2 Commits

Author SHA1 Message Date
unkinben ecee4b4432 fix: grant vault deployer access to manage the litellm engine
Applying the litellm mount failed with 403 permission denied on
PUT litellm/config: the deployer identity (tf_vault approle /
woodpecker_terraform_vault k8s role) could enable the mount via
sys/mounts/admin but had no policy covering the engine's own data paths.

Add a litellm/admin policy granting create/read/update/delete on
litellm/config and litellm/roles/*, assigned to the same auth roles as the
other secret-engine admin policies.
2026-07-07 00:23:20 +10:00
unkinben 9e2c21131f feat: manage litellm secrets engine via terraform-provider-litellmvaultsecret
ci/woodpecker/pr/plan Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
The vault-plugin-secrets-litellm engine mints LiteLLM virtual keys and is
now registered in Vault, but nothing declared its mount/config or roles in
this repo. Wire in the companion litellm provider so the mount is managed
as code alongside the other secret backends.

- Add litellm_secret_backend module: mounts the engine and writes its
  config (base_url, request_timeout_seconds); reads master_key from KV
- Add litellm_secret_backend_role module: manages roles (models,
  max_budget, key_alias_prefix, ttl/max_ttl seconds, metadata)
- Register both modules in vault_cluster main.tf and variables.tf
- Discover litellm_secret_backend[_role] YAML in config.hcl and pass them
  through terragrunt inputs
- Declare the litellm provider (litellmvaultsecret) and
  a provider block in the generated root backend.tf
- Add example config for the litellm mount and a sample role
2026-07-07 00:15:07 +10:00
18 changed files with 1 additions and 205 deletions
@@ -1,9 +0,0 @@
token_ttl: 120
token_max_ttl: 120
bind_secret_id: false
token_bound_cidrs:
- "10.10.12.200/32"
- "198.18.25.102/32"
- "198.18.26.91/32"
- "198.18.27.40/32"
use_deterministic_role_id: true
@@ -1,7 +0,0 @@
bound_service_account_names:
- terraform-rancher
bound_service_account_namespaces:
- woodpecker
token_ttl: 600
token_max_ttl: 600
audience: https://kubernetes.default.svc.cluster.local
-7
View File
@@ -198,12 +198,5 @@ locals {
})
if startswith(file_path, "litellm_secret_backend_role/")
}
plugins = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => merge(content, {
name = trimsuffix(basename(file_path), ".yaml")
})
if startswith(file_path, "plugins/")
}
}
}
@@ -1,5 +0,0 @@
consul_roles:
- terraform-rancher
ttl: 120
max_ttl: 300
datacenters: []
+1 -1
View File
@@ -2,5 +2,5 @@
# The master key is sensitive and read from KV, not stored here:
# kv/service/vault/au/syd1/secret_backend/litellm -> key "master_key"
description: "LiteLLM dynamic virtual keys"
base_url: "https://litellm.k8s.syd1.au.unkin.net"
base_url: "http://litellm.litellm.svc:4000"
request_timeout_seconds: 30
@@ -1,9 +0,0 @@
---
models:
- claude-opus-4-7
max_budget: 5
ttl: 3600 # seconds (1h)
max_ttl: 86400 # seconds (24h)
metadata:
team: testuser
env: prod
@@ -1,10 +0,0 @@
# config/plugins/vault-plugin-secrets-gpg.yaml
# Imports (registers) the gpg secrets plugin in the catalog. Filename = catalog
# name = mount type. The binary is installed on the OpenBao nodes by Puppet
# (openbao-plugin-secrets-gpg RPM -> /opt/openbao-plugins/vault-plugin-secrets-gpg).
#
# sha256 pins the released v0.1.0 binary; bump it in lockstep with any RPM
# upgrade or OpenBao will refuse to launch the plugin.
type: secret
command: vault-plugin-secrets-gpg
sha256: "0e92d7408795688badb55789bc1604e8f1dd4d71998656c7f831991fce9a7b20"
@@ -1,13 +0,0 @@
# config/plugins/vault-plugin-secrets-litellm.yaml
# Imports (registers) the litellm secrets plugin in the catalog. This plugin was
# registered manually before terraform managed the catalog, so its state must be
# imported before the first apply (see the PR description) — otherwise apply
# tries to create an entry that already exists.
#
# sha256 is the released v0.1.1 openbao binary
# (openbao-plugin-secrets-litellm RPM -> /opt/openbao-plugins/vault-plugin-secrets-litellm),
# which Puppet installs floating. Verify against the live catalog during import
# (`bao read sys/plugins/catalog/secret/vault-plugin-secrets-litellm`).
type: secret
command: vault-plugin-secrets-litellm
sha256: "2263ebcb3498877a87ddcf31a9cbc6efca6b81702a5faecf7fe7e40200ca7a1f"
-1
View File
@@ -70,7 +70,6 @@ inputs = {
pki_mount_only = local.config.pki_mount_only
litellm_secret_backend = local.config.litellm_secret_backend
litellm_secret_backend_role = local.config.litellm_secret_backend_role
plugins = local.config.plugins
# Pass policy maps to vault_cluster module
policy_auth_map = local.policies.policy_auth_map
-12
View File
@@ -334,18 +334,6 @@ module "litellm_secret_backend_role" {
depends_on = [module.litellm_secret_backend]
}
module "plugin" {
source = "./modules/plugin"
for_each = var.plugins
name = each.value.name
type = each.value.type
command = each.value.command
sha256 = each.value.sha256
plugin_version = each.value.version
}
module "vault_policy" {
source = "./modules/vault_policy"
@@ -1,12 +0,0 @@
# Registers ("imports") a plugin binary in the Vault/OpenBao plugin catalog so
# it can be mounted. The binary must already exist in the server
# plugin_directory (installed out of band, e.g. by Puppet); `command` is its
# filename there. The sha256 must match the on-disk binary or the server refuses
# to launch the plugin.
resource "vault_plugin" "this" {
type = var.type
name = var.name
command = coalesce(var.command, var.name)
sha256 = var.sha256
version = var.plugin_version
}
@@ -1,9 +0,0 @@
terraform {
required_version = ">= 1.10"
required_providers {
vault = {
source = "hashicorp/vault"
version = "5.6.0"
}
}
}
@@ -1,27 +0,0 @@
variable "name" {
description = "Name to register the plugin under in the catalog (also the mount type)"
type = string
}
variable "type" {
description = "Plugin type: secret, auth or database"
type = string
default = "secret"
}
variable "command" {
description = "Plugin binary filename relative to the server plugin_directory. Defaults to the plugin name."
type = string
default = null
}
variable "sha256" {
description = "SHA-256 of the installed plugin binary; must match the on-disk binary"
type = string
}
variable "plugin_version" {
description = "Optional plugin version to register the catalog entry under"
type = string
default = null
}
-12
View File
@@ -315,18 +315,6 @@ variable "litellm_secret_backend_role" {
default = {}
}
variable "plugins" {
description = "Map of plugins to import (register) in the catalog, keyed by catalog name"
type = map(object({
name = string
type = optional(string, "secret")
command = optional(string)
sha256 = string
version = optional(string)
}))
default = {}
}
variable "policy_auth_map" {
description = "Map of auth mounts -> auth roles -> policy names"
type = map(map(list(string)))
@@ -1,11 +0,0 @@
---
rules:
- path: "consul_root/au/syd1/creds/terraform-rancher"
capabilities:
- read
auth:
approle:
- terraform_rancher
k8s/au/syd1:
- woodpecker_terraform_rancher
-35
View File
@@ -1,35 +0,0 @@
# Allow the vault deployer to import the gpg plugin and manage its OpenPGP keys.
#
# terraform-vault registers the plugin itself (vault_plugin -> sys/plugins/catalog,
# a sudo-protected path) and manages keys via the gpgvaultsecret provider, so the
# deployer needs catalog access on top of the mount access it already has
# (sys/mounts/*). Without this, apply 403s on the plugin registration and on
# gpg/keys writes.
---
rules:
# Import / register (and deregister) the gpg plugin in the catalog.
- path: "sys/plugins/catalog/secret/vault-plugin-secrets-gpg"
capabilities:
- create
- read
- update
- delete
- sudo
# Manage keys (create/rotate/config/delete) in the gpg mount.
- path: "gpg/keys/*"
capabilities:
- create
- read
- update
- delete
- list
- path: "gpg/keys"
capabilities:
- read
- list
auth:
approle:
- tf_vault
k8s/au/syd1:
- woodpecker_terraform_vault
@@ -1,18 +0,0 @@
# Allow the Terraform Rancher runner to read:
# - its own Rancher admin API token (rancher2 provider auth), and
# - the OAuth2/OIDC client secret backing the Rancher keycloakoidc AuthConfig
# (same secret Authentik sets on the provider).
---
rules:
- path: "kv/data/service/terraform/rancher"
capabilities:
- read
- path: "kv/data/kubernetes/namespace/cattle-system/default/oauth-credentials"
capabilities:
- read
auth:
approle:
- terraform_rancher
k8s/au/syd1:
- woodpecker_terraform_rancher
@@ -1,7 +0,0 @@
key_prefix "infra/terraform/rancher/" {
policy = "write"
}
session_prefix "" {
policy = "write"
}