Add a plugin-import module + config/plugins for catalog registration (#89)
ci/woodpecker/push/apply Pipeline was canceled
ci/woodpecker/push/apply Pipeline was canceled
Split plugin catalog registration out of the per-engine backend modules into its own concern (previously bundled into #87's gpg_secret_backend). ## Changes - New generic `plugin` module (`vault_plugin`: type/name/command/sha256/plugin_version) that imports a binary into the catalog. - New `config/plugins/` discovery group (filename = catalog name = mount type), wired through `vault_cluster` (`plugins` variable + module) and the syd1 environment. - `config/plugins/vault-plugin-secrets-gpg.yaml` pins the released v0.1.0 binary sha256 (`0e92d740…a7b20`, from the published RPM). Puppet installs the RPM floating, so bump this in lockstep on upgrade. Any engine now registers its plugin by dropping a file in `config/plugins/`; its `*_secret_backend` module just mounts the registered type. Needs the deployer's plugin-catalog access (#88). Merge order: **#88 → this → #87**. Reviewed-on: #89 Co-authored-by: Ben Vincent <ben@unkin.net> Co-committed-by: Ben Vincent <ben@unkin.net>
This commit was merged in pull request #89.
This commit is contained in:
@@ -334,6 +334,18 @@ module "litellm_secret_backend_role" {
|
||||
depends_on = [module.litellm_secret_backend]
|
||||
}
|
||||
|
||||
module "plugin" {
|
||||
source = "./modules/plugin"
|
||||
|
||||
for_each = var.plugins
|
||||
|
||||
name = each.value.name
|
||||
type = each.value.type
|
||||
command = each.value.command
|
||||
sha256 = each.value.sha256
|
||||
plugin_version = each.value.version
|
||||
}
|
||||
|
||||
module "vault_policy" {
|
||||
source = "./modules/vault_policy"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user