openaisecrets

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2025 License: MPL-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package openaisecrets implements a HashiCorp Vault secrets engine plugin for managing OpenAI API keys and credentials. The plugin provides dynamic credential generation, admin key rotation, and secure credential management for OpenAI services.

Index

Constants

View Source 
const (
	TestAPIKey         = "test-key"
	TestAdminAPIKeyID  = "test-admin-key-id"
	TestOrganizationID = "org-123"
	TestProjectID      = "proj_123"
	TestProjectID2     = "proj_456"
	TestProjectID3     = "proj_789"
	TestServiceAccName = "test-service-account"
	TestMountPoint     = "openai/"
	TestConfigPath     = "config"
)

Test constants to reduce duplication across test files

View Source 
const (
	// Default API endpoint for OpenAI
	DefaultAPIEndpoint = "https://api.openai.com/v1"
)

Variables

This section is empty.

Functions

func Backend 

func Backend(client ClientAPI) *backend

func Factory 

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

func SanitizeServiceAccountName 

func SanitizeServiceAccountName(name string) string

SanitizeServiceAccountName modifies a name to conform to service account naming best practices This ensures names will be compatible with the OpenAI API and follow standard conventions for cloud resource naming

func ValidateServiceAccountName 

func ValidateServiceAccountName(name string) error

ValidateServiceAccountName validates a service account name based on common API naming conventions and observed behavior with the OpenAI API. These constraints help ensure compatibility with OpenAI's platform requirements.

Types

type APIKey 

type APIKey struct {
	ID           string    `json:"id"`
	Value        string    `json:"value,omitempty"`
	Name         string    `json:"name"`
	ServiceAccID string    `json:"service_account_id"`
	CreatedAt    *UnixTime `json:"created_at,omitempty"`
	ExpiresAt    *UnixTime `json:"expires_at,omitempty"`
}

APIKey represents an OpenAI API key

func (*APIKey) GetCreatedAt 

func (ak *APIKey) GetCreatedAt() *time.Time

GetCreatedAt returns the created_at time as a time.Time pointer

func (*APIKey) GetExpiresAt 

func (ak *APIKey) GetExpiresAt() *time.Time

GetExpiresAt returns the expires_at time as a time.Time pointer

func (*APIKey) MarshalJSON 

func (ak *APIKey) MarshalJSON() ([]byte, error)

MarshalJSON implements custom marshaling for APIKey

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client represents an OpenAI API client

func NewClient 

func NewClient(adminAPIKey string, logger hclog.Logger) *Client

NewClient creates a new OpenAI client

func (*Client) CreateAdminAPIKey 

func (c *Client) CreateAdminAPIKey(ctx context.Context, name string) (string, string, error)

CreateAdminAPIKey creates a new admin API key and returns its value and ID

func (*Client) CreateServiceAccount 

func (c *Client) CreateServiceAccount(ctx context.Context, projectID string, req CreateServiceAccountRequest) (*ServiceAccount, *APIKey, error)

CreateServiceAccount creates a new project service account and returns both the service account and API key in a single operation, as per the actual OpenAI API behavior.

func (*Client) DeleteServiceAccount 

func (c *Client) DeleteServiceAccount(ctx context.Context, id string, projectID ...string) error

DeleteServiceAccount deletes a service account by ID

func (*Client) GetAdminAPIKey 

func (c *Client) GetAdminAPIKey(ctx context.Context, keyID string) (map[string]interface{}, error)

GetAdminAPIKey retrieves details for a specific admin API key by ID.

func (*Client) GetProject 

func (c *Client) GetProject(ctx context.Context, projectID string) (*ProjectInfo, error)

GetProject fetches project details from OpenAI API by project ID

func (*Client) GetServiceAccount 

func (c *Client) GetServiceAccount(ctx context.Context, id string, projectID string) (*ServiceAccount, error)

GetServiceAccount gets a service account by ID

func (*Client) ListAdminAPIKeys 

func (c *Client) ListAdminAPIKeys(ctx context.Context) ([]map[string]interface{}, error)

ListAdminAPIKeys lists all admin API keys

func (*Client) ListServiceAccounts 

func (c *Client) ListServiceAccounts(ctx context.Context, projectID string) ([]*ServiceAccount, error)

ListServiceAccounts returns all service accounts for a project

func (*Client) RevokeAdminAPIKey 

func (c *Client) RevokeAdminAPIKey(ctx context.Context, keyID string) error

RevokeAdminAPIKey revokes the given admin API key

func (*Client) SetConfig 

func (c *Client) SetConfig(config *Config) error

SetConfig updates the client configuration

func (*Client) TestConnection 

func (c *Client) TestConnection(ctx context.Context) error

TestConnection tests the client connection by listing admin API keys

func (*Client) ValidateProject 

func (c *Client) ValidateProject(ctx context.Context, projectID string) error

ValidateProject checks if the given project ID is valid by retrieving the project details from OpenAI.

type ClientAPI 

type ClientAPI interface {
	CreateServiceAccount(ctx context.Context, projectID string, req CreateServiceAccountRequest) (*ServiceAccount, *APIKey, error)
	DeleteServiceAccount(ctx context.Context, id string, projectID ...string) error
	SetConfig(config *Config) error
	ListServiceAccounts(ctx context.Context, projectID string) ([]*ServiceAccount, error)
	GetServiceAccount(ctx context.Context, serviceAccountID, projectID string) (*ServiceAccount, error)
	ValidateProject(ctx context.Context, projectID string) error
	GetProject(ctx context.Context, projectID string) (*ProjectInfo, error)
}

ClientAPI defines the interface for OpenAI client operations used by the backend This allows for mocking in tests.

type Config 

type Config struct {
	AdminAPIKey    string `json:"admin_api_key"`
	AdminAPIKeyID  string `json:"admin_api_key_id,omitempty"`
	APIEndpoint    string `json:"api_endpoint"`
	OrganizationID string `json:"organization_id"`
}

Config contains configuration for the OpenAI client Add AdminAPIKeyID to track the key's ID for revocation

type CreateServiceAccountRequest 

type CreateServiceAccountRequest struct {
	Name string `json:"name"`
}

CreateServiceAccountRequest represents a request to create a service account Only Name is supported by OpenAI Removed Description field

type IncrCounterWithLabelsFuncType 

type IncrCounterWithLabelsFuncType func(ctx context.Context, name []string, value float32, labels []Label)

IncrCounterWithLabelsFuncType defines the function signature for metric emission so it can be swapped in tests. 

var IncrCounterWithLabels IncrCounterWithLabelsFuncType = func(ctx context.Context, name []string, value float32, labels []Label) {
	var mLabels []metrics.Label
	for _, l := range labels {
		mLabels = append(mLabels, metrics.Label{Name: l.Name, Value: l.Value})
	}
	metrics.IncrCounterWithLabels(name, value, mLabels)
}

IncrCounterWithLabels is a variable so it can be replaced in tests.

type Label 

type Label struct {
	Name  string
	Value string
}

Label represents a key-value pair for metric labels.

type Project 

type Project struct {
	ID     string
	Name   string
	Status string
}

Project represents the OpenAI project details response used in tests.

type ProjectInfo 

type ProjectInfo struct {
	ID     string `json:"id"`
	Name   string `json:"name"`
	Status string `json:"status"`
}

ProjectInfo represents the OpenAI project details response Used for project validation

type ServiceAccount 

type ServiceAccount struct {
	ID        string    `json:"id"`
	ProjectID string    `json:"project_id"`
	Name      string    `json:"name"`
	Role      string    `json:"role,omitempty"`
	CreatedAt *UnixTime `json:"created_at,omitempty"`
}

ServiceAccount represents an OpenAI project service account Updated: OpenAI does not support a description field for service accounts Added Role field per API response Removed Description field

func (*ServiceAccount) GetCreatedAt 

func (sa *ServiceAccount) GetCreatedAt() *time.Time

GetCreatedAt returns the created_at time as a time.Time pointer

func (*ServiceAccount) MarshalJSON 

func (sa *ServiceAccount) MarshalJSON() ([]byte, error)

MarshalJSON implements custom marshaling for ServiceAccount

type ServiceAccountResponse 

type ServiceAccountResponse struct {
	ServiceAccount *ServiceAccount `json:"service_account"`
	APIKey         *APIKey         `json:"api_key"`
}

ServiceAccountResponse represents the API response for creating a service account. It includes both the service account and the associated API key.

type UnixTime 

type UnixTime time.Time

UnixTime wraps time.Time for custom UnmarshalJSON implementation to handle Unix timestamp formats from the OpenAI API

func UnixTimePtr 

func UnixTimePtr(t *time.Time) *UnixTime

UnixTimePtr converts a time.Time pointer to a UnixTime pointer

func (UnixTime) MarshalJSON 

func (ut UnixTime) MarshalJSON() ([]byte, error)

MarshalJSON converts the UnixTime back to JSON

func (UnixTime) Time 

func (ut UnixTime) Time() time.Time

Time returns the time.Time value

func (UnixTime) TimePtr 

func (ut UnixTime) TimePtr() *time.Time

TimePtr returns a pointer to a time.Time value

func (*UnixTime) UnmarshalJSON 

func (ut *UnixTime) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom unmarshaling for Unix timestamps It handles timestamps in seconds (integer), RFC3339 format (string), or null

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.