8ca6c39c66
Populate the repo with the Terraform/OpenTofu provider that manages the LiteLLM dynamic secrets engine on Vault/OpenBao via the Vault API. - Provider (VAULT_ADDR/VAULT_TOKEN) with resources litellmvaultsecret_secret_backend (mount + config) and litellmvaultsecret_secret_backend_role (models, max_budget, ttl/max_ttl in seconds, metadata) - Unit tests against a mock Vault API - End-to-end test: builds the sibling plugin, boots Vault + LiteLLM + Postgres, and runs a real terraform apply/destroy asserting key generation works - Makefile, woodpecker CI (build/test/pre-commit), examples, README
98 lines
2.7 KiB
Go
98 lines
2.7 KiB
Go
package provider
|
|
|
|
import (
|
|
"context"
|
|
"os"
|
|
|
|
"github.com/hashicorp/terraform-plugin-framework/datasource"
|
|
"github.com/hashicorp/terraform-plugin-framework/provider"
|
|
"github.com/hashicorp/terraform-plugin-framework/provider/schema"
|
|
"github.com/hashicorp/terraform-plugin-framework/resource"
|
|
"github.com/hashicorp/terraform-plugin-framework/types"
|
|
)
|
|
|
|
var _ provider.Provider = &litellmProvider{}
|
|
|
|
type litellmProvider struct {
|
|
version string
|
|
}
|
|
|
|
type litellmProviderModel struct {
|
|
Address types.String `tfsdk:"address"`
|
|
Token types.String `tfsdk:"token"`
|
|
}
|
|
|
|
func New(version string) func() provider.Provider {
|
|
return func() provider.Provider {
|
|
return &litellmProvider{version: version}
|
|
}
|
|
}
|
|
|
|
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
|
|
resp.TypeName = "litellmvaultsecret"
|
|
resp.Version = p.version
|
|
}
|
|
|
|
func (p *litellmProvider) Schema(_ context.Context, _ provider.SchemaRequest, resp *provider.SchemaResponse) {
|
|
resp.Schema = schema.Schema{
|
|
Description: "Manage the LiteLLM dynamic secrets engine (config and roles) on HashiCorp Vault or OpenBao.",
|
|
Attributes: map[string]schema.Attribute{
|
|
"address": schema.StringAttribute{
|
|
Description: "Address of the Vault/OpenBao server. Falls back to the VAULT_ADDR environment variable.",
|
|
Optional: true,
|
|
},
|
|
"token": schema.StringAttribute{
|
|
Description: "Token used to authenticate to Vault/OpenBao. Falls back to the VAULT_TOKEN environment variable.",
|
|
Optional: true,
|
|
Sensitive: true,
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func (p *litellmProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) {
|
|
var config litellmProviderModel
|
|
resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
|
|
if resp.Diagnostics.HasError() {
|
|
return
|
|
}
|
|
|
|
address := os.Getenv("VAULT_ADDR")
|
|
if !config.Address.IsNull() && config.Address.ValueString() != "" {
|
|
address = config.Address.ValueString()
|
|
}
|
|
|
|
token := os.Getenv("VAULT_TOKEN")
|
|
if !config.Token.IsNull() && config.Token.ValueString() != "" {
|
|
token = config.Token.ValueString()
|
|
}
|
|
|
|
if address == "" {
|
|
resp.Diagnostics.AddError(
|
|
"missing Vault address",
|
|
"Set the provider \"address\" attribute or the VAULT_ADDR environment variable.",
|
|
)
|
|
return
|
|
}
|
|
|
|
client, err := newVaultClient(address, token)
|
|
if err != nil {
|
|
resp.Diagnostics.AddError("failed to create Vault client", err.Error())
|
|
return
|
|
}
|
|
|
|
resp.DataSourceData = client
|
|
resp.ResourceData = client
|
|
}
|
|
|
|
func (p *litellmProvider) Resources(_ context.Context) []func() resource.Resource {
|
|
return []func() resource.Resource{
|
|
NewSecretBackendResource,
|
|
NewSecretBackendRoleResource,
|
|
}
|
|
}
|
|
|
|
func (p *litellmProvider) DataSources(_ context.Context) []func() datasource.DataSource {
|
|
return nil
|
|
}
|