-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix plugin register cli error on unfound oci images #24990
fix plugin register cli error on unfound oci images #24990
Conversation
Build Results: |
CI Results: |
merr = multierror.Append(merr, err) | ||
c.logger.Debug("failed to dispense v4 backend plugin", "name", pluginRunner.Name, "error", err) | ||
if pluginRunner.OCIImage != "" { | ||
return logical.EmptyPluginVersion, fmt.Errorf("%w: %s", ErrAllContainerizedBackendPluginLoadsFailed, merr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems too early to return? What if running the plugin as a v5 plugin would have succeeded?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks to me we'd have actually returned the plugin version early if running the plugin as a v5 plugin succeeded. I think we attempt to run v4 plugin only when we fail to run v5 plugin. Let me know if I missed something in your question.
vault/vault/plugincatalog/plugin_catalog.go
Lines 575 to 588 in 2acac70
// dispense the plugin so we can get its version | |
client, err = backendplugin.Dispense(pc.ClientProtocol, pc) | |
if err == nil { | |
c.logger.Debug("successfully dispensed v5 backend plugin", "name", pluginRunner.Name) | |
err = client.Setup(ctx, &logical.BackendConfig{}) | |
if err != nil { | |
return logical.EmptyPluginVersion, nil | |
} | |
if versioner, ok := client.(logical.PluginVersioner); ok { | |
return versioner.PluginVersion(), nil | |
} | |
return logical.EmptyPluginVersion, nil | |
} |
ErrAllContainerizedBackendPluginLoadsFailed = errors.New("failed to dispense all containerized backend plugins v4 through v5") | ||
ErrAllContainerizedDatabasePluginLoadsFailed = errors.New("failed to load all containerized database plugins v4 through v5") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need 2 sentinel errors. We should just need a sentinel error along the lines of "unable to run plugin", and we can return the same error from both db and backend functions.
…gPlugins acceptance test failures
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good! I left a few comments, but it's mostly just nits and CI/test considerations.
Co-authored-by: Tom Proctor <[email protected]>
Co-authored-by: Tom Proctor <[email protected]>
…i-image' of github.com:hashicorp/vault into VAULT-20736-fix-plugin-register-cli-error-on-unfound-oci-image
…-unfound-oci-image
Thank you very much for your feedback! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 👍
The vault plugin register command doesn't return an error when the image isn't found. This PR refactors the logic in generating errors in getting backend type version and generating an error response through the system backend when both containerized plugin v4 and v5 loads fail.