Files
unkinben 4e57e2dba7
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
Rename resources to litellm_secret_* prefix
Use the shorter, cleaner litellm_ resource prefix instead of
litellmvaultsecret_. The provider source stays git.unkin.net/unkin/
litellmvaultsecret; only the resource prefix (provider Metadata TypeName)
changes to litellm, declared under the local name litellm in
required_providers — the same pattern google-beta uses to ship google_*.

- Provider TypeName litellmvaultsecret -> litellm
- Resources: litellm_secret_backend, litellm_secret_backend_role
- Update examples (dirs + contents), README, and the e2e terraform config
2026-07-03 12:29:39 +10:00

101 lines
3.0 KiB
Go

package provider
import (
"context"
"os"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/provider"
"github.com/hashicorp/terraform-plugin-framework/provider/schema"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/types"
)
var _ provider.Provider = &litellmProvider{}
type litellmProvider struct {
version string
}
type litellmProviderModel struct {
Address types.String `tfsdk:"address"`
Token types.String `tfsdk:"token"`
}
func New(version string) func() provider.Provider {
return func() provider.Provider {
return &litellmProvider{version: version}
}
}
func (p *litellmProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
// The provider's source address is git.unkin.net/unkin/litellmvaultsecret,
// but its resources are prefixed "litellm_" (declare it in required_providers
// under the local name "litellm"), mirroring how google-beta ships google_*.
resp.TypeName = "litellm"
resp.Version = p.version
}
func (p *litellmProvider) Schema(_ context.Context, _ provider.SchemaRequest, resp *provider.SchemaResponse) {
resp.Schema = schema.Schema{
Description: "Manage the LiteLLM dynamic secrets engine (config and roles) on HashiCorp Vault or OpenBao.",
Attributes: map[string]schema.Attribute{
"address": schema.StringAttribute{
Description: "Address of the Vault/OpenBao server. Falls back to the VAULT_ADDR environment variable.",
Optional: true,
},
"token": schema.StringAttribute{
Description: "Token used to authenticate to Vault/OpenBao. Falls back to the VAULT_TOKEN environment variable.",
Optional: true,
Sensitive: true,
},
},
}
}
func (p *litellmProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) {
var config litellmProviderModel
resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
if resp.Diagnostics.HasError() {
return
}
address := os.Getenv("VAULT_ADDR")
if !config.Address.IsNull() && config.Address.ValueString() != "" {
address = config.Address.ValueString()
}
token := os.Getenv("VAULT_TOKEN")
if !config.Token.IsNull() && config.Token.ValueString() != "" {
token = config.Token.ValueString()
}
if address == "" {
resp.Diagnostics.AddError(
"missing Vault address",
"Set the provider \"address\" attribute or the VAULT_ADDR environment variable.",
)
return
}
client, err := newVaultClient(address, token)
if err != nil {
resp.Diagnostics.AddError("failed to create Vault client", err.Error())
return
}
resp.DataSourceData = client
resp.ResourceData = client
}
func (p *litellmProvider) Resources(_ context.Context) []func() resource.Resource {
return []func() resource.Resource{
NewSecretBackendResource,
NewSecretBackendRoleResource,
}
}
func (p *litellmProvider) DataSources(_ context.Context) []func() datasource.DataSource {
return nil
}