Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin reload -global does not reload plugins in all child namespaces in enterprise version #10107

Closed
shwuandwing opened this issue Oct 7, 2020 · 2 comments
Closed

Plugin reload -global does not reload plugins in all child namespaces in enterprise version #10107

shwuandwing opened this issue Oct 7, 2020 · 2 comments
Assignees
@sgmiller

Comments

@shwuandwing
Copy link
Contributor

Describe the bug
vault plugin reload -plugin=my-custom-plugin -global does not reload my-custom-plugin in child namespaces (in the enterprise version).

To Reproduce
Steps to reproduce the behavior:

  1. Enable a custom auth plugin. (i.e. my-custom-plugin) in the root namespace
  2. Read the plugin's config (to force it to run)
  3. Create a child namespace "child"
  4. Enable the custom auth plugin in the child namespace. Again read the child namespace's plugin's config to get it running
  5. Update the plugin catalog with a new version of the custom auth plugin
  6. Run vault plugin reload -plugin=my-custom-plugin -global
  7. Observe only the plugin in the root namespace was reloaded.

Expected behavior
plugin reload -plugin=my-custom-plugin -global should reload the plugin in all namespaces; or there should be a command option to reload the plugin in all namespaces.

Environment:

  • 1.5.3 enterprise (server and cli)
  • Linux x64:
@raskchanky
Copy link
Contributor

Hi @shwuandwing,

Thanks for reaching out! In doing some reading regarding your issue, I've noticed a few things.

First, the docs for plugin reload are incomplete. I've opened a PR to correct this, but in the interim, I wanted to point out that there's no -global flag, but rather -scope=global is the way to trigger a global reload.

From what I can tell, the global plugin reload is not designed to reload plugins within child namespaces. It very specifically only reloads plugins within the same namespace as the request. I think the purpose of global plugin reload is to reload all instances of a plugin across multiple Vault clusters.

@sgmiller please correct me if I've misstated anything here.

I'm going to close this, as I think this feature is working as intended. If you'd like to open an issue as a feature request for having a way to reload a plugin in all namespaces, please feel free to do so.

@shwuandwing
Copy link
Contributor Author

Then the vault plugin reload -scope=global command isn't a fit for enterprise use.

In the enterprise version, there is only one global catalog of custom plugins in the root namespace (child namespaces use the root namespaces catalog).

If you use the reload command to run a new version of a custom plugin -- its really surprising that you have to run it in all the child namespaces (since the child namespaces are running a different version of the plugin from not being reloaded).

@sgmiller sgmiller self-assigned this Jul 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgmiller sgmiller

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raskchanky @shwuandwing @sgmiller