Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins: Mount missing plugin entries and skip loading #18189

Merged
merged 19 commits into from
Dec 2, 2022
Merged

plugins: Mount missing plugin entries and skip loading #18189

merged 19 commits into from
Dec 2, 2022

Conversation

mpalmi
Copy link
Contributor

@mpalmi mpalmi commented Dec 1, 2022
edited
Loading

This PR fixes an inconsistency and logic issue in the previous unseal logic. We now consistently check the plugincatalog for secrets engines and auth methods and appropriately skip the backend startup for deregistered plugins.

This probably needs an unseal test to prevent regression.

This PR should resolve VAULT-11858

@mpalmi mpalmi requested review from tomhjp and ncabatoff December 1, 2022 17:16
@mpalmi mpalmi changed the title Skip startup missing plugin Mount missing plugin entries and skip loading Dec 1, 2022
@mpalmi mpalmi changed the title Mount missing plugin entries and skip loading core: Mount missing plugin entries and skip loading Dec 1, 2022
@mpalmi mpalmi changed the title core: Mount missing plugin entries and skip loading plugins: Mount missing plugin entries and skip loading Dec 1, 2022
tomhjp
tomhjp reviewed Dec 1, 2022
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the history, this has been a pretty active area for changes, with the same issue coming up multiple times. I think it's worth writing some tests that thoroughly exercise the expected behaviour here to make sure it stays fixed.

vault/auth.go Outdated Show resolved Hide resolved
vault/auth.go Outdated Show resolved Hide resolved
tomhjp
tomhjp approved these changes Dec 2, 2022
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just a few non-functional nits/suggestions for improvement.

vault/auth.go Outdated Show resolved Hide resolved
vault/core.go Outdated Show resolved Hide resolved
vault/external_plugin_test.go Show resolved Hide resolved
vault/external_plugin_test.go Show resolved Hide resolved
vault/external_plugin_test.go Show resolved Hide resolved
@mpalmi mpalmi merged commit baaaff6 into main Dec 2, 2022
Merged
@mpalmi mpalmi deleted the skip-startup-missing-plugin branch December 2, 2022 18:52
AnPucel pushed a commit that referenced this pull request Jan 14, 2023
@mpalmi @tomhjp @AnPucel
plugins: Mount missing plugin entries and skip loading (#18189)
62f6871 
* Skip plugin startup for missing plugins
* Skip secrets startup for missing plugins
* Add changelog for bugfix
* Make plugin handling on unseal version-aware
* Update plugin lazy-load logic/comments for readability
* Add register/mount/deregister/seal/unseal go test
* Consolidate lazy mount logic to prevent inconsistencies

Co-authored-by: Tom Proctor <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhjp tomhjp tomhjp approved these changes

@ncabatoff ncabatoff Awaiting requested review from ncabatoff

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mpalmi @tomhjp