Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| db3d4c3956 | |||
| 59448a5bd2 | |||
| 1c58360d3c | |||
| 4e57e2dba7 |
@@ -6,3 +6,13 @@ steps:
|
|||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
commands:
|
commands:
|
||||||
- make build
|
- make build
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
serviceAccountName: default
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 512Mi
|
||||||
|
cpu: 1
|
||||||
|
limits:
|
||||||
|
memory: 2Gi
|
||||||
|
cpu: 2
|
||||||
|
|||||||
@@ -0,0 +1,40 @@
|
|||||||
|
when:
|
||||||
|
- event: tag
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: package
|
||||||
|
image: git.unkin.net/unkin/almalinux9-gobuilder:20260606
|
||||||
|
commands:
|
||||||
|
- make package VERSION=${CI_COMMIT_TAG}
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
serviceAccountName: default
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 512Mi
|
||||||
|
cpu: 1
|
||||||
|
limits:
|
||||||
|
memory: 2Gi
|
||||||
|
cpu: 2
|
||||||
|
|
||||||
|
- name: upload
|
||||||
|
image: git.unkin.net/unkin/almalinux9-base:20260606
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
VERSION=$$(echo ${CI_COMMIT_TAG} | sed 's/^v//')
|
||||||
|
FILE="terraform-provider-litellmvaultsecret_$${VERSION}_linux_amd64.zip"
|
||||||
|
curl -f -X PUT \
|
||||||
|
"https://artifactapi.k8s.syd1.au.unkin.net/api/v2/remotes/terraform-unkin/files/unkin/litellmvaultsecret/$${FILE}" \
|
||||||
|
-H "Content-Type: application/zip" \
|
||||||
|
--data-binary @"$${FILE}"
|
||||||
|
depends_on: [package]
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
serviceAccountName: default
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 128Mi
|
||||||
|
cpu: 100m
|
||||||
|
limits:
|
||||||
|
memory: 512Mi
|
||||||
|
cpu: 500m
|
||||||
@@ -6,8 +6,28 @@ steps:
|
|||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
commands:
|
commands:
|
||||||
- make lint
|
- make lint
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
serviceAccountName: default
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 512Mi
|
||||||
|
cpu: 1
|
||||||
|
limits:
|
||||||
|
memory: 2Gi
|
||||||
|
cpu: 2
|
||||||
|
|
||||||
- name: test
|
- name: test
|
||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
commands:
|
commands:
|
||||||
- make test
|
- make test
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
serviceAccountName: default
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 512Mi
|
||||||
|
cpu: 1
|
||||||
|
limits:
|
||||||
|
memory: 2Gi
|
||||||
|
cpu: 2
|
||||||
|
|||||||
@@ -13,21 +13,25 @@ config, and the roles that scope generated virtual keys — for use from
|
|||||||
```hcl
|
```hcl
|
||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
litellmvaultsecret = {
|
litellm = {
|
||||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "litellmvaultsecret" {
|
provider "litellm" {
|
||||||
address = "https://vault.example.com" # or VAULT_ADDR
|
address = "https://vault.example.com" # or VAULT_ADDR
|
||||||
token = var.vault_token # or VAULT_TOKEN
|
token = var.vault_token # or VAULT_TOKEN
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> The provider's source is `git.unkin.net/unkin/litellmvaultsecret`, but its
|
||||||
|
> resources are prefixed `litellm_`. Declare it under the local name `litellm`
|
||||||
|
> (as above), the same way `google-beta` ships `google_*` resources.
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
### `litellmvaultsecret_secret_backend`
|
### `litellm_secret_backend`
|
||||||
|
|
||||||
Mounts the engine and writes its connection config.
|
Mounts the engine and writes its connection config.
|
||||||
|
|
||||||
@@ -40,7 +44,7 @@ Mounts the engine and writes its connection config.
|
|||||||
| `description` | no | Mount description. |
|
| `description` | no | Mount description. |
|
||||||
| `request_timeout_seconds` | no | Plugin→LiteLLM HTTP timeout (default 30). |
|
| `request_timeout_seconds` | no | Plugin→LiteLLM HTTP timeout (default 30). |
|
||||||
|
|
||||||
### `litellmvaultsecret_secret_backend_role`
|
### `litellm_secret_backend_role`
|
||||||
|
|
||||||
Manages a role that constrains generated keys.
|
Manages a role that constrains generated keys.
|
||||||
|
|
||||||
@@ -58,14 +62,14 @@ Manages a role that constrains generated keys.
|
|||||||
## Example
|
## Example
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
resource "litellm_secret_backend" "litellm" {
|
||||||
path = "litellm"
|
path = "litellm"
|
||||||
base_url = "http://litellm.litellm.svc:4000"
|
base_url = "http://litellm.litellm.svc:4000"
|
||||||
master_key = var.litellm_master_key
|
master_key = var.litellm_master_key
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
resource "litellm_secret_backend_role" "team_a" {
|
||||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
backend = litellm_secret_backend.litellm.path
|
||||||
name = "team-a"
|
name = "team-a"
|
||||||
models = ["gpt-3.5-turbo", "gpt-4"]
|
models = ["gpt-3.5-turbo", "gpt-4"]
|
||||||
max_budget = 50
|
max_budget = 50
|
||||||
@@ -80,8 +84,8 @@ budgeted, lease-bound virtual key.
|
|||||||
## Import
|
## Import
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
terraform import litellmvaultsecret_secret_backend.litellm litellm
|
terraform import litellm_secret_backend.litellm litellm
|
||||||
terraform import litellmvaultsecret_secret_backend_role.team_a litellm/roles/team-a
|
terraform import litellm_secret_backend_role.team_a litellm/roles/team-a
|
||||||
```
|
```
|
||||||
|
|
||||||
## Development
|
## Development
|
||||||
|
|||||||
+3
-3
@@ -1,17 +1,17 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
litellmvaultsecret = {
|
litellm = {
|
||||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "litellmvaultsecret" {
|
provider "litellm" {
|
||||||
# address and token fall back to VAULT_ADDR / VAULT_TOKEN
|
# address and token fall back to VAULT_ADDR / VAULT_TOKEN
|
||||||
address = "https://vault.example.com"
|
address = "https://vault.example.com"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
resource "litellm_secret_backend" "litellm" {
|
||||||
path = "litellm"
|
path = "litellm"
|
||||||
description = "LiteLLM dynamic virtual keys"
|
description = "LiteLLM dynamic virtual keys"
|
||||||
base_url = "http://litellm.litellm.svc:4000"
|
base_url = "http://litellm.litellm.svc:4000"
|
||||||
+2
-2
@@ -1,5 +1,5 @@
|
|||||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
resource "litellm_secret_backend_role" "team_a" {
|
||||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
backend = litellm_secret_backend.litellm.path
|
||||||
name = "team-a"
|
name = "team-a"
|
||||||
|
|
||||||
models = ["gpt-3.5-turbo", "gpt-4"]
|
models = ["gpt-3.5-turbo", "gpt-4"]
|
||||||
@@ -29,7 +29,10 @@ func New(version string) func() provider.Provider {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
|
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
|
||||||
resp.TypeName = "litellmvaultsecret"
|
// The provider's source address is git.unkin.net/unkin/litellmvaultsecret,
|
||||||
|
// but its resources are prefixed "litellm_" (declare it in required_providers
|
||||||
|
// under the local name "litellm"), mirroring how google-beta ships google_*.
|
||||||
|
resp.TypeName = "litellm"
|
||||||
resp.Version = p.version
|
resp.Version = p.version
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+5
-5
@@ -1,17 +1,17 @@
|
|||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
litellmvaultsecret = {
|
litellm = {
|
||||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "litellmvaultsecret" {
|
provider "litellm" {
|
||||||
address = "http://127.0.0.1:8200"
|
address = "http://127.0.0.1:8200"
|
||||||
token = "root"
|
token = "root"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
resource "litellm_secret_backend" "litellm" {
|
||||||
path = "litellm"
|
path = "litellm"
|
||||||
description = "LiteLLM dynamic virtual keys (e2e)"
|
description = "LiteLLM dynamic virtual keys (e2e)"
|
||||||
# Reachable from inside the vault container, where the plugin runs.
|
# Reachable from inside the vault container, where the plugin runs.
|
||||||
@@ -19,8 +19,8 @@ resource "litellmvaultsecret_secret_backend" "litellm" {
|
|||||||
master_key = "sk-master-e2e-1234"
|
master_key = "sk-master-e2e-1234"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
resource "litellm_secret_backend_role" "team_a" {
|
||||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
backend = litellm_secret_backend.litellm.path
|
||||||
name = "team-a"
|
name = "team-a"
|
||||||
models = ["gpt-3.5-turbo"]
|
models = ["gpt-3.5-turbo"]
|
||||||
max_budget = 10
|
max_budget = 10
|
||||||
|
|||||||
Reference in New Issue
Block a user