Commit Graph

8 Commits

Author SHA1 Message Date
benvin 30cb219d18 Merge pull request 'Add terraform-provider-litellmvaultsecret implementation' (#1) from benvin/initial-implementation into main
ci/woodpecker/tag/release Pipeline was successful
Reviewed-on: #1
v0.1.0
2026-07-03 14:18:57 +10:00
unkinben db3d4c3956 Set kubernetes backend options on all woodpecker steps
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
Give every CI step explicit resource requests/limits and the default service
account (matching the pre-commit step), so the k8s woodpecker backend schedules
them with bounded resources.

- build/test/lint/package steps: 512Mi/1cpu requests, 2Gi/2cpu limits
- upload step: lighter 128Mi/100m requests, 512Mi/500m limits
2026-07-03 13:13:00 +10:00
unkinben 59448a5bd2 Use reachable artifactapi host in release upload
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
Point the on-tag upload at artifactapi.k8s.syd1.au.unkin.net instead of the
unresolvable artifactapi3 name, matching the host used elsewhere (rpmbuilder,
terragrunt env).
2026-07-03 13:06:32 +10:00
unkinben 1c58360d3c Add on-tag release pipeline to upload the provider to artifactapi
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
Publish the provider so it can be consumed from terraform-vault: on a tag,
package the linux_amd64 build into a versioned zip and PUT it to the artifactapi
terraform registry, mirroring terraform-provider-artifactapi's release flow.

- Add .woodpecker/release.yml (event: tag) running make package + curl upload to
  remotes/terraform-unkin/files/unkin/litellmvaultsecret/
2026-07-03 12:34:52 +10:00
unkinben 4e57e2dba7 Rename resources to litellm_secret_* prefix
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
Use the shorter, cleaner litellm_ resource prefix instead of
litellmvaultsecret_. The provider source stays git.unkin.net/unkin/
litellmvaultsecret; only the resource prefix (provider Metadata TypeName)
changes to litellm, declared under the local name litellm in
required_providers — the same pattern google-beta uses to ship google_*.

- Provider TypeName litellmvaultsecret -> litellm
- Resources: litellm_secret_backend, litellm_secret_backend_role
- Update examples (dirs + contents), README, and the e2e terraform config
2026-07-03 12:29:39 +10:00
unkinben c43e1bf5d4 Base on repository initial commit 2026-07-02 23:23:13 +10:00
unkinben 8ca6c39c66 Add terraform-provider-litellmvaultsecret implementation
Populate the repo with the Terraform/OpenTofu provider that manages the LiteLLM
dynamic secrets engine on Vault/OpenBao via the Vault API.

- Provider (VAULT_ADDR/VAULT_TOKEN) with resources litellmvaultsecret_secret_backend
  (mount + config) and litellmvaultsecret_secret_backend_role (models, max_budget,
  ttl/max_ttl in seconds, metadata)
- Unit tests against a mock Vault API
- End-to-end test: builds the sibling plugin, boots Vault + LiteLLM + Postgres,
  and runs a real terraform apply/destroy asserting key generation works
- Makefile, woodpecker CI (build/test/pre-commit), examples, README
2026-07-02 23:23:13 +10:00
gitadmin 177133be8b Initial commit 2026-07-02 23:18:01 +10:00