Vaultx.Secrets.Consul.Behaviour behaviour (Vaultx v0.7.0)
View SourceBehaviour definition for HashiCorp Vault Consul secrets engine operations.
This behaviour defines the interface that Consul secrets engine implementations must provide, ensuring consistency and type safety across different implementations.
Core Operations
The Consul secrets engine supports the following operations:
Configuration Operations
configure_access/2- Configure Consul connection parameters
Role Management Operations
create_role/3- Create or update a Consul roleread_role/2- Read a Consul role configurationlist_roles/1- List all configured rolesdelete_role/2- Delete a Consul role
Credential Operations
generate_credentials/2- Generate dynamic Consul ACL tokens
API Compliance
This behaviour ensures compliance with:
Summary
Types
Consul access configuration parameters.
Result of a configuration operation.
Result of a role creation operation.
Generated Consul credentials.
Result of a role delete operation.
Result of a credential generation operation.
Result of a role list operation.
Options for Consul secrets engine operations.
Result of a role read operation.
Consul role configuration parameters.
Consul role name. Must be a non-empty string with valid characters.
Callbacks
Configure access information for Consul.
Create or update a Consul role.
Delete a Consul role.
Generate credentials for a Consul role.
List all configured Consul roles.
Read a Consul role configuration.
Types
@type access_config() :: %{ :address => String.t(), optional(:scheme) => String.t(), optional(:token) => String.t(), optional(:ca_cert) => String.t(), optional(:client_cert) => String.t(), optional(:client_key) => String.t() }
Consul access configuration parameters.
@type configure_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a configuration operation.
@type create_role_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a role creation operation.
@type credentials() :: %{token: String.t()}
Generated Consul credentials.
@type delete_role_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a role delete operation.
@type generate_credentials_result() :: {:ok, credentials()} | {:error, Vaultx.Base.Error.t()}
Result of a credential generation operation.
@type list_roles_result() :: {:ok, [String.t()]} | {:error, Vaultx.Base.Error.t()}
Result of a role list operation.
@type operation_opts() :: [ mount_path: String.t(), timeout: pos_integer(), retry_attempts: non_neg_integer() ]
Options for Consul secrets engine operations.
@type read_role_result() :: {:ok, role_config()} | {:error, Vaultx.Base.Error.t()}
Result of a role read operation.
@type role_config() :: %{ optional(:consul_policies) => [String.t()], optional(:consul_roles) => [String.t()], optional(:service_identities) => [String.t()], optional(:node_identities) => [String.t()], optional(:consul_namespace) => String.t(), optional(:partition) => String.t(), optional(:ttl) => String.t(), optional(:max_ttl) => String.t(), optional(:local) => boolean(), optional(:token_type) => String.t(), optional(:policy) => String.t(), optional(:policies) => [String.t()], optional(:lease) => String.t() }
Consul role configuration parameters.
@type role_name() :: String.t()
Consul role name. Must be a non-empty string with valid characters.
Callbacks
@callback configure_access(access_config(), operation_opts()) :: configure_result()
Configure access information for Consul.
Sets up the connection parameters that Vault will use to communicate with Consul and generate ACL tokens.
Parameters
config- Access configuration parametersopts- Operation options
Returns
:ok- Successfully configured access{:error, error}- Failed to configure access
Examples
config = %{
address: "127.0.0.1:8500",
scheme: "https",
token: "management-token"
}
:ok = MyConsul.configure_access(config, [])@callback create_role(role_name(), role_config(), operation_opts()) :: create_role_result()
Create or update a Consul role.
Configures a role that can be used to generate Consul ACL tokens. The role defines the policies, roles, and identities that will be attached to generated tokens.
Parameters
name- Role nameconfig- Role configuration parametersopts- Operation options
Returns
:ok- Successfully created/updated role{:error, error}- Failed to create/update role
Examples
config = %{
consul_policies: ["web-policy", "db-read-policy"],
ttl: "1h",
max_ttl: "24h"
}
:ok = MyConsul.create_role("web-service", config, [])@callback delete_role(role_name(), operation_opts()) :: delete_role_result()
Delete a Consul role.
Parameters
name- Role name to deleteopts- Operation options
Returns
:ok- Successfully deleted role{:error, error}- Failed to delete role
Examples
:ok = MyConsul.delete_role("old-role", [])@callback generate_credentials(role_name(), operation_opts()) :: generate_credentials_result()
Generate credentials for a Consul role.
Generates a dynamic Consul ACL token based on the given role definition.
Parameters
name- Role name to generate credentials foropts- Operation options
Returns
{:ok, credentials}- Successfully generated credentials{:error, error}- Failed to generate credentials
Examples
{:ok, creds} = MyConsul.generate_credentials("web-service", [])@callback list_roles(operation_opts()) :: list_roles_result()
List all configured Consul roles.
Parameters
opts- Operation options
Returns
{:ok, roles}- Successfully listed roles{:error, error}- Failed to list roles
Examples
{:ok, roles} = MyConsul.list_roles([])@callback read_role(role_name(), operation_opts()) :: read_role_result()
Read a Consul role configuration.
Parameters
name- Role name to readopts- Operation options
Returns
{:ok, config}- Successfully read role configuration{:error, error}- Failed to read role
Examples
{:ok, config} = MyConsul.read_role("web-service", [])