Rename resources to litellm_secret_* prefix
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful

Use the shorter, cleaner litellm_ resource prefix instead of
litellmvaultsecret_. The provider source stays git.unkin.net/unkin/
litellmvaultsecret; only the resource prefix (provider Metadata TypeName)
changes to litellm, declared under the local name litellm in
required_providers — the same pattern google-beta uses to ship google_*.

- Provider TypeName litellmvaultsecret -> litellm
- Resources: litellm_secret_backend, litellm_secret_backend_role
- Update examples (dirs + contents), README, and the e2e terraform config
This commit is contained in:
2026-07-03 12:29:39 +10:00
parent c43e1bf5d4
commit 4e57e2dba7
5 changed files with 27 additions and 20 deletions
+13 -9
View File
@@ -13,21 +13,25 @@ config, and the roles that scope generated virtual keys — for use from
```hcl ```hcl
terraform { terraform {
required_providers { required_providers {
litellmvaultsecret = { litellm = {
source = "git.unkin.net/unkin/litellmvaultsecret" source = "git.unkin.net/unkin/litellmvaultsecret"
} }
} }
} }
provider "litellmvaultsecret" { provider "litellm" {
address = "https://vault.example.com" # or VAULT_ADDR address = "https://vault.example.com" # or VAULT_ADDR
token = var.vault_token # or VAULT_TOKEN token = var.vault_token # or VAULT_TOKEN
} }
``` ```
> The provider's source is `git.unkin.net/unkin/litellmvaultsecret`, but its
> resources are prefixed `litellm_`. Declare it under the local name `litellm`
> (as above), the same way `google-beta` ships `google_*` resources.
## Resources ## Resources
### `litellmvaultsecret_secret_backend` ### `litellm_secret_backend`
Mounts the engine and writes its connection config. Mounts the engine and writes its connection config.
@@ -40,7 +44,7 @@ Mounts the engine and writes its connection config.
| `description` | no | Mount description. | | `description` | no | Mount description. |
| `request_timeout_seconds` | no | Plugin→LiteLLM HTTP timeout (default 30). | | `request_timeout_seconds` | no | Plugin→LiteLLM HTTP timeout (default 30). |
### `litellmvaultsecret_secret_backend_role` ### `litellm_secret_backend_role`
Manages a role that constrains generated keys. Manages a role that constrains generated keys.
@@ -58,14 +62,14 @@ Manages a role that constrains generated keys.
## Example ## Example
```hcl ```hcl
resource "litellmvaultsecret_secret_backend" "litellm" { resource "litellm_secret_backend" "litellm" {
path = "litellm" path = "litellm"
base_url = "http://litellm.litellm.svc:4000" base_url = "http://litellm.litellm.svc:4000"
master_key = var.litellm_master_key master_key = var.litellm_master_key
} }
resource "litellmvaultsecret_secret_backend_role" "team_a" { resource "litellm_secret_backend_role" "team_a" {
backend = litellmvaultsecret_secret_backend.litellm.path backend = litellm_secret_backend.litellm.path
name = "team-a" name = "team-a"
models = ["gpt-3.5-turbo", "gpt-4"] models = ["gpt-3.5-turbo", "gpt-4"]
max_budget = 50 max_budget = 50
@@ -80,8 +84,8 @@ budgeted, lease-bound virtual key.
## Import ## Import
```sh ```sh
terraform import litellmvaultsecret_secret_backend.litellm litellm terraform import litellm_secret_backend.litellm litellm
terraform import litellmvaultsecret_secret_backend_role.team_a litellm/roles/team-a terraform import litellm_secret_backend_role.team_a litellm/roles/team-a
``` ```
## Development ## Development
@@ -1,17 +1,17 @@
terraform { terraform {
required_providers { required_providers {
litellmvaultsecret = { litellm = {
source = "git.unkin.net/unkin/litellmvaultsecret" source = "git.unkin.net/unkin/litellmvaultsecret"
} }
} }
} }
provider "litellmvaultsecret" { provider "litellm" {
# address and token fall back to VAULT_ADDR / VAULT_TOKEN # address and token fall back to VAULT_ADDR / VAULT_TOKEN
address = "https://vault.example.com" address = "https://vault.example.com"
} }
resource "litellmvaultsecret_secret_backend" "litellm" { resource "litellm_secret_backend" "litellm" {
path = "litellm" path = "litellm"
description = "LiteLLM dynamic virtual keys" description = "LiteLLM dynamic virtual keys"
base_url = "http://litellm.litellm.svc:4000" base_url = "http://litellm.litellm.svc:4000"
@@ -1,5 +1,5 @@
resource "litellmvaultsecret_secret_backend_role" "team_a" { resource "litellm_secret_backend_role" "team_a" {
backend = litellmvaultsecret_secret_backend.litellm.path backend = litellm_secret_backend.litellm.path
name = "team-a" name = "team-a"
models = ["gpt-3.5-turbo", "gpt-4"] models = ["gpt-3.5-turbo", "gpt-4"]
+4 -1
View File
@@ -29,7 +29,10 @@ func New(version string) func() provider.Provider {
} }
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) { func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
resp.TypeName = "litellmvaultsecret" // The provider's source address is git.unkin.net/unkin/litellmvaultsecret,
// but its resources are prefixed "litellm_" (declare it in required_providers
// under the local name "litellm"), mirroring how google-beta ships google_*.
resp.TypeName = "litellm"
resp.Version = p.version resp.Version = p.version
} }
+5 -5
View File
@@ -1,17 +1,17 @@
terraform { terraform {
required_providers { required_providers {
litellmvaultsecret = { litellm = {
source = "git.unkin.net/unkin/litellmvaultsecret" source = "git.unkin.net/unkin/litellmvaultsecret"
} }
} }
} }
provider "litellmvaultsecret" { provider "litellm" {
address = "http://127.0.0.1:8200" address = "http://127.0.0.1:8200"
token = "root" token = "root"
} }
resource "litellmvaultsecret_secret_backend" "litellm" { resource "litellm_secret_backend" "litellm" {
path = "litellm" path = "litellm"
description = "LiteLLM dynamic virtual keys (e2e)" description = "LiteLLM dynamic virtual keys (e2e)"
# Reachable from inside the vault container, where the plugin runs. # Reachable from inside the vault container, where the plugin runs.
@@ -19,8 +19,8 @@ resource "litellmvaultsecret_secret_backend" "litellm" {
master_key = "sk-master-e2e-1234" master_key = "sk-master-e2e-1234"
} }
resource "litellmvaultsecret_secret_backend_role" "team_a" { resource "litellm_secret_backend_role" "team_a" {
backend = litellmvaultsecret_secret_backend.litellm.path backend = litellm_secret_backend.litellm.path
name = "team-a" name = "team-a"
models = ["gpt-3.5-turbo"] models = ["gpt-3.5-turbo"]
max_budget = 10 max_budget = 10