ecee4b4432
Applying the litellm mount failed with 403 permission denied on PUT litellm/config: the deployer identity (tf_vault approle / woodpecker_terraform_vault k8s role) could enable the mount via sys/mounts/admin but had no policy covering the engine's own data paths. Add a litellm/admin policy granting create/read/update/delete on litellm/config and litellm/roles/*, assigned to the same auth roles as the other secret-engine admin policies.
27 lines
450 B
YAML
27 lines
450 B
YAML
# Allow management of the LiteLLM secrets engine (config and roles)
|
|
---
|
|
rules:
|
|
- path: "litellm/config"
|
|
capabilities:
|
|
- create
|
|
- update
|
|
- read
|
|
- delete
|
|
- path: "litellm/roles/*"
|
|
capabilities:
|
|
- create
|
|
- update
|
|
- delete
|
|
- read
|
|
- list
|
|
- path: "litellm/roles"
|
|
capabilities:
|
|
- read
|
|
- list
|
|
|
|
auth:
|
|
approle:
|
|
- tf_vault
|
|
k8s/au/syd1:
|
|
- woodpecker_terraform_vault
|