Vaultx.Transport.HTTP (Vaultx v0.7.0)

View Source

High-performance HTTP transport for HashiCorp Vault communication.

This module provides the core HTTP transport layer for Vaultx, implementing enterprise-grade features including connection pooling, automatic retries, comprehensive security, and detailed observability. It's optimized for production workloads with Vault clusters.

Enterprise Features

  • High Performance: Built on Req and Finch for maximum throughput
  • Connection Pooling: Efficient connection reuse and lifecycle management
  • Intelligent Retries: Exponential backoff with jitter for resilience
  • Security First: SSL/TLS validation, secure header management
  • Full Observability: Telemetry, structured logging, and metrics
  • Error Recovery: Detailed error classification and recovery strategies

Configuration

Configure through the main Vaultx configuration:

config :vaultx,
  url: "https://vault.example.com:8200",
  timeout: 30_000,
  retry_attempts: 3,
  retry_delay: 1_000,
  ssl_verify: true,
  pool_size: 10

Usage Examples

# Simple GET request
{:ok, response} = Vaultx.Transport.HTTP.get("sys/health")

# POST with authentication
{:ok, response} = Vaultx.Transport.HTTP.post("auth/approle/login", %{
  role_id: "app-role-id",
  secret_id: "secret-id"
})

# Advanced request with custom options
{:ok, response} = Vaultx.Transport.HTTP.request(:get, "secret/data/app", nil, [], [
  timeout: 60_000,
  retry_attempts: 5,
  token: "vault-token"
])

API Compliance

Fully implements HashiCorp Vault HTTP API requirements:

Summary

Functions

delete(path, opts \\ [])

Performs a DELETE request to the specified path.

get(path, opts \\ [])

Performs a GET request to the specified path.

patch(path, body, opts \\ [])

Performs a PATCH request with the specified data.

post(path, body, opts \\ [])

Performs a POST request with the specified data.

put(path, body, opts \\ [])

Performs a PUT request with the specified data.

request(method, path, body, headers, opts)

Performs an HTTP request with full control over method, path, body, headers, and options.

stream_request(method, path, query_params \\ [], headers \\ [], opts \\ [])

Performs a streaming HTTP request to the Vault API.

Functions

delete(path, opts \\ [])

@spec delete(String.t(), Vaultx.Types.options()) :: Vaultx.Types.http_result()

Performs a DELETE request to the specified path.

Examples

iex> Vaultx.Transport.HTTP.delete("secret/data/test")
{:ok, %{status: 204, body: nil}}

get(path, opts \\ [])

@spec get(String.t(), Vaultx.Types.options()) :: Vaultx.Types.http_result()

Performs a GET request to the specified path.

Examples

iex> Vaultx.Transport.HTTP.get("sys/health")
{:ok, %{status: 200, body: %{"initialized" => true}}}

patch(path, body, opts \\ [])

@spec patch(String.t(), Vaultx.Types.body(), Vaultx.Types.options()) ::
  Vaultx.Types.http_result()

Performs a PATCH request with the specified data.

Examples

iex> Vaultx.Transport.HTTP.patch("secret/data/test", %{data: %{key: "new_value"}})
{:ok, %{status: 200, body: %{}}}

post(path, body, opts \\ [])

@spec post(String.t(), Vaultx.Types.body(), Vaultx.Types.options()) ::
  Vaultx.Types.http_result()

Performs a POST request with the specified data.

Examples

iex> Vaultx.Transport.HTTP.post("auth/approle/login", %{role_id: "...", secret_id: "..."})
{:ok, %{status: 200, body: %{"auth" => %{"client_token" => "..."}}}}

put(path, body, opts \\ [])

@spec put(String.t(), Vaultx.Types.body(), Vaultx.Types.options()) ::
  Vaultx.Types.http_result()

Performs a PUT request with the specified data.

Examples

iex> Vaultx.Transport.HTTP.put("secret/data/test", %{data: %{key: "value"}})
{:ok, %{status: 200, body: %{}}}

request(method, path, body, headers, opts)

@spec request(
  Vaultx.Types.http_method(),
  String.t(),
  Vaultx.Types.body(),
  Vaultx.Types.headers(),
  Vaultx.Types.options()
) :: Vaultx.Types.http_result()

Performs an HTTP request with full control over method, path, body, headers, and options.

Options

  • :timeout - Request timeout in milliseconds
  • :retry_attempts - Number of retry attempts
  • :retry_delay - Base delay between retries in milliseconds
  • :headers - Additional headers to include
  • :token - Vault token to use for authentication

Examples

iex> Vaultx.Transport.HTTP.request(:get, "secret/data/test", nil, [], timeout: 60_000)
{:ok, %{status: 200, body: %{"data" => %{"data" => %{"key" => "value"}}}}}

stream_request(method, path, query_params \\ [], headers \\ [], opts \\ [])

@spec stream_request(
  Vaultx.Types.http_method(),
  String.t(),
  [{String.t(), String.t()}],
  Vaultx.Types.headers(),
  Vaultx.Types.options()
) :: {:ok, Enumerable.t()} | {:error, Vaultx.Base.Error.t()}

Performs a streaming HTTP request to the Vault API.

This function creates a stream for long-running requests like log monitoring. It returns a stream that yields chunks of data as they arrive.

Parameters

  • method - HTTP method (:get, :post, etc.)
  • path - API path relative to /v1/
  • query_params - Query parameters as list of tuples
  • headers - Additional headers
  • opts - Request options

Returns

Returns {:ok, Enumerable.t()} on success or {:error, Error.t()} on failure.

Examples

{:ok, stream} = HTTP.stream_request(:get, "sys/monitor", [{"log_level", "info"}], [], [])

stream
|> Stream.each(&IO.puts/1)
|> Stream.run()