Add a plugin-import module + config/plugins for catalog registration
Registering a plugin in the catalog is a distinct concern from mounting an engine, so give it its own module and config directory instead of folding sha256/command into each engine's backend module. - Add a generic 'plugin' module (vault_plugin: type/name/command/sha256/ plugin_version) that imports a binary into the catalog. - Add a config/plugins/ discovery group (filename = catalog name) and wire it through vault_cluster (plugins variable + module) and the syd1 environment. - Add config/plugins/vault-plugin-secrets-gpg.yaml pinning the released v0.1.0 binary sha256. Other engines can now register their plugin by dropping a file here; their *_secret_backend module just mounts the registered type.
This commit is contained in:
@@ -334,6 +334,18 @@ module "litellm_secret_backend_role" {
|
||||
depends_on = [module.litellm_secret_backend]
|
||||
}
|
||||
|
||||
module "plugin" {
|
||||
source = "./modules/plugin"
|
||||
|
||||
for_each = var.plugins
|
||||
|
||||
name = each.value.name
|
||||
type = each.value.type
|
||||
command = each.value.command
|
||||
sha256 = each.value.sha256
|
||||
plugin_version = each.value.version
|
||||
}
|
||||
|
||||
module "vault_policy" {
|
||||
source = "./modules/vault_policy"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user