Vaultx.Secrets.Nomad.Behaviour behaviour (Vaultx v0.7.0)
View SourceBehaviour definition for HashiCorp Vault Nomad secrets engine operations.
This behaviour defines the interface that Nomad secrets engine implementations must provide, ensuring consistency and type safety across different implementations.
Core Operations
The Nomad secrets engine supports the following operations:
Configuration Operations
configure_access/2- Configure Nomad connection parametersread_access_config/1- Read Nomad access configurationconfigure_lease/2- Configure lease settings for generated tokensread_lease_config/1- Read lease configurationdelete_lease_config/1- Delete lease configuration
Role Management Operations
create_role/3- Create or update a Nomad roleread_role/2- Read a Nomad role configurationlist_roles/1- List all configured rolesdelete_role/2- Delete a Nomad role
Credential Operations
generate_credentials/2- Generate dynamic Nomad tokens
API Compliance
This behaviour ensures compliance with:
Summary
Types
Nomad access configuration parameters.
Result of a configuration operation.
Result of a role creation operation.
Generated Nomad credentials.
Result of a role delete operation.
Result of a credential generation operation.
Nomad lease configuration parameters.
Result of a role list operation.
Options for Nomad secrets engine operations.
Result of a read configuration operation.
Result of a role read operation.
Nomad role configuration parameters.
Nomad role name. Must be a non-empty string with valid characters.
Callbacks
Configure access information for Nomad.
Configure lease settings for generated tokens.
Create or update a Nomad role.
Delete lease configuration.
Delete a Nomad role.
Generate credentials for a Nomad role.
List all configured Nomad roles.
Read access configuration for Nomad.
Read lease configuration.
Read a Nomad role configuration.
Types
@type access_config() :: %{ :address => String.t(), optional(:token) => String.t(), optional(:max_token_name_length) => non_neg_integer(), optional(:ca_cert) => String.t(), optional(:client_cert) => String.t(), optional(:client_key) => String.t() }
Nomad access configuration parameters.
@type configure_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a configuration operation.
@type create_role_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a role creation operation.
Generated Nomad credentials.
@type delete_role_result() :: :ok | {:error, Vaultx.Base.Error.t()}
Result of a role delete operation.
@type generate_credentials_result() :: {:ok, credentials()} | {:error, Vaultx.Base.Error.t()}
Result of a credential generation operation.
Nomad lease configuration parameters.
@type list_roles_result() :: {:ok, [String.t()]} | {:error, Vaultx.Base.Error.t()}
Result of a role list operation.
@type operation_opts() :: [ mount_path: String.t(), timeout: pos_integer(), retry_attempts: non_neg_integer() ]
Options for Nomad secrets engine operations.
@type read_config_result() :: {:ok, map()} | {:error, Vaultx.Base.Error.t()}
Result of a read configuration operation.
@type read_role_result() :: {:ok, role_config()} | {:error, Vaultx.Base.Error.t()}
Result of a role read operation.
@type role_config() :: %{ optional(:policies) => String.t(), optional(:global) => boolean(), optional(:type) => String.t() }
Nomad role configuration parameters.
@type role_name() :: String.t()
Nomad role name. Must be a non-empty string with valid characters.
Callbacks
@callback configure_access(access_config(), operation_opts()) :: configure_result()
Configure access information for Nomad.
Sets up the connection parameters that Vault will use to communicate with Nomad and generate tokens.
Parameters
config- Access configuration parametersopts- Operation options
Returns
:ok- Successfully configured access{:error, error}- Failed to configure access
Examples
config = %{
address: "http://127.0.0.1:4646",
token: "management-token"
}
:ok = MyNomad.configure_access(config, [])@callback configure_lease(lease_config(), operation_opts()) :: configure_result()
Configure lease settings for generated tokens.
Parameters
config- Lease configuration parametersopts- Operation options
Returns
:ok- Successfully configured lease{:error, error}- Failed to configure lease
Examples
config = %{
ttl: "1h",
max_ttl: "24h"
}
:ok = MyNomad.configure_lease(config, [])@callback create_role(role_name(), role_config(), operation_opts()) :: create_role_result()
Create or update a Nomad role.
Configures a role that can be used to generate Nomad tokens. The role defines the policies and type of tokens that will be generated.
Parameters
name- Role nameconfig- Role configuration parametersopts- Operation options
Returns
:ok- Successfully created/updated role{:error, error}- Failed to create/update role
Examples
config = %{
policies: "readonly",
type: "client"
}
:ok = MyNomad.create_role("monitoring", config, [])@callback delete_lease_config(operation_opts()) :: configure_result()
Delete lease configuration.
Parameters
opts- Operation options
Returns
:ok- Successfully deleted lease configuration{:error, error}- Failed to delete lease configuration
Examples
:ok = MyNomad.delete_lease_config([])@callback delete_role(role_name(), operation_opts()) :: delete_role_result()
Delete a Nomad role.
Parameters
name- Role name to deleteopts- Operation options
Returns
:ok- Successfully deleted role{:error, error}- Failed to delete role
Examples
:ok = MyNomad.delete_role("old-role", [])@callback generate_credentials(role_name(), operation_opts()) :: generate_credentials_result()
Generate credentials for a Nomad role.
Generates a dynamic Nomad token based on the given role definition.
Parameters
name- Role name to generate credentials foropts- Operation options
Returns
{:ok, credentials}- Successfully generated credentials{:error, error}- Failed to generate credentials
Examples
{:ok, creds} = MyNomad.generate_credentials("monitoring", [])@callback list_roles(operation_opts()) :: list_roles_result()
List all configured Nomad roles.
Parameters
opts- Operation options
Returns
{:ok, roles}- Successfully listed roles{:error, error}- Failed to list roles
Examples
{:ok, roles} = MyNomad.list_roles([])@callback read_access_config(operation_opts()) :: read_config_result()
Read access configuration for Nomad.
Parameters
opts- Operation options
Returns
{:ok, config}- Successfully read access configuration{:error, error}- Failed to read access configuration
Examples
{:ok, config} = MyNomad.read_access_config([])@callback read_lease_config(operation_opts()) :: read_config_result()
Read lease configuration.
Parameters
opts- Operation options
Returns
{:ok, config}- Successfully read lease configuration{:error, error}- Failed to read lease configuration
Examples
{:ok, config} = MyNomad.read_lease_config([])@callback read_role(role_name(), operation_opts()) :: read_role_result()
Read a Nomad role configuration.
Parameters
name- Role name to readopts- Operation options
Returns
{:ok, config}- Successfully read role configuration{:error, error}- Failed to read role
Examples
{:ok, config} = MyNomad.read_role("monitoring", [])