'
-#flag [:f,:flagname]
-
-# desc 'Describe deploy here'
-# arg_name 'Describe arguments to deploy here'
-# command :deploy do |c|
-#   c.action do |global_options,options,args|
-#     puts "deploy command ran"
-#   end
-# end
-
-# desc 'Describe dryrun here'
-# arg_name 'Describe arguments to dryrun here'
-# command :dryrun do |c|
-#   c.action do |global_options,options,args|
-#     puts "dryrun command ran"
-#   end
-# end
-
-# desc 'Describe add-node here'
-# arg_name 'Describe arguments to add-node here'
-# command :"add-node" do |c|
-#   c.desc 'Describe a switch to init'
-#   c.switch :s
-#
-#   c.desc 'Describe a flag to init'
-#   c.default_value 'default'
-#   c.flag :f
-#   c.action do |global_options,options,args|
-#     puts "add-node command ran"
-#   end
-# end
-
-# post do |global,command,options,args|
-#   # Post logic here
-#   # Use skips_post before a command to skip this
-#   # block on that command only
-# end
-
-# on_error do |exception|
-#   # Error logic here
-#   # return false to skip default error handling
-#   true
-# end
diff --git a/cli/lib/leap_cli/commands/compile.rb b/cli/lib/leap_cli/commands/compile.rb
deleted file mode 100644
index 6b38de5..0000000
--- a/cli/lib/leap_cli/commands/compile.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-module LeapCli
-  module Commands
-
-    desc 'Compile json files to hiera configs'
-    command :compile do |c|
-      c.action do |global_options,options,args|
-        manager = ConfigManager.new
-        manager.load(Path.provider)
-        Path.ensure_dir(Path.hiera)
-        manager.export(Path.hiera)
-      end
-    end
-
-  end
-end
\ No newline at end of file
diff --git a/cli/lib/leap_cli/commands/deploy.rb b/cli/lib/leap_cli/commands/deploy.rb
deleted file mode 100644
index 3694a38..0000000
--- a/cli/lib/leap_cli/commands/deploy.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-module LeapCli
-  module Commands
-
-    desc 'Apply recipes to a node or set of nodes'
-    long_desc 'The node filter can be the name of a node, service, or tag.'
-    arg_name '<node filter>'
-    command :deploy do |c|
-      c.action do |global_options,options,args|
-        nodes = ConfigManager.filter(args)
-        say "Deploying to these nodes: #{nodes.keys.join(', ')}"
-        if agree "Continue? "
-          say "deploy not yet implemented"
-        else
-          say "OK. Bye."
-        end
-      end
-    end
-
-  end
-end
\ No newline at end of file
diff --git a/cli/lib/leap_cli/commands/init.rb b/cli/lib/leap_cli/commands/init.rb
deleted file mode 100644
index 75cc876..0000000
--- a/cli/lib/leap_cli/commands/init.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-module LeapCli
-  module Commands
-    desc 'Creates a new provider configuration directory.'
-    arg_name '<directory>'
-    skips_pre
-    command :init do |c|
-      c.action do |global_options,options,args|
-        directory = args.first
-        unless directory && directory.any?
-          help_now! "Directory name is required."
-        end
-        directory = File.expand_path(directory)
-        if File.exists?(directory)
-          raise "#{directory} already exists."
-        end
-        if agree("Create directory '#{directory}'? ")
-          LeapCli.init(directory)
-        else
-          puts "OK, bye."
-        end
-      end
-    end
-  end
-end
\ No newline at end of file
diff --git a/cli/lib/leap_cli/commands/list.rb b/cli/lib/leap_cli/commands/list.rb
deleted file mode 100644
index a186049..0000000
--- a/cli/lib/leap_cli/commands/list.rb
+++ /dev/null
@@ -1,61 +0,0 @@
-module LeapCli
-  module Commands
-
-    def self.print_config_table(type, config_list)
-      style = {:border_x => '-', :border_y => ':', :border_i => '-', :width => 60}
-
-      if type == :services
-        t = table do
-          self.style = style
-          self.headings = ['SERVICE', 'NODES']
-          list = config_list.keys.sort
-          list.each do |name|
-            add_row [name, config_list[name].nodes.keys.join(', ')]
-            add_separator unless name == list.last
-          end
-        end
-        puts t
-        puts "\n\n"
-      elsif type == :tags
-        t = table do
-          self.style = style
-          self.headings = ['TAG', 'NODES']
-          list = config_list.keys.sort
-          list.each do |name|
-            add_row [name, config_list[name].nodes.keys.join(', ')]
-            add_separator unless name == list.last
-          end
-        end
-        puts t
-        puts "\n\n"
-      elsif type == :nodes
-        t = table do
-          self.style = style
-          self.headings = ['NODE', 'SERVICES', 'TAGS']
-          list = config_list.keys.sort
-          list.each do |name|
-            add_row [name, config_list[name].services.to_a.join(', '), config_list[name].tags.to_a.join(', ')]
-            add_separator unless name == list.last
-          end
-        end
-        puts t
-      end
-    end
-
-    desc 'List nodes and their classifications'
-    long_desc 'Prints out a listing of nodes, services, or tags.'
-    arg_name 'filter'
-    command :list do |c|
-      c.action do |global_options,options,args|
-        if args.any?
-          print_config_table(:nodes, ConfigManager.filter(args))
-        else
-          print_config_table(:services, ConfigManager.services)
-          print_config_table(:tags,     ConfigManager.tags)
-          print_config_table(:nodes,  ConfigManager.nodes)
-        end
-      end
-    end
-
-  end
-end
diff --git a/cli/lib/leap_cli/commands/pre.rb b/cli/lib/leap_cli/commands/pre.rb
deleted file mode 100644
index ae58fc8..0000000
--- a/cli/lib/leap_cli/commands/pre.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-
-#
-# check to make sure we can find the root directory of the platform
-#
-module LeapCli
-  module Commands
-
-    desc 'Verbosity level 0..2'
-    arg_name 'level'
-    default_value '0'
-    flag [:v, :verbose]
-
-    desc 'Specify the root directory'
-    arg_name 'path'
-    default_value Path.root
-    flag [:root]
-
-    pre do |global,command,options,args|
-      #
-      # set verbosity
-      #
-      LeapCli.log_level = global[:verbose].to_i
-
-      #
-      # require a root directory
-      #
-      if global[:root]
-        Path.set_root(global[:root])
-      end
-      if Path.ok?
-        true
-      else
-        exit_now!("Could not find the root directory. Change current working directory or try --root")
-      end
-    end
-
-  end
-end
diff --git a/cli/lib/leap_cli/config.rb b/cli/lib/leap_cli/config.rb
deleted file mode 100644
index 44e66be..0000000
--- a/cli/lib/leap_cli/config.rb
+++ /dev/null
@@ -1,119 +0,0 @@
-module LeapCli
-  #
-  # This class represents the configuration for a single node, service, or tag.
-  #
-  class Config < Hash
-
-    def initialize(config_type, manager)
-      @manager = manager
-      @type = config_type
-    end
-
-    #
-    # lazily eval dynamic values when we encounter them.
-    #
-    def [](key)
-      value = fetch(key, nil)
-      if value.is_a? Array
-        value
-      elsif value.nil?
-        nil
-      else
-        if value =~ /^= (.*)$/
-          value = eval($1)
-          self[key] = value
-        end
-        value
-      end
-    end
-
-    #
-    # make the type appear to be a normal Hash in yaml.
-    #
-    def to_yaml_type
-     "!map"
-    end
-
-    #
-    # just like Hash#to_yaml, but sorted
-    #
-    def to_yaml(opts = {})
-      YAML::quick_emit(self, opts) do |out|
-        out.map(taguri, to_yaml_style) do |map|
-          keys.sort.each do |k|
-            v = self.fetch(k)
-            map.add(k, v)
-          end
-        end
-      end
-    end
-
-    #
-    # make obj['name'] available as obj.name
-    #
-    def method_missing(method, *args, &block)
-      if has_key?(method.to_s)
-        self[method.to_s]
-      else
-        super
-      end
-    end
-
-    #
-    # convert self into a plain hash, but only include the specified keys
-    #
-    def to_h(*keys)
-      keys.map(&:to_s).inject({}) do |hsh, key|
-        if has_key?(key)
-          hsh[key] = self[key]
-        end
-        hsh
-      end
-    end
-
-    def nodes
-      if @type == :node
-        @manager.nodes
-      else
-        @nodes ||= ConfigList.new
-      end
-    end
-
-    def services
-      if @type == :node
-        self['services'] || []
-      else
-        @manager.services
-      end
-    end
-
-    def tags
-      if @type == :node
-        self['tags'] || []
-      else
-        @manager.tags
-      end
-    end
-
-    private
-
-    ##
-    ## MACROS
-    ## these are methods used when eval'ing a value in the .json configuration
-    ##
-
-    #
-    # inserts the contents of a file
-    #
-    def file(filename)
-      filepath = Path.find_file(name, filename)
-      if filepath
-        File.read(filepath)
-      else
-        log0('no such file, "%s"' % filename)
-        ""
-      end
-    end
-
-  end # class
-end # module
\ No newline at end of file
diff --git a/cli/lib/leap_cli/config_list.rb b/cli/lib/leap_cli/config_list.rb
deleted file mode 100644
index c8ff23b..0000000
--- a/cli/lib/leap_cli/config_list.rb
+++ /dev/null
@@ -1,77 +0,0 @@
-module LeapCli
-  class ConfigList < Hash
-
-    def initialize(config=nil)
-      if config
-        self << config
-      end
-    end
-
-    #
-    # if the key is a hash, we treat it as a condition and filter all the configs using the condition
-    #
-    # for example:
-    #
-    #   nodes[:public_dns => true]
-    #
-    # will return a ConfigList with node configs that have public_dns set to true
-    #
-    def [](key)
-      if key.is_a? Hash
-        results = ConfigList.new
-        field, match_value = key.to_a.first
-        field = field.is_a?(Symbol) ? field.to_s : field
-        match_value = match_value.is_a?(Symbol) ? match_value.to_s : match_value
-        each do |name, config|
-          value = config[field]
-          if !value.nil?
-            if value.is_a? Array
-              if value.includes?(match_value)
-                results[name] = config
-              end
-            else
-              if value == match_value
-                results[name] = config
-              end
-            end
-          end
-        end
-        results
-      else
-        super
-      end
-    end
-
-    def <<(config)
-      if config.is_a? ConfigList
-        self.merge!(config)
-      else
-        self[config['name']] = config
-      end
-    end
-
-    #
-    # converts the hash of configs into an array of hashes, with ONLY the specified fields
-    #
-    def fields(*fields)
-      result = []
-      keys.sort.each do |name|
-        result << self[name].to_h(*fields)
-      end
-      result
-    end
-
-    #
-    # like fields(), but returns an array of values instead of an array of hashes.
-    #
-    def field(field)
-      field = field.to_s
-      result = []
-      keys.sort.each do |name|
-        result << self[name][field]
-      end
-      result
-    end
-
-  end
-end
diff --git a/cli/lib/leap_cli/config_manager.rb b/cli/lib/leap_cli/config_manager.rb
deleted file mode 100644
index d383cc1..0000000
--- a/cli/lib/leap_cli/config_manager.rb
+++ /dev/null
@@ -1,200 +0,0 @@
-require 'oj'
-require 'yaml'
-
-module LeapCli
-
-  class ConfigManager
-
-    attr_reader :services, :tags, :nodes
-
-    ##
-    ## IMPORT EXPORT
-    ##
-
-    #
-    # load .json configuration files
-    #
-    def load(dir)
-      @services = load_all_json("#{dir}/services/*.json")
-      @tags     = load_all_json("#{dir}/tags/*.json")
-      @common   = load_all_json("#{dir}/common.json")['common']
-      @nodes    = load_all_json("#{dir}/nodes/*.json", :node)
-      @nodes.each do |name, node|
-        apply_inheritance(node)
-      end
-      @nodes.each do |name, node|
-        node.each {|key,value| node[key] } # force evaluation of dynamic values
-      end
-    end
-
-    #
-    # save compiled hiera .yaml files
-    #
-    def export(dir)
-      Dir.glob(dir + '/*.yaml').each do |f|
-        File.unlink(f)
-      end
-      @nodes.each do |name, node|
-        File.open("#{dir}/#{name}.#{node.domain_internal}.yaml", 'w') do |f|
-          f.write node.to_yaml
-        end
-      end
-    end
-
-    ##
-    ## FILTERING
-    ##
-
-    #
-    # returns a node list consisting only of nodes that satisfy the filter criteria.
-    #
-    # filter: condition [condition] [condition] [+condition]
-    # condition: [node_name | service_name | tag_name]
-    #
-    # if conditions is prefixed with +, then it works like an AND. Otherwise, it works like an OR.
-    #
-    def filter(filters)
-      if filters.empty?
-        return nodes
-      end
-      if filters[0] =~ /^\+/
-        # don't let the first filter have a + prefix
-        filters[0] = filters[0][1..-1]
-      end
-
-      node_list = ConfigList.new
-      filters.each do |filter|
-        if filter =~ /^\+/
-          keep_list = nodes_for_filter(filter[1..-1])
-          node_list.delete_if do |name, node|
-            if keep_list[name]
-              false
-            else
-              true
-            end
-          end
-        else
-          node_list << nodes_for_filter(filter)
-        end
-      end
-      return node_list
-    end
-
-    ##
-    ## CLASS METHODS
-    ##
-
-    def self.manager
-      @manager ||= begin
-        manager = ConfigManager.new
-        manager.load(Path.provider)
-        manager
-      end
-    end
-
-    def self.filter(filters); manager.filter(filters); end
-    def self.nodes; manager.nodes; end
-    def self.services; manager.services; end
-    def self.tags; manager.tags; end
-
-    private
-
-    def load_all_json(pattern, config_type = :class)
-      results = ConfigList.new
-      Dir.glob(pattern).each do |filename|
-        obj = load_json(filename, config_type)
-        if obj
-          name = File.basename(filename).sub(/\.json$/,'')
-          obj['name'] = name
-          results[name] = obj
-        end
-      end
-      results
-    end
-
-    def load_json(filename, config_type)
-      log2 { filename.sub(/^#{Regexp.escape(Path.root)}/,'') }
-
-      #
-      # read file, strip out comments
-      # (File.read(filename) would be faster, but we like ability to have comments)
-      #
-      buffer = StringIO.new
-      File.open(filename) do |f|
-        while (line = f.gets)
-          next if line =~ /^\s*#/
-          buffer << line
-        end
-      end
-
-      # parse json, and flatten hash
-      begin
-        hash = Oj.load(buffer.string) || {}
-      rescue SyntaxError => exc
-        log0 'Error in file "%s":' % filename
-        log0 exc.to_s
-        return nil
-      end
-      return flatten_hash(hash, Config.new(config_type, self))
-    end
-
-    #
-    # remove all the nesting from a hash.
-    #
-    def flatten_hash(input = {}, output = {}, options = {})
-      input.each do |key, value|
-        key = options[:prefix].nil? ? "#{key}" : "#{options[:prefix]}#{options[:delimiter]||"_"}#{key}"
-        if value.is_a? Hash
-          flatten_hash(value, output, :prefix => key, :delimiter => options[:delimiter])
-        else
-          output[key]  = value
-        end
-      end
-      output
-    end
-
-    #
-    # makes this node inherit options from the common, service, and tag json files.
-    #
-    def apply_inheritance(node)
-      new_node = Config.new(:node, self)
-      new_node.merge!(@common)
-      if node['services']
-        node['services'].sort.each do |node_service|
-          service = @services[node_service]
-          if service.nil?
-            log0('Error in node "%s": the service "%s" does not exist.' % [node['name'], node_service])
-          else
-            new_node.merge!(service)
-            service.nodes << node # this is odd, but we want the node pointer, not new_node pointer.
-          end
-        end
-      end
-      if node['tags']
-        node['tags'].sort.each do |node_tag|
-          tag = @tags[node_tag]
-          if tag.nil?
-            log0('Error in node "%s": the tag "%s" does not exist.' % [node['name'], node_tag])
-          else
-            new_node.merge!(tag)
-            tag.nodes << node
-          end
-        end
-      end
-      new_node.merge!(node)
-      node.replace(new_node)
-    end
-
-    def nodes_for_filter(filter)
-      if node = self.nodes[filter]
-        ConfigList.new(node)
-      elsif service = self.services[filter]
-        service.nodes
-      elsif tag = self.tags[filter]
-        tag.nodes
-      end
-    end
-
-  end
-
-end
diff --git a/cli/lib/leap_cli/init.rb b/cli/lib/leap_cli/init.rb
deleted file mode 100644
index bebede7..0000000
--- a/cli/lib/leap_cli/init.rb
+++ /dev/null
@@ -1,74 +0,0 @@
-require 'fileutils'
-
-module LeapCli
-  #
-  # creates new provider directory
-  #
-  def self.init(directory)
-    dirs = [directory]
-    mkdirs(dirs, false, false)
-
-    Dir.chdir(directory) do
-      dirs = ["nodes", "services", "keys", "tags"]
-      mkdirs(dirs, false, false)
-
-      #puts "Creating .provider"
-      #FileUtils.touch('.provider')
-
-      mkfile("provider.json", PROVIDER_CONTENT)
-      mkfile("common.json", COMMON_CONTENT)
-    end
-  end
-
-  def self.mkfile(filename, content)
-    puts "Creating #{filename}"
-    File.open(filename, 'w') do |f|
-      f.write content
-    end
-  end
-
-  def self.mkdirs(dirs,force,dry_run)
-    exists = false
-    if !force
-      dirs.each do |dir|
-        if File.exist? dir
-          raise "#{dir} exists; use --force to override"
-          exists = true
-        end
-      end
-    end
-    if !exists
-      dirs.each do |dir|
-        puts "Creating #{dir}/"
-        if dry_run
-          puts "dry-run; #{dir} not created"
-        else
-          FileUtils.mkdir_p dir
-        end
-      end
-    else
-      puts "Exiting..."
-      return false
-    end
-    true
-  end
-
-  PROVIDER_CONTENT = <<EOS
-#
-# Global provider definition file.
-#
-{
-  "domain": "example.org"
-}
-EOS
-
-  COMMON_CONTENT = <<EOS
-#
-# Options put here are inherited by all nodes.
-#
-{
-  "domain": "example.org"
-}
-EOS
-
-end
diff --git a/cli/lib/leap_cli/log.rb b/cli/lib/leap_cli/log.rb
deleted file mode 100644
index f51ca1e..0000000
--- a/cli/lib/leap_cli/log.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-module LeapCli
-
-  def self.log_level
-    @log_level
-  end
-
-  def self.log_level=(value)
-    @log_level = value
-  end
-
-end
-
-def log0(message=nil, &block)
-  if message
-    puts message
-  elsif block
-    puts yield(block)
-  end
-end
-
-def log1(message=nil, &block)
-  if LeapCli.log_level > 0
-    if message
-      puts message
-    elsif block
-      puts yield(block)
-    end
-  end
-end
-
-def log2(message=nil, &block)
-  if LeapCli.log_level > 1
-    if message
-      puts message
-    elsif block
-      puts yield(block)
-    end
-  end
-end
-
-def help!(message=nil)
-  ENV['GLI_DEBUG'] = "false"
-  help_now!(message)
-end
diff --git a/cli/lib/leap_cli/path.rb b/cli/lib/leap_cli/path.rb
deleted file mode 100644
index 5dc8fe8..0000000
--- a/cli/lib/leap_cli/path.rb
+++ /dev/null
@@ -1,79 +0,0 @@
-require 'fileutils'
-
-module LeapCli
-  module Path
-
-    def self.root
-      @root ||= File.expand_path("#{provider}/..")
-    end
-
-    def self.platform
-      @platform ||= File.expand_path("#{root}/leap_platform")
-    end
-
-    def self.provider
-      @provider ||= if @root
-        File.expand_path("#{root}/provider")
-      else
-        find_in_directory_tree('provider.json')
-      end
-    end
-
-    def self.hiera
-      @hiera ||= "#{provider}/hiera"
-    end
-
-    def self.files
-      @files ||= "#{provider}/files"
-    end
-
-    def self.ok?
-      provider != '/'
-    end
-
-    def self.set_root(root_path)
-      @root = File.expand_path(root_path)
-      raise "No such directory '#{@root}'" unless File.directory?(@root)
-    end
-
-    def self.ensure_dir(dir)
-      unless File.directory?(dir)
-        if File.exists?(dir)
-          raise 'Unable to create directory "%s", file already exists.' % dir
-        else
-          FileUtils.mkdir_p(dir)
-        end
-      end
-    end
-
-    def self.find_file(name, filename)
-      path = [Path.files, filename].join('/')
-      return path if File.exists?(path)
-      path = [Path.files, name, filename].join('/')
-      return path if File.exists?(path)
-      path = [Path.files, 'nodes', name, filename].join('/')
-      return path if File.exists?(path)
-      path = [Path.files, 'services', name, filename].join('/')
-      return path if File.exists?(path)
-      path = [Path.files, 'tags', name, filename].join('/')
-      return path if File.exists?(path)
-
-      # give up
-      return nil
-    end
-
-    private
-
-    def self.find_in_directory_tree(filename)
-      search_dir = Dir.pwd
-      while search_dir != "/"
-        Dir.foreach(search_dir) do |f|
-          return search_dir if f == filename
-        end
-        search_dir = File.dirname(search_dir)
-      end
-      return search_dir
-    end
-
-  end
-end
diff --git a/cli/lib/leap_cli/version.rb b/cli/lib/leap_cli/version.rb
deleted file mode 100644
index c272647..0000000
--- a/cli/lib/leap_cli/version.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-module LeapCli
-  VERSION = '0.0.1'
-end
diff --git a/cli/test/default_test.rb b/cli/test/default_test.rb
deleted file mode 100644
index c363bbb..0000000
--- a/cli/test/default_test.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-require 'test_helper'
-
-class DefaultTest < Test::Unit::TestCase
-
-  def setup
-  end
-
-  def teardown
-  end
-
-  def test_the_truth
-    assert true
-  end
-end
diff --git a/cli/test/provider/common.json b/cli/test/provider/common.json
deleted file mode 100644
index ead9d68..0000000
--- a/cli/test/provider/common.json
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Options put here are inherited by all nodes.
-#
-{
-  "domain": {
-     "public": "rewire.co",
-     "internal": "rewire"
-  },
-  "public_dns": true,
-  "fqdn": "= name + '.' + (public_dns ? domain_public : domain_internal)"
-}
diff --git a/cli/test/provider/files/ca/ca.crt b/cli/test/provider/files/ca/ca.crt
deleted file mode 100644
index ed12e15..0000000
--- a/cli/test/provider/files/ca/ca.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME
-VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV
-BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw
-1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL
-GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz
-oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe
-PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl
-uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz
-NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De
-bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+
-wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
-BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B
-AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld
-5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp
-OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd
-pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn
-Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd
-1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF
-5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4
-ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY
-4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A==
------END CERTIFICATE-----
diff --git a/cli/test/provider/files/ca/ca.key b/cli/test/provider/files/ca/ca.key
deleted file mode 100644
index 9721c35..0000000
--- a/cli/test/provider/files/ca/ca.key
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789
-F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72
-6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC
-FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos
-M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC
-JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D
-RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz
-BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR
-dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf
-boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77
-Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU
-USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o
-whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG
-HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw
-gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN
-YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU
-ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO
-ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8
-uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI
-U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk
-sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3
-f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7
-H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb
-CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8
-yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2
-EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C
-gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72
-vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu
-961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq
-q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG
-tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo
-/H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV
-8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM
-9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha
-/Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS
-zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf
-qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY
-HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2
-XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA==
------END RSA PRIVATE KEY-----
diff --git a/cli/test/provider/files/public-definitions/provider.json.erb b/cli/test/provider/files/public-definitions/provider.json.erb
deleted file mode 100644
index e69de29..0000000
diff --git a/cli/test/provider/files/vpn1/vpn1.rewire.co.crt b/cli/test/provider/files/vpn1/vpn1.rewire.co.crt
deleted file mode 100644
index d2c9734..0000000
--- a/cli/test/provider/files/vpn1/vpn1.rewire.co.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG
-eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB
-AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg
-MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe
-4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0
-ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys
-DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB
-D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt
-X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z
-06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig
-zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0
-MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
-AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU
-/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac
-rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP
-+VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/
-HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN
-p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN
-uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ
-QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z
-WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0
-KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO
-J+ZXOqDL1Jv+a89ghE8=
------END CERTIFICATE-----
diff --git a/cli/test/provider/files/vpn1/vpn1.rewire.co.key b/cli/test/provider/files/vpn1/vpn1.rewire.co.key
deleted file mode 100644
index 3fdf38a..0000000
--- a/cli/test/provider/files/vpn1/vpn1.rewire.co.key
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG
-QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7
-ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP
-vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ
-JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK
-WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR
-RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6
-dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75
-sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw
-frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl
-De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9
-rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M
-t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy
-lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5
-pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM
-hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr
-u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum
-Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3
-R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk
-vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF
-YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s
-Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5
-VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT
-ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9
-5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE
-sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C
-gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq
-AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq
-UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2
-uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki
-60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc
-M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f
-djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah
-TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD
-T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya
-WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4
-q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF
-PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ
-fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg==
------END RSA PRIVATE KEY-----
diff --git a/cli/test/provider/hiera/couch1.rewire.yaml b/cli/test/provider/hiera/couch1.rewire.yaml
deleted file mode 100644
index 2c731ce..0000000
--- a/cli/test/provider/hiera/couch1.rewire.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
---- 
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: couch1.rewire
-ip_address: 245.2.45.42
-name: couch1
-public_dns: false
-services: couchdb
diff --git a/cli/test/provider/hiera/couch2.rewire.yaml b/cli/test/provider/hiera/couch2.rewire.yaml
deleted file mode 100644
index a835c79..0000000
--- a/cli/test/provider/hiera/couch2.rewire.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
---- 
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: couch2.rewire
-ip_address: 73.45.87.11
-name: couch2
-public_dns: false
-services: couchdb
diff --git a/cli/test/provider/hiera/ns1.rewire.yaml b/cli/test/provider/hiera/ns1.rewire.yaml
deleted file mode 100644
index 264dd52..0000000
--- a/cli/test/provider/hiera/ns1.rewire.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
---- 
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: ns1.rewire.co
-hosts_private: 
-- ip_address: 245.2.45.42
-  fqdn: couch1.rewire
-- ip_address: 73.45.87.11
-  fqdn: couch2.rewire
-hosts_public: 
-- ip_address: 1.1.1.1
-  fqdn: ns1.rewire.co
-- ip_address: 1.1.1.2
-  fqdn: ns2.rewire.co
-- ip_address: 2.2.2.2
-  fqdn: vpn1.rewire.co
-- ip_address: 6.6.7.7
-  fqdn: web1.rewire.co
-  dns_alias: user.rewire.co
-ip_address: 1.1.1.1
-name: ns1
-production: true
-public_dns: true
-services: dns
-tags: production
diff --git a/cli/test/provider/hiera/ns2.rewire.yaml b/cli/test/provider/hiera/ns2.rewire.yaml
deleted file mode 100644
index 2885424..0000000
--- a/cli/test/provider/hiera/ns2.rewire.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
---- 
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: ns2.rewire.co
-hosts_private: 
-- ip_address: 245.2.45.42
-  fqdn: couch1.rewire
-- ip_address: 73.45.87.11
-  fqdn: couch2.rewire
-hosts_public: 
-- ip_address: 1.1.1.1
-  fqdn: ns1.rewire.co
-- ip_address: 1.1.1.2
-  fqdn: ns2.rewire.co
-- ip_address: 2.2.2.2
-  fqdn: vpn1.rewire.co
-- ip_address: 6.6.7.7
-  fqdn: web1.rewire.co
-  dns_alias: user.rewire.co
-ip_address: 1.1.1.2
-name: ns2
-production: true
-public_dns: true
-services: dns
-tags: production
diff --git a/cli/test/provider/hiera/vpn1.rewire.yaml b/cli/test/provider/hiera/vpn1.rewire.yaml
deleted file mode 100644
index 158bb1b..0000000
--- a/cli/test/provider/hiera/vpn1.rewire.yaml
+++ /dev/null
@@ -1,158 +0,0 @@
---- 
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: vpn1.rewire.co
-ip_address: 2.2.2.2
-name: vpn1
-openvpn_ca_crt: |
-  -----BEGIN CERTIFICATE-----
-  MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-  RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME
-  VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV
-  BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw
-  1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL
-  GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz
-  oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe
-  PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl
-  uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz
-  NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De
-  bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+
-  wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
-  BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B
-  AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld
-  5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp
-  OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd
-  pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn
-  Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd
-  1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF
-  5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4
-  ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY
-  4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A==
-  -----END CERTIFICATE-----
-
-openvpn_ca_key: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789
-  F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72
-  6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC
-  FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos
-  M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC
-  JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D
-  RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz
-  BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR
-  dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf
-  boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77
-  Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU
-  USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o
-  whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG
-  HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw
-  gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN
-  YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU
-  ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO
-  ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8
-  uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI
-  U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk
-  sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3
-  f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7
-  H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb
-  CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8
-  yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2
-  EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C
-  gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72
-  vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu
-  961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq
-  q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG
-  tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo
-  /H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV
-  8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM
-  9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha
-  /Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS
-  zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf
-  qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY
-  HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2
-  XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA==
-  -----END RSA PRIVATE KEY-----
-
-openvpn_filter_dns: false
-openvpn_gateway_address: 3.3.3.3
-openvpn_nat: true
-openvpn_ports: 
-- "80"
-- "443"
-- "53"
-- "1194"
-openvpn_server_crt: |
-  -----BEGIN CERTIFICATE-----
-  MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
-  RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG
-  eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB
-  AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg
-  MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe
-  4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0
-  ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys
-  DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB
-  D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt
-  X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z
-  06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig
-  zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0
-  MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
-  AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU
-  /z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac
-  rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP
-  +VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/
-  HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN
-  p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN
-  uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ
-  QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z
-  WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0
-  KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO
-  J+ZXOqDL1Jv+a89ghE8=
-  -----END CERTIFICATE-----
-
-openvpn_server_key: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG
-  QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7
-  ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP
-  vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ
-  JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK
-  WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR
-  RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6
-  dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75
-  sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw
-  frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl
-  De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9
-  rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M
-  t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy
-  lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5
-  pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM
-  hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr
-  u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum
-  Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3
-  R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk
-  vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF
-  YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s
-  Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5
-  VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT
-  ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9
-  5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE
-  sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C
-  gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq
-  AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq
-  UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2
-  uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki
-  60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc
-  M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f
-  djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah
-  TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD
-  T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya
-  WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4
-  q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF
-  PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ
-  fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg==
-  -----END RSA PRIVATE KEY-----
-
-production: true
-public_dns: true
-services: openvpn
-tags: production
diff --git a/cli/test/provider/hiera/web1.rewire.yaml b/cli/test/provider/hiera/web1.rewire.yaml
deleted file mode 100644
index 6fc76d9..0000000
--- a/cli/test/provider/hiera/web1.rewire.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
---- 
-dns_alias: user.rewire.co
-domain_internal: rewire
-domain_public: rewire.co
-fqdn: web1.rewire.co
-ip_address: 6.6.7.7
-name: web1
-public_dns: true
-services: webapp
-webapp_couchdb_hosts: 
-- couch1.rewire
-- couch2.rewire
-webapp_modules: 
-- user
-- billing
-- help
diff --git a/cli/test/provider/nodes/couch1.json b/cli/test/provider/nodes/couch1.json
deleted file mode 100644
index fe5d7e5..0000000
--- a/cli/test/provider/nodes/couch1.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "services": "couchdb",
-  "ip_address": "245.2.45.42"
-}
\ No newline at end of file
diff --git a/cli/test/provider/nodes/couch2.json b/cli/test/provider/nodes/couch2.json
deleted file mode 100644
index 1fe2977..0000000
--- a/cli/test/provider/nodes/couch2.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "services": "couchdb",
-  "ip_address": "73.45.87.11"
-}
\ No newline at end of file
diff --git a/cli/test/provider/nodes/ns1.json b/cli/test/provider/nodes/ns1.json
deleted file mode 100644
index 6323d10..0000000
--- a/cli/test/provider/nodes/ns1.json
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# this is a comment
-#
-{
-  "services": "dns",
-  "tags": "production",
-  "ip_address": "1.1.1.1"
-}
\ No newline at end of file
diff --git a/cli/test/provider/nodes/ns2.json b/cli/test/provider/nodes/ns2.json
deleted file mode 100644
index eeba9df..0000000
--- a/cli/test/provider/nodes/ns2.json
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# A nameserver
-#
-{
-  "services": "dns",
-  "tags": "production",
-  "ip_address": "1.1.1.2"
-}
\ No newline at end of file
diff --git a/cli/test/provider/nodes/vpn1.json b/cli/test/provider/nodes/vpn1.json
deleted file mode 100644
index 10859ac..0000000
--- a/cli/test/provider/nodes/vpn1.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "services": "openvpn",
-  "ip_address": "2.2.2.2",
-  "tags": "production",
-  "openvpn": {
-    "gateway_address": "3.3.3.3"
-  }
-}
\ No newline at end of file
diff --git a/cli/test/provider/nodes/web1.json b/cli/test/provider/nodes/web1.json
deleted file mode 100644
index 894fb6e..0000000
--- a/cli/test/provider/nodes/web1.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "services": "webapp",
-  "ip_address": "6.6.7.7"
-}
\ No newline at end of file
diff --git a/cli/test/provider/provider.json b/cli/test/provider/provider.json
deleted file mode 100644
index 58b6728..0000000
--- a/cli/test/provider/provider.json
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# General service provider configuration.
-#
-{
-  "name": "The Rewire Company",
-  "description": "A demonstration service provider using the LEAP platform",
-  "languages": ["en"],
-  "ca": {
-    "name": "Rewire Root CA",
-    "organization": "#{name}",
-    "bit_size": 4096
-  }
-}
\ No newline at end of file
diff --git a/cli/test/provider/services/couchdb.json b/cli/test/provider/services/couchdb.json
deleted file mode 100644
index 7c13c8d..0000000
--- a/cli/test/provider/services/couchdb.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "public_dns": false
-}
\ No newline at end of file
diff --git a/cli/test/provider/services/dns.json b/cli/test/provider/services/dns.json
deleted file mode 100644
index 3fea381..0000000
--- a/cli/test/provider/services/dns.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "hosts": {
-    "public":  "= nodes[:public_dns => true].fields(:fqdn, :dns_alias, :ip_address)",
-    "private": "= nodes[:public_dns => false].fields(:fqdn, :dns_alias, :ip_address)"
-  }
-}
\ No newline at end of file
diff --git a/cli/test/provider/services/openvpn.json b/cli/test/provider/services/openvpn.json
deleted file mode 100644
index ffaa313..0000000
--- a/cli/test/provider/services/openvpn.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  "openvpn": {
-    "ports": ["80", "443", "53", "1194"],
-    "filter_dns": false,
-    "nat": true,
-    "ca_crt": "= file 'ca/ca.crt'",
-    "ca_key": "= file 'ca/ca.key'",
-    "server_crt": "= file fqdn + '.crt'",
-    "server_key": "= file fqdn + '.key'"
-  }
-}
diff --git a/cli/test/provider/services/webapp.json b/cli/test/provider/services/webapp.json
deleted file mode 100644
index 1513d6f..0000000
--- a/cli/test/provider/services/webapp.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "dns_alias": "= 'user.' + domain_public",
-  "webapp": {
-    "modules": ["user", "billing", "help"],
-    "couchdb_hosts": "= nodes[:services => :couchdb].field(:fqdn)"
-  }
-}
\ No newline at end of file
diff --git a/cli/test/provider/tags/production.json b/cli/test/provider/tags/production.json
deleted file mode 100644
index b35c065..0000000
--- a/cli/test/provider/tags/production.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "production": true
-}
\ No newline at end of file
diff --git a/cli/test/test_helper.rb b/cli/test/test_helper.rb
deleted file mode 100644
index 2e33705..0000000
--- a/cli/test/test_helper.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-require 'test/unit'
-
-# Add test libraries you want to use here, e.g. mocha
-
-class Test::Unit::TestCase
-
-  # Add global extensions to the test case class here
-  
-end
diff --git a/leap_cli.gemspec b/leap_cli.gemspec
new file mode 100644
index 0000000..208355d
--- /dev/null
+++ b/leap_cli.gemspec
@@ -0,0 +1,45 @@
+#
+# Ensure we require the local version and not one we might have installed already
+#
+require File.join([File.dirname(__FILE__),'lib','leap_cli','version.rb'])
+
+spec = Gem::Specification.new do |s|
+
+  ##
+  ## ABOUT THIS GEM
+  ##
+  s.name = 'leap_cli'
+  s.version = LeapCli::VERSION
+  s.author = 'LEAP'
+  s.email = 'root@leap.se'
+  s.homepage = 'https://leap.se'
+  s.platform = Gem::Platform::RUBY
+  s.summary = 'Command line interface to the leap platform.'
+
+  ##
+  ## GEM FILES
+  ##
+  s.files = `find lib -name '*.rb'`.split("\n") << "bin/leap"
+  s.require_paths << 'lib'
+
+  s.bindir = 'bin'
+  s.executables << 'leap'
+
+  ##
+  ## DOCUMENTATION
+  ##
+  #s.has_rdoc = true
+  #s.extra_rdoc_files = ['README.rdoc','leap_cli.rdoc']
+  #s.rdoc_options << '--title' << 'leap_cli' << '--main' << 'README.rdoc' << '-ri'
+
+  ##
+  ## DEPENDENCIES
+  ##
+  s.add_development_dependency('rake')
+  #s.add_development_dependency('rdoc')
+  #s.add_development_dependency('aruba')
+
+  s.add_runtime_dependency('gli','~> 2.3')
+  s.add_runtime_dependency('oj')
+  s.add_runtime_dependency('terminal-table')
+end
diff --git a/leap_cli.rdoc b/leap_cli.rdoc
new file mode 100644
index 0000000..31d5deb
--- /dev/null
+++ b/leap_cli.rdoc
@@ -0,0 +1,5 @@
+= leap_cli
+
+Generate this with
+    leap_cli rdoc
+After you have described your command line interface
\ No newline at end of file
diff --git a/lib/leap_cli.rb b/lib/leap_cli.rb
new file mode 100644
index 0000000..b935e35
--- /dev/null
+++ b/lib/leap_cli.rb
@@ -0,0 +1,19 @@
+module LeapCli; end
+
+unless defined?(LeapCli::VERSION)
+  # ^^ I am not sure why this is needed.
+  require 'leap_cli/version.rb'
+end
+
+require 'leap_cli/init'
+require 'leap_cli/path'
+require 'leap_cli/log'
+require 'leap_cli/config'
+require 'leap_cli/config_list'
+require 'leap_cli/config_manager'
+
+unless String.method_defined?(:to_a)
+  class String
+    def to_a; [self]; end
+  end
+end
\ No newline at end of file
diff --git a/lib/leap_cli/commands/README b/lib/leap_cli/commands/README
new file mode 100644
index 0000000..00fcd84
--- /dev/null
+++ b/lib/leap_cli/commands/README
@@ -0,0 +1,101 @@
+This directory contains ruby source files that define the available sub-commands of the `leap` executable.
+
+For example, the command:
+
+  leap init <directory>
+
+Lives in lib/leap_cli/commands/init.rb
+
+These files use a DSL (called GLI) for defining command suites.
+See https://github.com/davetron5000/gli for more information.
+
+
+      c.command
+      c.commands
+      c.default_command
+      c.default_value
+      c.get_default_command
+      c.commands
+      c.commands_declaration_order
+
+      c.flag
+      c.flags
+      c.switch
+      c.switches
+
+      c.long_desc
+
+      c.default_desc
+      c.default_description
+      c.desc
+      c.description
+      c.long_description
+      c.context_description
+      c.usage
+
+      c.arg_name
+      c.arguments_description
+      c.arguments_options
+
+      c.skips_post
+      c.skips_pre
+      c.skips_around
+
+      c.action
+
+      c.copy_options_to_aliases
+      c.nodoc
+      c.aliases
+      c.execute
+      c.names
+
+
+#desc 'Describe some switch here'
+#switch [:s,:switch]
+
+#desc 'Describe some flag here'
+#default_value 'the default'
+#arg_name 'The name of the argument'
+#flag [:f,:flagname]
+
+# desc 'Describe deploy here'
+# arg_name 'Describe arguments to deploy here'
+# command :deploy do |c|
+#   c.action do |global_options,options,args|
+#     puts "deploy command ran"
+#   end
+# end
+
+# desc 'Describe dryrun here'
+# arg_name 'Describe arguments to dryrun here'
+# command :dryrun do |c|
+#   c.action do |global_options,options,args|
+#     puts "dryrun command ran"
+#   end
+# end
+
+# desc 'Describe add-node here'
+# arg_name 'Describe arguments to add-node here'
+# command :"add-node" do |c|
+#   c.desc 'Describe a switch to init'
+#   c.switch :s
+#
+#   c.desc 'Describe a flag to init'
+#   c.default_value 'default'
+#   c.flag :f
+#   c.action do |global_options,options,args|
+#     puts "add-node command ran"
+#   end
+# end
+
+# post do |global,command,options,args|
+#   # Post logic here
+#   # Use skips_post before a command to skip this
+#   # block on that command only
+# end
+
+# on_error do |exception|
+#   # Error logic here
+#   # return false to skip default error handling
+#   true
+# end
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
new file mode 100644
index 0000000..6b38de5
--- /dev/null
+++ b/lib/leap_cli/commands/compile.rb
@@ -0,0 +1,15 @@
+module LeapCli
+  module Commands
+
+    desc 'Compile json files to hiera configs'
+    command :compile do |c|
+      c.action do |global_options,options,args|
+        manager = ConfigManager.new
+        manager.load(Path.provider)
+        Path.ensure_dir(Path.hiera)
+        manager.export(Path.hiera)
+      end
+    end
+
+  end
+end
\ No newline at end of file
diff --git a/lib/leap_cli/commands/deploy.rb b/lib/leap_cli/commands/deploy.rb
new file mode 100644
index 0000000..3694a38
--- /dev/null
+++ b/lib/leap_cli/commands/deploy.rb
@@ -0,0 +1,20 @@
+module LeapCli
+  module Commands
+
+    desc 'Apply recipes to a node or set of nodes'
+    long_desc 'The node filter can be the name of a node, service, or tag.'
+    arg_name '<node filter>'
+    command :deploy do |c|
+      c.action do |global_options,options,args|
+        nodes = ConfigManager.filter(args)
+        say "Deploying to these nodes: #{nodes.keys.join(', ')}"
+        if agree "Continue? "
+          say "deploy not yet implemented"
+        else
+          say "OK. Bye."
+        end
+      end
+    end
+
+  end
+end
\ No newline at end of file
diff --git a/lib/leap_cli/commands/init.rb b/lib/leap_cli/commands/init.rb
new file mode 100644
index 0000000..75cc876
--- /dev/null
+++ b/lib/leap_cli/commands/init.rb
@@ -0,0 +1,24 @@
+module LeapCli
+  module Commands
+    desc 'Creates a new provider configuration directory.'
+    arg_name '<directory>'
+    skips_pre
+    command :init do |c|
+      c.action do |global_options,options,args|
+        directory = args.first
+        unless directory && directory.any?
+          help_now! "Directory name is required."
+        end
+        directory = File.expand_path(directory)
+        if File.exists?(directory)
+          raise "#{directory} already exists."
+        end
+        if agree("Create directory '#{directory}'? ")
+          LeapCli.init(directory)
+        else
+          puts "OK, bye."
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/leap_cli/commands/list.rb b/lib/leap_cli/commands/list.rb
new file mode 100644
index 0000000..a186049
--- /dev/null
+++ b/lib/leap_cli/commands/list.rb
@@ -0,0 +1,61 @@
+module LeapCli
+  module Commands
+
+    def self.print_config_table(type, config_list)
+      style = {:border_x => '-', :border_y => ':', :border_i => '-', :width => 60}
+
+      if type == :services
+        t = table do
+          self.style = style
+          self.headings = ['SERVICE', 'NODES']
+          list = config_list.keys.sort
+          list.each do |name|
+            add_row [name, config_list[name].nodes.keys.join(', ')]
+            add_separator unless name == list.last
+          end
+        end
+        puts t
+        puts "\n\n"
+      elsif type == :tags
+        t = table do
+          self.style = style
+          self.headings = ['TAG', 'NODES']
+          list = config_list.keys.sort
+          list.each do |name|
+            add_row [name, config_list[name].nodes.keys.join(', ')]
+            add_separator unless name == list.last
+          end
+        end
+        puts t
+        puts "\n\n"
+      elsif type == :nodes
+        t = table do
+          self.style = style
+          self.headings = ['NODE', 'SERVICES', 'TAGS']
+          list = config_list.keys.sort
+          list.each do |name|
+            add_row [name, config_list[name].services.to_a.join(', '), config_list[name].tags.to_a.join(', ')]
+            add_separator unless name == list.last
+          end
+        end
+        puts t
+      end
+    end
+
+    desc 'List nodes and their classifications'
+    long_desc 'Prints out a listing of nodes, services, or tags.'
+    arg_name 'filter'
+    command :list do |c|
+      c.action do |global_options,options,args|
+        if args.any?
+          print_config_table(:nodes, ConfigManager.filter(args))
+        else
+          print_config_table(:services, ConfigManager.services)
+          print_config_table(:tags,     ConfigManager.tags)
+          print_config_table(:nodes,  ConfigManager.nodes)
+        end
+      end
+    end
+
+  end
+end
diff --git a/lib/leap_cli/commands/pre.rb b/lib/leap_cli/commands/pre.rb
new file mode 100644
index 0000000..ae58fc8
--- /dev/null
+++ b/lib/leap_cli/commands/pre.rb
@@ -0,0 +1,38 @@
+
+#
+# check to make sure we can find the root directory of the platform
+#
+module LeapCli
+  module Commands
+
+    desc 'Verbosity level 0..2'
+    arg_name 'level'
+    default_value '0'
+    flag [:v, :verbose]
+
+    desc 'Specify the root directory'
+    arg_name 'path'
+    default_value Path.root
+    flag [:root]
+
+    pre do |global,command,options,args|
+      #
+      # set verbosity
+      #
+      LeapCli.log_level = global[:verbose].to_i
+
+      #
+      # require a root directory
+      #
+      if global[:root]
+        Path.set_root(global[:root])
+      end
+      if Path.ok?
+        true
+      else
+        exit_now!("Could not find the root directory. Change current working directory or try --root")
+      end
+    end
+
+  end
+end
diff --git a/lib/leap_cli/config.rb b/lib/leap_cli/config.rb
new file mode 100644
index 0000000..44e66be
--- /dev/null
+++ b/lib/leap_cli/config.rb
@@ -0,0 +1,119 @@
+module LeapCli
+  #
+  # This class represents the configuration for a single node, service, or tag.
+  #
+  class Config < Hash
+
+    def initialize(config_type, manager)
+      @manager = manager
+      @type = config_type
+    end
+
+    #
+    # lazily eval dynamic values when we encounter them.
+    #
+    def [](key)
+      value = fetch(key, nil)
+      if value.is_a? Array
+        value
+      elsif value.nil?
+        nil
+      else
+        if value =~ /^= (.*)$/
+          value = eval($1)
+          self[key] = value
+        end
+        value
+      end
+    end
+
+    #
+    # make the type appear to be a normal Hash in yaml.
+    #
+    def to_yaml_type
+     "!map"
+    end
+
+    #
+    # just like Hash#to_yaml, but sorted
+    #
+    def to_yaml(opts = {})
+      YAML::quick_emit(self, opts) do |out|
+        out.map(taguri, to_yaml_style) do |map|
+          keys.sort.each do |k|
+            v = self.fetch(k)
+            map.add(k, v)
+          end
+        end
+      end
+    end
+
+    #
+    # make obj['name'] available as obj.name
+    #
+    def method_missing(method, *args, &block)
+      if has_key?(method.to_s)
+        self[method.to_s]
+      else
+        super
+      end
+    end
+
+    #
+    # convert self into a plain hash, but only include the specified keys
+    #
+    def to_h(*keys)
+      keys.map(&:to_s).inject({}) do |hsh, key|
+        if has_key?(key)
+          hsh[key] = self[key]
+        end
+        hsh
+      end
+    end
+
+    def nodes
+      if @type == :node
+        @manager.nodes
+      else
+        @nodes ||= ConfigList.new
+      end
+    end
+
+    def services
+      if @type == :node
+        self['services'] || []
+      else
+        @manager.services
+      end
+    end
+
+    def tags
+      if @type == :node
+        self['tags'] || []
+      else
+        @manager.tags
+      end
+    end
+
+    private
+
+    ##
+    ## MACROS
+    ## these are methods used when eval'ing a value in the .json configuration
+    ##
+
+    #
+    # inserts the contents of a file
+    #
+    def file(filename)
+      filepath = Path.find_file(name, filename)
+      if filepath
+        File.read(filepath)
+      else
+        log0('no such file, "%s"' % filename)
+        ""
+      end
+    end
+
+  end # class
+end # module
\ No newline at end of file
diff --git a/lib/leap_cli/config_list.rb b/lib/leap_cli/config_list.rb
new file mode 100644
index 0000000..c8ff23b
--- /dev/null
+++ b/lib/leap_cli/config_list.rb
@@ -0,0 +1,77 @@
+module LeapCli
+  class ConfigList < Hash
+
+    def initialize(config=nil)
+      if config
+        self << config
+      end
+    end
+
+    #
+    # if the key is a hash, we treat it as a condition and filter all the configs using the condition
+    #
+    # for example:
+    #
+    #   nodes[:public_dns => true]
+    #
+    # will return a ConfigList with node configs that have public_dns set to true
+    #
+    def [](key)
+      if key.is_a? Hash
+        results = ConfigList.new
+        field, match_value = key.to_a.first
+        field = field.is_a?(Symbol) ? field.to_s : field
+        match_value = match_value.is_a?(Symbol) ? match_value.to_s : match_value
+        each do |name, config|
+          value = config[field]
+          if !value.nil?
+            if value.is_a? Array
+              if value.includes?(match_value)
+                results[name] = config
+              end
+            else
+              if value == match_value
+                results[name] = config
+              end
+            end
+          end
+        end
+        results
+      else
+        super
+      end
+    end
+
+    def <<(config)
+      if config.is_a? ConfigList
+        self.merge!(config)
+      else
+        self[config['name']] = config
+      end
+    end
+
+    #
+    # converts the hash of configs into an array of hashes, with ONLY the specified fields
+    #
+    def fields(*fields)
+      result = []
+      keys.sort.each do |name|
+        result << self[name].to_h(*fields)
+      end
+      result
+    end
+
+    #
+    # like fields(), but returns an array of values instead of an array of hashes.
+    #
+    def field(field)
+      field = field.to_s
+      result = []
+      keys.sort.each do |name|
+        result << self[name][field]
+      end
+      result
+    end
+
+  end
+end
diff --git a/lib/leap_cli/config_manager.rb b/lib/leap_cli/config_manager.rb
new file mode 100644
index 0000000..d383cc1
--- /dev/null
+++ b/lib/leap_cli/config_manager.rb
@@ -0,0 +1,200 @@
+require 'oj'
+require 'yaml'
+
+module LeapCli
+
+  class ConfigManager
+
+    attr_reader :services, :tags, :nodes
+
+    ##
+    ## IMPORT EXPORT
+    ##
+
+    #
+    # load .json configuration files
+    #
+    def load(dir)
+      @services = load_all_json("#{dir}/services/*.json")
+      @tags     = load_all_json("#{dir}/tags/*.json")
+      @common   = load_all_json("#{dir}/common.json")['common']
+      @nodes    = load_all_json("#{dir}/nodes/*.json", :node)
+      @nodes.each do |name, node|
+        apply_inheritance(node)
+      end
+      @nodes.each do |name, node|
+        node.each {|key,value| node[key] } # force evaluation of dynamic values
+      end
+    end
+
+    #
+    # save compiled hiera .yaml files
+    #
+    def export(dir)
+      Dir.glob(dir + '/*.yaml').each do |f|
+        File.unlink(f)
+      end
+      @nodes.each do |name, node|
+        File.open("#{dir}/#{name}.#{node.domain_internal}.yaml", 'w') do |f|
+          f.write node.to_yaml
+        end
+      end
+    end
+
+    ##
+    ## FILTERING
+    ##
+
+    #
+    # returns a node list consisting only of nodes that satisfy the filter criteria.
+    #
+    # filter: condition [condition] [condition] [+condition]
+    # condition: [node_name | service_name | tag_name]
+    #
+    # if conditions is prefixed with +, then it works like an AND. Otherwise, it works like an OR.
+    #
+    def filter(filters)
+      if filters.empty?
+        return nodes
+      end
+      if filters[0] =~ /^\+/
+        # don't let the first filter have a + prefix
+        filters[0] = filters[0][1..-1]
+      end
+
+      node_list = ConfigList.new
+      filters.each do |filter|
+        if filter =~ /^\+/
+          keep_list = nodes_for_filter(filter[1..-1])
+          node_list.delete_if do |name, node|
+            if keep_list[name]
+              false
+            else
+              true
+            end
+          end
+        else
+          node_list << nodes_for_filter(filter)
+        end
+      end
+      return node_list
+    end
+
+    ##
+    ## CLASS METHODS
+    ##
+
+    def self.manager
+      @manager ||= begin
+        manager = ConfigManager.new
+        manager.load(Path.provider)
+        manager
+      end
+    end
+
+    def self.filter(filters); manager.filter(filters); end
+    def self.nodes; manager.nodes; end
+    def self.services; manager.services; end
+    def self.tags; manager.tags; end
+
+    private
+
+    def load_all_json(pattern, config_type = :class)
+      results = ConfigList.new
+      Dir.glob(pattern).each do |filename|
+        obj = load_json(filename, config_type)
+        if obj
+          name = File.basename(filename).sub(/\.json$/,'')
+          obj['name'] = name
+          results[name] = obj
+        end
+      end
+      results
+    end
+
+    def load_json(filename, config_type)
+      log2 { filename.sub(/^#{Regexp.escape(Path.root)}/,'') }
+
+      #
+      # read file, strip out comments
+      # (File.read(filename) would be faster, but we like ability to have comments)
+      #
+      buffer = StringIO.new
+      File.open(filename) do |f|
+        while (line = f.gets)
+          next if line =~ /^\s*#/
+          buffer << line
+        end
+      end
+
+      # parse json, and flatten hash
+      begin
+        hash = Oj.load(buffer.string) || {}
+      rescue SyntaxError => exc
+        log0 'Error in file "%s":' % filename
+        log0 exc.to_s
+        return nil
+      end
+      return flatten_hash(hash, Config.new(config_type, self))
+    end
+
+    #
+    # remove all the nesting from a hash.
+    #
+    def flatten_hash(input = {}, output = {}, options = {})
+      input.each do |key, value|
+        key = options[:prefix].nil? ? "#{key}" : "#{options[:prefix]}#{options[:delimiter]||"_"}#{key}"
+        if value.is_a? Hash
+          flatten_hash(value, output, :prefix => key, :delimiter => options[:delimiter])
+        else
+          output[key]  = value
+        end
+      end
+      output
+    end
+
+    #
+    # makes this node inherit options from the common, service, and tag json files.
+    #
+    def apply_inheritance(node)
+      new_node = Config.new(:node, self)
+      new_node.merge!(@common)
+      if node['services']
+        node['services'].sort.each do |node_service|
+          service = @services[node_service]
+          if service.nil?
+            log0('Error in node "%s": the service "%s" does not exist.' % [node['name'], node_service])
+          else
+            new_node.merge!(service)
+            service.nodes << node # this is odd, but we want the node pointer, not new_node pointer.
+          end
+        end
+      end
+      if node['tags']
+        node['tags'].sort.each do |node_tag|
+          tag = @tags[node_tag]
+          if tag.nil?
+            log0('Error in node "%s": the tag "%s" does not exist.' % [node['name'], node_tag])
+          else
+            new_node.merge!(tag)
+            tag.nodes << node
+          end
+        end
+      end
+      new_node.merge!(node)
+      node.replace(new_node)
+    end
+
+    def nodes_for_filter(filter)
+      if node = self.nodes[filter]
+        ConfigList.new(node)
+      elsif service = self.services[filter]
+        service.nodes
+      elsif tag = self.tags[filter]
+        tag.nodes
+      end
+    end
+
+  end
+
+end
diff --git a/lib/leap_cli/init.rb b/lib/leap_cli/init.rb
new file mode 100644
index 0000000..bebede7
--- /dev/null
+++ b/lib/leap_cli/init.rb
@@ -0,0 +1,74 @@
+require 'fileutils'
+
+module LeapCli
+  #
+  # creates new provider directory
+  #
+  def self.init(directory)
+    dirs = [directory]
+    mkdirs(dirs, false, false)
+
+    Dir.chdir(directory) do
+      dirs = ["nodes", "services", "keys", "tags"]
+      mkdirs(dirs, false, false)
+
+      #puts "Creating .provider"
+      #FileUtils.touch('.provider')
+
+      mkfile("provider.json", PROVIDER_CONTENT)
+      mkfile("common.json", COMMON_CONTENT)
+    end
+  end
+
+  def self.mkfile(filename, content)
+    puts "Creating #{filename}"
+    File.open(filename, 'w') do |f|
+      f.write content
+    end
+  end
+
+  def self.mkdirs(dirs,force,dry_run)
+    exists = false
+    if !force
+      dirs.each do |dir|
+        if File.exist? dir
+          raise "#{dir} exists; use --force to override"
+          exists = true
+        end
+      end
+    end
+    if !exists
+      dirs.each do |dir|
+        puts "Creating #{dir}/"
+        if dry_run
+          puts "dry-run; #{dir} not created"
+        else
+          FileUtils.mkdir_p dir
+        end
+      end
+    else
+      puts "Exiting..."
+      return false
+    end
+    true
+  end
+
+  PROVIDER_CONTENT = <<EOS
+#
+# Global provider definition file.
+#
+{
+  "domain": "example.org"
+}
+EOS
+
+  COMMON_CONTENT = <<EOS
+#
+# Options put here are inherited by all nodes.
+#
+{
+  "domain": "example.org"
+}
+EOS
+
+end
diff --git a/lib/leap_cli/log.rb b/lib/leap_cli/log.rb
new file mode 100644
index 0000000..f51ca1e
--- /dev/null
+++ b/lib/leap_cli/log.rb
@@ -0,0 +1,44 @@
+module LeapCli
+
+  def self.log_level
+    @log_level
+  end
+
+  def self.log_level=(value)
+    @log_level = value
+  end
+
+end
+
+def log0(message=nil, &block)
+  if message
+    puts message
+  elsif block
+    puts yield(block)
+  end
+end
+
+def log1(message=nil, &block)
+  if LeapCli.log_level > 0
+    if message
+      puts message
+    elsif block
+      puts yield(block)
+    end
+  end
+end
+
+def log2(message=nil, &block)
+  if LeapCli.log_level > 1
+    if message
+      puts message
+    elsif block
+      puts yield(block)
+    end
+  end
+end
+
+def help!(message=nil)
+  ENV['GLI_DEBUG'] = "false"
+  help_now!(message)
+end
diff --git a/lib/leap_cli/path.rb b/lib/leap_cli/path.rb
new file mode 100644
index 0000000..5dc8fe8
--- /dev/null
+++ b/lib/leap_cli/path.rb
@@ -0,0 +1,79 @@
+require 'fileutils'
+
+module LeapCli
+  module Path
+
+    def self.root
+      @root ||= File.expand_path("#{provider}/..")
+    end
+
+    def self.platform
+      @platform ||= File.expand_path("#{root}/leap_platform")
+    end
+
+    def self.provider
+      @provider ||= if @root
+        File.expand_path("#{root}/provider")
+      else
+        find_in_directory_tree('provider.json')
+      end
+    end
+
+    def self.hiera
+      @hiera ||= "#{provider}/hiera"
+    end
+
+    def self.files
+      @files ||= "#{provider}/files"
+    end
+
+    def self.ok?
+      provider != '/'
+    end
+
+    def self.set_root(root_path)
+      @root = File.expand_path(root_path)
+      raise "No such directory '#{@root}'" unless File.directory?(@root)
+    end
+
+    def self.ensure_dir(dir)
+      unless File.directory?(dir)
+        if File.exists?(dir)
+          raise 'Unable to create directory "%s", file already exists.' % dir
+        else
+          FileUtils.mkdir_p(dir)
+        end
+      end
+    end
+
+    def self.find_file(name, filename)
+      path = [Path.files, filename].join('/')
+      return path if File.exists?(path)
+      path = [Path.files, name, filename].join('/')
+      return path if File.exists?(path)
+      path = [Path.files, 'nodes', name, filename].join('/')
+      return path if File.exists?(path)
+      path = [Path.files, 'services', name, filename].join('/')
+      return path if File.exists?(path)
+      path = [Path.files, 'tags', name, filename].join('/')
+      return path if File.exists?(path)
+
+      # give up
+      return nil
+    end
+
+    private
+
+    def self.find_in_directory_tree(filename)
+      search_dir = Dir.pwd
+      while search_dir != "/"
+        Dir.foreach(search_dir) do |f|
+          return search_dir if f == filename
+        end
+        search_dir = File.dirname(search_dir)
+      end
+      return search_dir
+    end
+
+  end
+end
diff --git a/lib/leap_cli/version.rb b/lib/leap_cli/version.rb
new file mode 100644
index 0000000..c272647
--- /dev/null
+++ b/lib/leap_cli/version.rb
@@ -0,0 +1,3 @@
+module LeapCli
+  VERSION = '0.0.1'
+end
diff --git a/test/default_test.rb b/test/default_test.rb
new file mode 100644
index 0000000..c363bbb
--- /dev/null
+++ b/test/default_test.rb
@@ -0,0 +1,14 @@
+require 'test_helper'
+
+class DefaultTest < Test::Unit::TestCase
+
+  def setup
+  end
+
+  def teardown
+  end
+
+  def test_the_truth
+    assert true
+  end
+end
diff --git a/test/provider/common.json b/test/provider/common.json
new file mode 100644
index 0000000..ead9d68
--- /dev/null
+++ b/test/provider/common.json
@@ -0,0 +1,11 @@
+#
+# Options put here are inherited by all nodes.
+#
+{
+  "domain": {
+     "public": "rewire.co",
+     "internal": "rewire"
+  },
+  "public_dns": true,
+  "fqdn": "= name + '.' + (public_dns ? domain_public : domain_internal)"
+}
diff --git a/test/provider/files/ca/ca.crt b/test/provider/files/ca/ca.crt
new file mode 100644
index 0000000..ed12e15
--- /dev/null
+++ b/test/provider/files/ca/ca.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
+RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME
+VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV
+BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw
+1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL
+GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz
+oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe
+PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl
+uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz
+NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De
+bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+
+wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
+BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B
+AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld
+5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp
+OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd
+pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn
+Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd
+1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF
+5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4
+ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY
+4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A==
+-----END CERTIFICATE-----
diff --git a/test/provider/files/ca/ca.key b/test/provider/files/ca/ca.key
new file mode 100644
index 0000000..9721c35
--- /dev/null
+++ b/test/provider/files/ca/ca.key
@@ -0,0 +1,41 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789
+F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72
+6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC
+FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos
+M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC
+JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D
+RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz
+BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR
+dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf
+boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77
+Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU
+USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o
+whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG
+HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw
+gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN
+YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU
+ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO
+ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8
+uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI
+U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk
+sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3
+f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7
+H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb
+CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8
+yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2
+EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C
+gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72
+vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu
+961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq
+q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG
+tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo
+/H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV
+8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM
+9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha
+/Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS
+zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf
+qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY
+HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2
+XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA==
+-----END RSA PRIVATE KEY-----
diff --git a/test/provider/files/public-definitions/provider.json.erb b/test/provider/files/public-definitions/provider.json.erb
new file mode 100644
index 0000000..e69de29
diff --git a/test/provider/files/vpn1/vpn1.rewire.co.crt b/test/provider/files/vpn1/vpn1.rewire.co.crt
new file mode 100644
index 0000000..d2c9734
--- /dev/null
+++ b/test/provider/files/vpn1/vpn1.rewire.co.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
+RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG
+eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB
+AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg
+MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe
+4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0
+ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys
+DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB
+D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt
+X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z
+06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig
+zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0
+MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
+AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU
+/z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac
+rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP
++VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/
+HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN
+p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN
+uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ
+QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z
+WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0
+KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO
+J+ZXOqDL1Jv+a89ghE8=
+-----END CERTIFICATE-----
diff --git a/test/provider/files/vpn1/vpn1.rewire.co.key b/test/provider/files/vpn1/vpn1.rewire.co.key
new file mode 100644
index 0000000..3fdf38a
--- /dev/null
+++ b/test/provider/files/vpn1/vpn1.rewire.co.key
@@ -0,0 +1,41 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG
+QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7
+ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP
+vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ
+JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK
+WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR
+RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6
+dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75
+sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw
+frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl
+De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9
+rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M
+t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy
+lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5
+pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM
+hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr
+u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum
+Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3
+R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk
+vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF
+YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s
+Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5
+VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT
+ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9
+5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE
+sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C
+gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq
+AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq
+UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2
+uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki
+60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc
+M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f
+djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah
+TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD
+T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya
+WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4
+q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF
+PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ
+fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg==
+-----END RSA PRIVATE KEY-----
diff --git a/test/provider/hiera/couch1.rewire.yaml b/test/provider/hiera/couch1.rewire.yaml
new file mode 100644
index 0000000..2c731ce
--- /dev/null
+++ b/test/provider/hiera/couch1.rewire.yaml
@@ -0,0 +1,8 @@
+--- 
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: couch1.rewire
+ip_address: 245.2.45.42
+name: couch1
+public_dns: false
+services: couchdb
diff --git a/test/provider/hiera/couch2.rewire.yaml b/test/provider/hiera/couch2.rewire.yaml
new file mode 100644
index 0000000..a835c79
--- /dev/null
+++ b/test/provider/hiera/couch2.rewire.yaml
@@ -0,0 +1,8 @@
+--- 
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: couch2.rewire
+ip_address: 73.45.87.11
+name: couch2
+public_dns: false
+services: couchdb
diff --git a/test/provider/hiera/ns1.rewire.yaml b/test/provider/hiera/ns1.rewire.yaml
new file mode 100644
index 0000000..264dd52
--- /dev/null
+++ b/test/provider/hiera/ns1.rewire.yaml
@@ -0,0 +1,25 @@
+--- 
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: ns1.rewire.co
+hosts_private: 
+- ip_address: 245.2.45.42
+  fqdn: couch1.rewire
+- ip_address: 73.45.87.11
+  fqdn: couch2.rewire
+hosts_public: 
+- ip_address: 1.1.1.1
+  fqdn: ns1.rewire.co
+- ip_address: 1.1.1.2
+  fqdn: ns2.rewire.co
+- ip_address: 2.2.2.2
+  fqdn: vpn1.rewire.co
+- ip_address: 6.6.7.7
+  fqdn: web1.rewire.co
+  dns_alias: user.rewire.co
+ip_address: 1.1.1.1
+name: ns1
+production: true
+public_dns: true
+services: dns
+tags: production
diff --git a/test/provider/hiera/ns2.rewire.yaml b/test/provider/hiera/ns2.rewire.yaml
new file mode 100644
index 0000000..2885424
--- /dev/null
+++ b/test/provider/hiera/ns2.rewire.yaml
@@ -0,0 +1,25 @@
+--- 
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: ns2.rewire.co
+hosts_private: 
+- ip_address: 245.2.45.42
+  fqdn: couch1.rewire
+- ip_address: 73.45.87.11
+  fqdn: couch2.rewire
+hosts_public: 
+- ip_address: 1.1.1.1
+  fqdn: ns1.rewire.co
+- ip_address: 1.1.1.2
+  fqdn: ns2.rewire.co
+- ip_address: 2.2.2.2
+  fqdn: vpn1.rewire.co
+- ip_address: 6.6.7.7
+  fqdn: web1.rewire.co
+  dns_alias: user.rewire.co
+ip_address: 1.1.1.2
+name: ns2
+production: true
+public_dns: true
+services: dns
+tags: production
diff --git a/test/provider/hiera/vpn1.rewire.yaml b/test/provider/hiera/vpn1.rewire.yaml
new file mode 100644
index 0000000..158bb1b
--- /dev/null
+++ b/test/provider/hiera/vpn1.rewire.yaml
@@ -0,0 +1,158 @@
+--- 
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: vpn1.rewire.co
+ip_address: 2.2.2.2
+name: vpn1
+openvpn_ca_crt: |
+  -----BEGIN CERTIFICATE-----
+  MIIECzCCAl2gAwIBAgIEUFDp9TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
+  RVNUMB4XDTEyMDkxMjIwMDA1M1oXDTEzMDkxMjIwMDA1M1owDzENMAsGA1UEAxME
+  VEVTVDCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANsoS1m9wj9iv+UV
+  BXfeq14SR94gSot96eJu7PZVRrcGlGe/PRfbmfxF3j/gXM9B8sIkyM2L46OMtOKw
+  1iOTKtYYdMhtnUSd3FRshWGtYeuy+OCe9umU0jfZDBZ2pXlUmSqCNqfD0OPkksYL
+  GDjQUKjaEd1oURwpCG8uEU+3tjBNCMuEwhcMEoUYmI8t4vss2hdFb+LKefVMPTzz
+  oiNM/o8Z/ANzWCC0qSW5FsB4wGhUS5HKLDOr4tACgdxaJSWtAqFFAnyMeG9g8aqe
+  PTM+URlqVnzzGckrJwBbd4y0zEpv/R7SAiSAP725cnB1GKptwdrcNIIHnQjOdAOl
+  uNg6JlRXrv6fV1gApka4INfJAf1yMf+fA0WdZ22UJQ9Up7tdzi8lL+3HsEpEx4Pz
+  NyzuqzEw9LJ6SUmMcE/VP00t4RjTOVoncwcLjvURY8jt2DQ9E36JEPwUoyALq/De
+  bGBjeK2KGzBZcOu1HZAwWLLWR2++WKuCEXbRbahwSIlbMfmAe8xGx4bbHol0D1A+
+  wmu0uxjAze6FvUkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
+  BQMDBwQAMB0GA1UdDgQWBBT/PX8XZ0Y2jDkppz6PHs23IgzQEDANBgkqhkiG9w0B
+  AQsFAAOCAZcAMfi+HLbcFaB0/Mv8/GkIdjpThUBVEeFrIiDy9GmGWUDOXgP1Skld
+  5H4eY5inE5lFfB69yacHIGS4OiZIBuBKfKNl5d6XO+ztJEJpG3yrbF4MtGV/aHEp
+  OlbJCncnk3fspBk6tFGrv4Inak4gza6SQPfBEZj29ciwfwrqrtuWZ7km+og0Clcd
+  pIB0g+DK0K//NtaDZDK0havQw2AFJKyXlNfI8XZ2jsNmQYR1wtiMci+UfGQr7bjn
+  Kw9yyVCf0ohXvnSK4ortz/bDQbcMWkK0m/VCCEK8PSldk+XFzPWFWn5ndKCczcvd
+  1BQc392n12ZstEuzm6+d9A0D3kCxralJUXUC+4kThq4Rtjey/gBjyZQnZ+5tIxMF
+  5ZFAStEglNxqm6HB17q7owJqTvIg9Cf9GATsvoFFQDJrBXewRX7cWVeSr0zNSQB4
+  ydIlSUOkyE3AyfLN+lx8NVS/I7gp4fWDuHrh27NKKDtMxalxPL5pTGO7l4uTybLY
+  4aVzQYGvzA5HVS++VAtcTQ6TP9p4HURL2cllEU9u9A==
+  -----END CERTIFICATE-----
+
+openvpn_ca_key: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIHRwIBAAKCAZcA2yhLWb3CP2K/5RUFd96rXhJH3iBKi33p4m7s9lVGtwaUZ789
+  F9uZ/EXeP+Bcz0HywiTIzYvjo4y04rDWI5Mq1hh0yG2dRJ3cVGyFYa1h67L44J72
+  6ZTSN9kMFnaleVSZKoI2p8PQ4+SSxgsYONBQqNoR3WhRHCkIby4RT7e2ME0Iy4TC
+  FwwShRiYjy3i+yzaF0Vv4sp59Uw9PPOiI0z+jxn8A3NYILSpJbkWwHjAaFRLkcos
+  M6vi0AKB3FolJa0CoUUCfIx4b2Dxqp49Mz5RGWpWfPMZySsnAFt3jLTMSm/9HtIC
+  JIA/vblycHUYqm3B2tw0ggedCM50A6W42DomVFeu/p9XWACmRrgg18kB/XIx/58D
+  RZ1nbZQlD1Snu13OLyUv7cewSkTHg/M3LO6rMTD0snpJSYxwT9U/TS3hGNM5Widz
+  BwuO9RFjyO3YND0TfokQ/BSjIAur8N5sYGN4rYobMFlw67UdkDBYstZHb75Yq4IR
+  dtFtqHBIiVsx+YB7zEbHhtseiXQPUD7Ca7S7GMDN7oW9SQIDAQABAoIBljYtMttf
+  boqO1dNCrBRi5kgeCsgdgXAUU2IXe9q1YALUzJENFIQ2VE2p0/REeYz+x4043K77
+  Wu3OVdUIVBd9RQSiDRSTDGKvB42TOjHYU7GZj66vfWhm0sTdkgBnmiZxRF/eyrYU
+  USpVEfeFPJqm3JmxNuNd61cjyaL6Z2smhhJQqNDu47Ag2t8uImCavlbLUqqYDr2o
+  whdinmzX6YgCe5dSnBsaQ3nqTzo1FCvGbgIcfIXwzZaEclBrnkCjxDUZHOJTFfdG
+  HmuiMnuzp1JOz1UTOpus8eKIK/J1Zh3C7yYSp+h9ZcHbaqoiLTueyvLpT5dbUzgw
+  gQQTnNKaWjXF/10/T0n7lybqlUQaGvJrmRPbiIGdO8NLEbeaLGJAbaml3EYPJxeN
+  YlV8wOVcA48xxpRCR8qX/DClbclJMIhwQ9AMdfvTlPMcLbPXZx+Ly2/ZuL2GhNlU
+  ur5Ac6yQ2KFIRz9Cm2T2ZUSbwcFgHEjl4fR62vIOSGHWZZndExSCyW+3LyHSbZkO
+  ExbceyEIB0qsDXqLvtV7bbUCgcwA5e7XclbOkjA4nnIsz1pnfQMdraVK76vD4ex8
+  uA31cGBE2O83miGnDNDg1bdbSgLTD1bqjAGxvEPL6g4G3p/K4QkiPsMsJcfEJieI
+  U97Tv+SL2LcoK96gOaPuum2lBVNVs5wN6DICVL+JNjZEgzOQGVRllUh37MmYEuEk
+  sxAujzu89piBUIlfIKQPszDTeak4D9aFeKPl27mVezQHkpJHhxGKdm+DfyLZNko3
+  f2Na5vqMKEwznHAhGAoawAN9aQY2pRoUEdjHzyTWkKcCgcwA9AC40ogaOy0Fm+o7
+  H4b1+fNFGHdzLOhsgRf/SXeoNRry6hN5fkH4jBYos//jb257hRSoFsmPQ7k/ZXmb
+  CAAu+5FthZAhGRwgnxKQ0Va4nv5uvdK+GNO2YwHlUaeb0WOfujhSNEb0aUsqO1/8
+  yITIFRX8nGWEtttW76l+npV/aGgrWd0BxMVcNpmB4ORIJCs7BNKKKjQOG4nDHmP2
+  EOhLjU3kqqUbDOfoSs9UHOFRaW78lBscYU+z3FcR7yvSn1AIpYxbNhA3jCDrkI8C
+  gcseYElSL6mmonw4YnkNA7J8T3cSQ638r8J3DFkFr8JnEDDIQAImeJ+rD8VENq72
+  vhzIAAGIcYjbiFFeIHBD5PRWenBtvjcM3rFJIRvfiKaMyVK4VKoX8ZdVRhT5yBZu
+  961wxwMHU+P+8jbcVJsEgkFdN0scR7CgNZnDlL7WcSLVhVzXbxpWW2+XzlTMpXyq
+  q/JeFUcYwv5Q4tmepycA9BZC/8w9DUpf92iexXtDdwrBTQRLJpYC6sVUebFDALMG
+  tu1tLl7MZMkw0nsOLQKBzADgsOGBja+KGrV1lEaJi8BrQWe5VhYLnqR8ZFrDjpqo
+  /H4Aq5pPd/SnG6izyMnpTTYVoKYBBe8VkDse+NKYlYKuSocuXUD9XHd1xKTzAQbV
+  8rqLtsszFZJ4rcA8ZzoHodPuqfqZBVYAuCTVtFiVViDhufN7GckSkf0GiXB+HHDM
+  9lAlWm1Mg+mcpdOCAvWjyON6V16/6lurZDr3e1mWzDL2lmoh8hRs2AmDClUMmzha
+  /Mc+o5CI09pu5wcu1Y4JAqxTtmIv8NMWCSKjZQKBzACtm7UzsHrKC3REfb5YM4oS
+  zI5SRWCj+umQrAX5XCjc7O4J0MECSW9pda3x+nei1Ay9EOpdBz+pggJ+ipDVa4qf
+  qfZ/NiAknBiB+4UiSNnUcWtK792AbAfD2if98e40rU5zlbkUxnphytyDwueqcKPY
+  HGoBRSng3IZyIZR/VCzOwWCpUyLw492D3cVZe1AgeRNhcATiHgIGMUT2zc21Jmh2
+  XJn5wohQvUzvnpyll5xlZf6c2EtqMJ9kEwV1Xbwu16aXpXf11Y9iY38EXA==
+  -----END RSA PRIVATE KEY-----
+
+openvpn_filter_dns: false
+openvpn_gateway_address: 3.3.3.3
+openvpn_nat: true
+openvpn_ports: 
+- "80"
+- "443"
+- "53"
+- "1194"
+openvpn_server_crt: |
+  -----BEGIN CERTIFICATE-----
+  MIIEWjCCAqygAwIBAgIEUFDqXzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRU
+  RVNUMB4XDTEyMDkxMjIwMDIzOVoXDTEzMDkxMjIwMDIzOVowKzEPMA0GA1UEChMG
+  eHgub3JnMRgwFgYDVQQDEw9ob3N0bmFtZS54eC5vcmcwggG4MA0GCSqGSIb3DQEB
+  AQUAA4IBpQAwggGgAoIBlwCvGqkXry509EWGAqbFUB5nqvsvA3kSIh0prgzaPYCg
+  MMst58ZB89eTgiuM+U3jSF7LZr+CuE1DAb4m2U2f8D8IfViwK1yCa5AohG+LCmwe
+  4w4bgXtxwEBDac4u23JZ4AKE/EcKMeBbXe2d3o1S3P3XdN1ZVP0DVw04+H8cdh+0
+  ggvhAA+9W/NvAQCAffL8sospj9nbl2OhRnrlFAzMWECyEyySPK5TEchU0hnFBRys
+  DuYso5klLC6QXfSOkCSCOg9WQgjoyYBndTYxS3GwBnwyM+5V4TNtdc+P4vkkj+ZB
+  D9R9oMpamUuuRQvk5/hJa7i8AaBy7ZmOO9QtL3866ONa6cLUN/QfBUkgM5iS6oQt
+  X/qKxZFFYZPZUGBJqavuT+n4FB8XlIwcnqunK7rLD9OZwumYuZlHDtdAsgQ9Fd2z
+  06e7sDp28jcrk6gmpOapLqNPtPHVOGNA6mCZza4LonDMOSQKTfb6ZEXty+a8f2ig
+  zErhHvmyCvREytDc9pIf2bL+Sz4ULTq62GDKf1Y3tRi2uHFjhKLTAgMBAAGjdjB0
+  MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUD
+  AwegADAdBgNVHQ4EFgQUmQ5YZjESlkYq2FBaYqGp2HAnSfAwHwYDVR0jBBgwFoAU
+  /z1/F2dGNow5Kac+jx7NtyIM0BAwDQYJKoZIhvcNAQELBQADggGXAHiaPMSeIzac
+  rRZQ/dJA7VDgvuFcY67zj9531zsDVi848kBkpSZ+9UyZOdhy5b9Din/IAVvd/XUP
+  +VWwVsvKPbrWK79T/w8wj5nQR0uYfLdpMu7ZGjPhNes+/DnMX8Are2eb012g1km/
+  HhOUxNg8/YpOJI4ZRnZls7j+u5kmHhc47sOQH9sY1FkHcWJ+K/lVhTk8Fmcm1vbN
+  p7rjO4BItPVDxle0XF6bItwF1ahsK9MTzJIEO9ulHQnKYdhT9BcJbcwA3vhcn8nN
+  uPN/RbDcWZTjONy58LVr7GxDQ267nZs5/wj4Cv3vDVq83kQJ7lCsYGTvxOejHWeQ
+  QjcXREdBih9CPO3f86TOI8GRipIGvDcEll4DzgGRi+uTSWG69uC9yud/7+rnLd9Z
+  WlobzAzRwljnR3aNACq0adYv1Wl05Fi2ab+QqL/C5ySrF5jL4OFUMpBu7nDPjty0
+  KjQSmI9t6By6ORx14XT6piSlvSFn5phdMexXx1AYZEtdPSQduh2OquIPjN/qSdHO
+  J+ZXOqDL1Jv+a89ghE8=
+  -----END CERTIFICATE-----
+
+openvpn_server_key: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIHRwIBAAKCAZcArxqpF68udPRFhgKmxVAeZ6r7LwN5EiIdKa4M2j2AoDDLLefG
+  QfPXk4IrjPlN40hey2a/grhNQwG+JtlNn/A/CH1YsCtcgmuQKIRviwpsHuMOG4F7
+  ccBAQ2nOLttyWeAChPxHCjHgW13tnd6NUtz913TdWVT9A1cNOPh/HHYftIIL4QAP
+  vVvzbwEAgH3y/LKLKY/Z25djoUZ65RQMzFhAshMskjyuUxHIVNIZxQUcrA7mLKOZ
+  JSwukF30jpAkgjoPVkII6MmAZ3U2MUtxsAZ8MjPuVeEzbXXPj+L5JI/mQQ/UfaDK
+  WplLrkUL5Of4SWu4vAGgcu2ZjjvULS9/OujjWunC1Df0HwVJIDOYkuqELV/6isWR
+  RWGT2VBgSamr7k/p+BQfF5SMHJ6rpyu6yw/TmcLpmLmZRw7XQLIEPRXds9Onu7A6
+  dvI3K5OoJqTmqS6jT7Tx1ThjQOpgmc2uC6JwzDkkCk32+mRF7cvmvH9ooMxK4R75
+  sgr0RMrQ3PaSH9my/ks+FC06uthgyn9WN7UYtrhxY4Si0wIDAQABAoIBlgvJw7Bw
+  frQo7bVD4G5QInvgKuDTXwc1fLkdmofmtA4UutjwTYyLGew4Sy5GalPuv1L6K9Jl
+  De6A44hCANPPnK65oYraoHO3QhE4OTonDXhW2NBJO0JBKxJewR6ub1hVmFXTlgS9
+  rtj3zdNe9Cyr6/rhRzWIXzAmYCGBuSz1VtUUHDCdjHG3CwBiFOKRmBYi/vNhV81M
+  t8xXrlZVrzbiihhy6gE+TI4TGGV9b3awDWoX5q8CpIC4JLpbWOdwFMUfm4C3GVpy
+  lk5gubE/wnXiQyzqEzyHzC3OrNyh/JTbz2XBi+Agc45gRFL6t3EstNJY14lWwAy5
+  pwLUFQnwVJQ0ljtA+qMo5nwGBaHgj1TutshLLcrP+cikule5DYm23VHU/u4epYPM
+  hEB6KrYr7h3/IhXJ5rp5kmsJKGlg1vyPkwcskL5fMiN1BnPV5cwmrg574SsoDydr
+  u40DJiijABVJG2aTnlOMGKyrnkbbOTq3adxjIWPPTK5r95pOWp3TpZWQzGa8Waum
+  Q3S9LpmGCiVnuXTyGqRXAeECgcwAzPJWd5P/lCrVgmCd+cc+ldbG2SLQ/v3vDqe3
+  R0UPnkIkmOOKw9cgC9qy8XgZb2hcRKDwifZBCVKTVi3NAdtF9WF5DLmwBP2NGdWk
+  vNz9NF5Zd0GYa78Dec6Ej6nOJauDi5ymiJQxexx+N3I/ZjJMOpnIePz1yQbiB9dF
+  YM6lifd8WoeahOvp1m92qlF637JL7hmXjagB0H+27bLgDD7dtUcigYMvPOuO5S0s
+  Ec1PRg0lNhym9sJ0xm7uby88i83RyQKbCFEHyuQFZS8CgcwA2rk8X6WPF6NTmYP5
+  VXnMAW1T1CoHCWQOW3KaYCHHgdWVTVl7MKXZ1zxz/8pKySX+QJrUsobSn7xjxGqT
+  ZTcbhaFtEsfS4meEyn2Ef+yT2kslF59aYQfFAQ2HR5bhg2kNXFPwIpV3o5zwmJH9
+  5H32XHjpneHT5QjTvQezsHtQbl61w8QqEmB5Cy5ZzcfSp+iZnR1gBquVgRSLpphE
+  sUzmTAlm2W8FZNLw1cDyB+8hNDrp/t9RQfJzzcCi4TAgZWy+DKjO7nj6tl7oe50C
+  gctgtVXh9T9b3l6DuC2zaLZ6pC+O1KQEPzUoGDIe+lKlXhbA4lZflUq07U0VLpPq
+  AzfO1pbKsx37VTDbMJ+Vaa/4WzdwrsqFgFOtxieHS0xcAs16vcQ7y5XLS4038Wuq
+  UOWw4ome1zcGHerdJRcPlVptKJX1qYAdjRbplkZRqRFqKhNO8MAUSvI70rsPIYW2
+  uv6jawYdvRKmHS3nukmI3b1mxhtdO9b1iz4RnKA4AkaPCrLtdtW+iQHrhPsUEhki
+  60s76/PWF85yieiV1wKBzACauN5UarFGb2r79bezF22QtN3P/8rqgbUGS5OY3Uxc
+  M9Jh3SKfzzLCZylHkLpGgHHTEbPUdjsYdBO/JgUOXGVDqmWWG3S6Y7Az7YaFV71f
+  djjO9RLiALUDgaZopfrxEqc44MfGLyVqv+ISi3Om5tQXphDcdpuGMTBXT9N0zEah
+  TK4XxfRc+5Gkry0nvGrwDEJeOiFrloUzwmzndF9jbJqcvynaNgcCw5VKICsWIbrD
+  T8mnWiIJHJF+wv51fa3tEXd/TQrU9w+jYo/ioQKBzACluagmFiDwMcJFowdUYyya
+  WJtxEQHej5PfyHRijBZ/qzhvPxyF2Ae2D5L9RS+uHsJA0ZVJDQgzkvrSZ8IcS/Q4
+  q+zX3/AzgDL6IQGQIsETaAmFCco4RMLFaDMyDx/OJR29df+ibqYvfSoUkcmK8OyF
+  PWS0AobzJnqIaDpRCCvD/sL9PCkrUm33HoDBfxuvEsqZypNVmq+/3myWc9gIMOmZ
+  fpWS+744tFnNO9RdmZ8OZel4+iv8CGZvQxk14S+lpaSCpX+Zmfyy5PfPRg==
+  -----END RSA PRIVATE KEY-----
+
+production: true
+public_dns: true
+services: openvpn
+tags: production
diff --git a/test/provider/hiera/web1.rewire.yaml b/test/provider/hiera/web1.rewire.yaml
new file mode 100644
index 0000000..6fc76d9
--- /dev/null
+++ b/test/provider/hiera/web1.rewire.yaml
@@ -0,0 +1,16 @@
+--- 
+dns_alias: user.rewire.co
+domain_internal: rewire
+domain_public: rewire.co
+fqdn: web1.rewire.co
+ip_address: 6.6.7.7
+name: web1
+public_dns: true
+services: webapp
+webapp_couchdb_hosts: 
+- couch1.rewire
+- couch2.rewire
+webapp_modules: 
+- user
+- billing
+- help
diff --git a/test/provider/nodes/couch1.json b/test/provider/nodes/couch1.json
new file mode 100644
index 0000000..fe5d7e5
--- /dev/null
+++ b/test/provider/nodes/couch1.json
@@ -0,0 +1,4 @@
+{
+  "services": "couchdb",
+  "ip_address": "245.2.45.42"
+}
\ No newline at end of file
diff --git a/test/provider/nodes/couch2.json b/test/provider/nodes/couch2.json
new file mode 100644
index 0000000..1fe2977
--- /dev/null
+++ b/test/provider/nodes/couch2.json
@@ -0,0 +1,4 @@
+{
+  "services": "couchdb",
+  "ip_address": "73.45.87.11"
+}
\ No newline at end of file
diff --git a/test/provider/nodes/ns1.json b/test/provider/nodes/ns1.json
new file mode 100644
index 0000000..6323d10
--- /dev/null
+++ b/test/provider/nodes/ns1.json
@@ -0,0 +1,8 @@
+#
+# this is a comment
+#
+{
+  "services": "dns",
+  "tags": "production",
+  "ip_address": "1.1.1.1"
+}
\ No newline at end of file
diff --git a/test/provider/nodes/ns2.json b/test/provider/nodes/ns2.json
new file mode 100644
index 0000000..eeba9df
--- /dev/null
+++ b/test/provider/nodes/ns2.json
@@ -0,0 +1,8 @@
+#
+# A nameserver
+#
+{
+  "services": "dns",
+  "tags": "production",
+  "ip_address": "1.1.1.2"
+}
\ No newline at end of file
diff --git a/test/provider/nodes/vpn1.json b/test/provider/nodes/vpn1.json
new file mode 100644
index 0000000..10859ac
--- /dev/null
+++ b/test/provider/nodes/vpn1.json
@@ -0,0 +1,8 @@
+{
+  "services": "openvpn",
+  "ip_address": "2.2.2.2",
+  "tags": "production",
+  "openvpn": {
+    "gateway_address": "3.3.3.3"
+  }
+}
\ No newline at end of file
diff --git a/test/provider/nodes/web1.json b/test/provider/nodes/web1.json
new file mode 100644
index 0000000..894fb6e
--- /dev/null
+++ b/test/provider/nodes/web1.json
@@ -0,0 +1,4 @@
+{
+  "services": "webapp",
+  "ip_address": "6.6.7.7"
+}
\ No newline at end of file
diff --git a/test/provider/provider.json b/test/provider/provider.json
new file mode 100644
index 0000000..58b6728
--- /dev/null
+++ b/test/provider/provider.json
@@ -0,0 +1,13 @@
+#
+# General service provider configuration.
+#
+{
+  "name": "The Rewire Company",
+  "description": "A demonstration service provider using the LEAP platform",
+  "languages": ["en"],
+  "ca": {
+    "name": "Rewire Root CA",
+    "organization": "#{name}",
+    "bit_size": 4096
+  }
+}
\ No newline at end of file
diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json
new file mode 100644
index 0000000..7c13c8d
--- /dev/null
+++ b/test/provider/services/couchdb.json
@@ -0,0 +1,3 @@
+{
+  "public_dns": false
+}
\ No newline at end of file
diff --git a/test/provider/services/dns.json b/test/provider/services/dns.json
new file mode 100644
index 0000000..3fea381
--- /dev/null
+++ b/test/provider/services/dns.json
@@ -0,0 +1,6 @@
+{
+  "hosts": {
+    "public":  "= nodes[:public_dns => true].fields(:fqdn, :dns_alias, :ip_address)",
+    "private": "= nodes[:public_dns => false].fields(:fqdn, :dns_alias, :ip_address)"
+  }
+}
\ No newline at end of file
diff --git a/test/provider/services/openvpn.json b/test/provider/services/openvpn.json
new file mode 100644
index 0000000..ffaa313
--- /dev/null
+++ b/test/provider/services/openvpn.json
@@ -0,0 +1,11 @@
+{
+  "openvpn": {
+    "ports": ["80", "443", "53", "1194"],
+    "filter_dns": false,
+    "nat": true,
+    "ca_crt": "= file 'ca/ca.crt'",
+    "ca_key": "= file 'ca/ca.key'",
+    "server_crt": "= file fqdn + '.crt'",
+    "server_key": "= file fqdn + '.key'"
+  }
+}
diff --git a/test/provider/services/webapp.json b/test/provider/services/webapp.json
new file mode 100644
index 0000000..1513d6f
--- /dev/null
+++ b/test/provider/services/webapp.json
@@ -0,0 +1,7 @@
+{
+  "dns_alias": "= 'user.' + domain_public",
+  "webapp": {
+    "modules": ["user", "billing", "help"],
+    "couchdb_hosts": "= nodes[:services => :couchdb].field(:fqdn)"
+  }
+}
\ No newline at end of file
diff --git a/test/provider/tags/production.json b/test/provider/tags/production.json
new file mode 100644
index 0000000..b35c065
--- /dev/null
+++ b/test/provider/tags/production.json
@@ -0,0 +1,3 @@
+{
+  "production": true
+}
\ No newline at end of file
diff --git a/test/test_helper.rb b/test/test_helper.rb
new file mode 100644
index 0000000..2e33705
--- /dev/null
+++ b/test/test_helper.rb
@@ -0,0 +1,9 @@
+require 'test/unit'
+
+# Add test libraries you want to use here, e.g. mocha
+
+class Test::Unit::TestCase
+
+  # Add global extensions to the test case class here
+  
+end
-- 
cgit v1.2.3