ab3b02a48e
Populate the repo with the Vault/OpenBao dynamic secrets engine that mints LiteLLM virtual keys scoped by model, spending limit, and lease TTL. - Secrets backend: config, roles, creds paths and a revocable litellm_key type - LiteLLM API client (generate/update/delete/info) with master-key auth - Unit tests (mock LiteLLM) and a docker-compose e2e against both Vault and OpenBao proving the same binary works on each - Makefile, woodpecker CI (build/test/pre-commit), pre-commit config
74 lines
2.2 KiB
Makefile
74 lines
2.2 KiB
Makefile
.PHONY: build install test lint fmt clean tidy e2e e2e-vault e2e-openbao e2e-up e2e-down patch minor major check-go
|
|
|
|
BINARY := vault-plugin-secrets-litellm
|
|
PKG := ./cmd/vault-plugin-secrets-litellm
|
|
VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo "0.0.0-dev")
|
|
OS ?= $(shell go env GOOS)
|
|
ARCH ?= $(shell go env GOARCH)
|
|
PLUGIN_DIR ?= ./dist
|
|
|
|
GO_VERSION_REQUIRED := 1.25
|
|
GO_VERSION_ACTUAL := $(shell go version | sed 's/go version go\([0-9]*\.[0-9]*\).*/\1/')
|
|
|
|
check-go:
|
|
@if [ "$$(printf '%s\n%s' "$(GO_VERSION_REQUIRED)" "$(GO_VERSION_ACTUAL)" | sort -V | head -1)" != "$(GO_VERSION_REQUIRED)" ]; then \
|
|
echo "ERROR: Go >= $(GO_VERSION_REQUIRED) required, found $(GO_VERSION_ACTUAL)"; exit 1; \
|
|
fi
|
|
|
|
build: check-go tidy
|
|
CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(PLUGIN_DIR)/$(BINARY) $(PKG)
|
|
|
|
install: build
|
|
@echo "Built $(PLUGIN_DIR)/$(BINARY) (register it with: vault plugin register -sha256=<sha> secret $(BINARY))"
|
|
|
|
test: check-go
|
|
go test -race -count=1 ./...
|
|
|
|
lint: check-go
|
|
go vet ./...
|
|
|
|
fmt: check-go
|
|
gofmt -w .
|
|
|
|
tidy:
|
|
go mod tidy
|
|
|
|
clean:
|
|
rm -rf $(PLUGIN_DIR)
|
|
|
|
# End-to-end tests spin up LiteLLM + Postgres and both Vault and OpenBao in
|
|
# Docker, then exercise the full lifecycle (configure, create role, generate,
|
|
# use, revoke) against each engine using the same plugin binary.
|
|
e2e:
|
|
./scripts/e2e.sh
|
|
|
|
e2e-vault:
|
|
ENGINES=vault ./scripts/e2e.sh
|
|
|
|
e2e-openbao:
|
|
ENGINES=openbao ./scripts/e2e.sh
|
|
|
|
e2e-up:
|
|
docker compose -f test/docker-compose.yml up -d --build
|
|
|
|
e2e-down:
|
|
docker compose -f test/docker-compose.yml down -v
|
|
|
|
_LATEST := $(shell git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$$' | head -1)
|
|
_BASE := $(if $(_LATEST),$(_LATEST),v0.0.0)
|
|
_MAJ := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f1)
|
|
_MIN := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f2)
|
|
_PAT := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f3)
|
|
|
|
patch:
|
|
@NEW=v$(_MAJ).$(_MIN).$(shell expr $(_PAT) + 1); \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|
|
|
|
minor:
|
|
@NEW=v$(_MAJ).$(shell expr $(_MIN) + 1).0; \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|
|
|
|
major:
|
|
@NEW=v$(shell expr $(_MAJ) + 1).0.0; \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|