Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Remove pinned builtin plugin versions from storage into release/1.12.x #18102

Merged
merged 1 commit into from
Nov 23, 2022
Merged

Backport of Remove pinned builtin plugin versions from storage into release/1.12.x #18102

merged 1 commit into from
Nov 23, 2022

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #18051 to be assessed for backporting due to the inclusion of the label backport/1.12.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Addresses bug described in the 1.12 upgrade guide: https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.12.x#pinning-to-builtin-plugin-versions-may-cause-failure-on-upgrade.

In a nutshell, when we try to start a plugin after upgrading, if it has a builtin version stored in the mount table and that version subsequently disappeared from catalog due to the upgrade, we won't be able to mount it. To fix this, the main idea is to stop storing version information for builtin plugins, and rely on the pre-existing behaviour that not specifying a version selects the builtin (unless it's been shadowed by an unversioned external plugin).

2 main changes, that need to be done for each of the 3 plugin types:

  • Stop storing the builtin version for newly mounted plugins
  • Clean up storage in existing mounts where we stored the builtin version

Stopping storage for new mounts is easy enough. Cleaning up existing auth and secrets mounts also seems relatively straightforward thanks to some existing logic for upgrading their storage.

Unfortunately, database plugins don't seem to have any such existing capability, instead this relies on fixing storage whenever it's next written to for each db plugin. That means databases also need an extra shim to stop mounting from failing, because we may mount a plugin before the config has been fixed in storage. We also delete builtin plugin versions from a config read response, so the out of date storage is invisible to users unless they poke around in raw endpoints.

The approach also means users who have a builtin version pinned, and an unversioned plugin of the same name registered, will start running the unversioned plugin on upgrading. That deserves a callout in the changelog, but I don't expect it to be problematic for many people, as most people using versions for builtins will probably also use versions for externals. Plus it's still a very new feature, and the delta between the builtin and external versions is likely small.

I've also updated the plugin catalog to not return a builtin if it has been shadowed by an unversioned external plugin of the same name.

Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/remove-builtin-version-info-from-mount-table/logically-innocent-frog branch 2 times, most recently from f8786e5 to ab60aef Compare November 23, 2022 18:36
@hashicorp-cla
Copy link

hashicorp-cla commented Nov 23, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tomhjp
Remove pinned builtin plugin versions from storage (#18051)
7d529e7 
* Removes _builtin_ versions from mount storage where it already exists
* Stops new builtin versions being put into storage on mount creation/tuning
* Stops the plugin catalog from returning a builtin plugin that has been overridden, so it more accurately reflects the plugins that are available to actually run
 Conflicts:
	vault/mount.go
@tomhjp tomhjp force-pushed the backport/remove-builtin-version-info-from-mount-table/logically-innocent-frog branch from 5010597 to 7d529e7 Compare November 23, 2022 18:40
@benashz benashz self-requested a review November 23, 2022 18:42
@tomhjp tomhjp marked this pull request as ready for review November 23, 2022 18:42
@tomhjp tomhjp requested a review from a team November 23, 2022 18:42
benashz
benashz approved these changes Nov 23, 2022
View reviewed changes
Copy link
Contributor

@benashz benashz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tomhjp
Copy link
Contributor

tomhjp commented Nov 23, 2022

Thanks!

@tomhjp tomhjp enabled auto-merge (squash) November 23, 2022 18:53
@tomhjp tomhjp merged commit 3cc6b6a into release/1.12.x Nov 23, 2022
@tomhjp tomhjp deleted the backport/remove-builtin-version-info-from-mount-table/logically-innocent-frog branch November 23, 2022 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benashz benashz benashz approved these changes

@swenson swenson swenson approved these changes

@tomhjp tomhjp Awaiting requested review from tomhjp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hc-github-team-secure-vault-core @hashicorp-cla @tomhjp @swenson @benashz