Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| db3d4c3956 | |||
| 59448a5bd2 | |||
| 1c58360d3c | |||
| 4e57e2dba7 |
@@ -6,3 +6,13 @@ steps:
|
||||
image: golang:1.25
|
||||
commands:
|
||||
- make build
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
when:
|
||||
- event: tag
|
||||
|
||||
steps:
|
||||
- name: package
|
||||
image: git.unkin.net/unkin/almalinux9-gobuilder:20260606
|
||||
commands:
|
||||
- make package VERSION=${CI_COMMIT_TAG}
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
|
||||
- name: upload
|
||||
image: git.unkin.net/unkin/almalinux9-base:20260606
|
||||
commands:
|
||||
- |
|
||||
VERSION=$$(echo ${CI_COMMIT_TAG} | sed 's/^v//')
|
||||
FILE="terraform-provider-litellmvaultsecret_$${VERSION}_linux_amd64.zip"
|
||||
curl -f -X PUT \
|
||||
"https://artifactapi.k8s.syd1.au.unkin.net/api/v2/remotes/terraform-unkin/files/unkin/litellmvaultsecret/$${FILE}" \
|
||||
-H "Content-Type: application/zip" \
|
||||
--data-binary @"$${FILE}"
|
||||
depends_on: [package]
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 128Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 512Mi
|
||||
cpu: 500m
|
||||
@@ -6,8 +6,28 @@ steps:
|
||||
image: golang:1.25
|
||||
commands:
|
||||
- make lint
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
|
||||
- name: test
|
||||
image: golang:1.25
|
||||
commands:
|
||||
- make test
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
|
||||
@@ -13,21 +13,25 @@ config, and the roles that scope generated virtual keys — for use from
|
||||
```hcl
|
||||
terraform {
|
||||
required_providers {
|
||||
litellmvaultsecret = {
|
||||
litellm = {
|
||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "litellmvaultsecret" {
|
||||
provider "litellm" {
|
||||
address = "https://vault.example.com" # or VAULT_ADDR
|
||||
token = var.vault_token # or VAULT_TOKEN
|
||||
}
|
||||
```
|
||||
|
||||
> The provider's source is `git.unkin.net/unkin/litellmvaultsecret`, but its
|
||||
> resources are prefixed `litellm_`. Declare it under the local name `litellm`
|
||||
> (as above), the same way `google-beta` ships `google_*` resources.
|
||||
|
||||
## Resources
|
||||
|
||||
### `litellmvaultsecret_secret_backend`
|
||||
### `litellm_secret_backend`
|
||||
|
||||
Mounts the engine and writes its connection config.
|
||||
|
||||
@@ -40,7 +44,7 @@ Mounts the engine and writes its connection config.
|
||||
| `description` | no | Mount description. |
|
||||
| `request_timeout_seconds` | no | Plugin→LiteLLM HTTP timeout (default 30). |
|
||||
|
||||
### `litellmvaultsecret_secret_backend_role`
|
||||
### `litellm_secret_backend_role`
|
||||
|
||||
Manages a role that constrains generated keys.
|
||||
|
||||
@@ -58,14 +62,14 @@ Manages a role that constrains generated keys.
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
||||
resource "litellm_secret_backend" "litellm" {
|
||||
path = "litellm"
|
||||
base_url = "http://litellm.litellm.svc:4000"
|
||||
master_key = var.litellm_master_key
|
||||
}
|
||||
|
||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
||||
resource "litellm_secret_backend_role" "team_a" {
|
||||
backend = litellm_secret_backend.litellm.path
|
||||
name = "team-a"
|
||||
models = ["gpt-3.5-turbo", "gpt-4"]
|
||||
max_budget = 50
|
||||
@@ -80,8 +84,8 @@ budgeted, lease-bound virtual key.
|
||||
## Import
|
||||
|
||||
```sh
|
||||
terraform import litellmvaultsecret_secret_backend.litellm litellm
|
||||
terraform import litellmvaultsecret_secret_backend_role.team_a litellm/roles/team-a
|
||||
terraform import litellm_secret_backend.litellm litellm
|
||||
terraform import litellm_secret_backend_role.team_a litellm/roles/team-a
|
||||
```
|
||||
|
||||
## Development
|
||||
|
||||
+3
-3
@@ -1,17 +1,17 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
litellmvaultsecret = {
|
||||
litellm = {
|
||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "litellmvaultsecret" {
|
||||
provider "litellm" {
|
||||
# address and token fall back to VAULT_ADDR / VAULT_TOKEN
|
||||
address = "https://vault.example.com"
|
||||
}
|
||||
|
||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
||||
resource "litellm_secret_backend" "litellm" {
|
||||
path = "litellm"
|
||||
description = "LiteLLM dynamic virtual keys"
|
||||
base_url = "http://litellm.litellm.svc:4000"
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
||||
resource "litellm_secret_backend_role" "team_a" {
|
||||
backend = litellm_secret_backend.litellm.path
|
||||
name = "team-a"
|
||||
|
||||
models = ["gpt-3.5-turbo", "gpt-4"]
|
||||
@@ -29,7 +29,10 @@ func New(version string) func() provider.Provider {
|
||||
}
|
||||
|
||||
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
|
||||
resp.TypeName = "litellmvaultsecret"
|
||||
// The provider's source address is git.unkin.net/unkin/litellmvaultsecret,
|
||||
// but its resources are prefixed "litellm_" (declare it in required_providers
|
||||
// under the local name "litellm"), mirroring how google-beta ships google_*.
|
||||
resp.TypeName = "litellm"
|
||||
resp.Version = p.version
|
||||
}
|
||||
|
||||
|
||||
+5
-5
@@ -1,17 +1,17 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
litellmvaultsecret = {
|
||||
litellm = {
|
||||
source = "git.unkin.net/unkin/litellmvaultsecret"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "litellmvaultsecret" {
|
||||
provider "litellm" {
|
||||
address = "http://127.0.0.1:8200"
|
||||
token = "root"
|
||||
}
|
||||
|
||||
resource "litellmvaultsecret_secret_backend" "litellm" {
|
||||
resource "litellm_secret_backend" "litellm" {
|
||||
path = "litellm"
|
||||
description = "LiteLLM dynamic virtual keys (e2e)"
|
||||
# Reachable from inside the vault container, where the plugin runs.
|
||||
@@ -19,8 +19,8 @@ resource "litellmvaultsecret_secret_backend" "litellm" {
|
||||
master_key = "sk-master-e2e-1234"
|
||||
}
|
||||
|
||||
resource "litellmvaultsecret_secret_backend_role" "team_a" {
|
||||
backend = litellmvaultsecret_secret_backend.litellm.path
|
||||
resource "litellm_secret_backend_role" "team_a" {
|
||||
backend = litellm_secret_backend.litellm.path
|
||||
name = "team-a"
|
||||
models = ["gpt-3.5-turbo"]
|
||||
max_budget = 10
|
||||
|
||||
Reference in New Issue
Block a user