plugin list fails when audit is enabled

[jorgemarey]

Describe the bug
When executing the command vault plugin list (or using the API) if audit is enabled vault will fail and report a error.

2022-10-28T07:19:22.397Z [ERROR] audit: panic during logging: request_path=sys/plugins/catalog error="reflect: reflect.Value.Set using value obtained using unexported field"
2022-10-28T07:19:22.398Z [ERROR] core: failed to audit response: request_path=sys/plugins/catalog
  error=
  | 1 error occurred:
  | 	* panic generating audit log
  | 

To Reproduce

1. enable audit
2. Run vault plugin list
3. See error

Environment:
vault v1.12.0

Additional context

I saw that there were some changes related to output version on plugins, so I guess it's related to that. I also found some issues (#2687 and #1911) with the same error but they're from a long time ago.

[AnthonyHerman]

Hitting this as well in v1.12.1

[jmthvt]

If I understand correctly, it would be because of this *version.Version.

SemanticVersion *version.Version `json:"-"`

As per #1911:

reflect just goes as deep as it can, and the callbacks have to check if the fields can be set.

So it eventually hits these *version unexported fields:

type Version struct {
	metadata string
	pre      string
	segments []int64
	si       int
	original string
}

[artur-borys1]

Hi, are there any updates on this or should I use older (< 1.12.0) version of Vault?

[tomhjp]

Thanks for the report, and sorry this didn't get fixed in time for 1.12.2. #18173 should fix it, and will be in 1.12.3.

It's not ideal, but the best listing workaround I can offer for now (other than disabling auditing which is obviously a no-go) is that the "typed" list endpoints don't suffer from this problem, so e.g. vault list sys/plugins/catalog/database, but they don't include versioned plugins right now.

Affected Vault versions are 1.12.0, 1.12.1 and 1.12.2.