Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Populate the running SHA256 of plugins in the mount and auth tables #17217

Merged
merged 2 commits into from
Sep 21, 2022
Merged

Populate the running SHA256 of plugins in the mount and auth tables #17217

merged 2 commits into from
Sep 21, 2022

Conversation

swenson
Copy link
Contributor

@swenson swenson commented Sep 19, 2022

Builds on #17182 and probably conflicts with #17171, but I can rebase when one or both of those are merged.

@swenson swenson added this to the 1.12.0-rc1 milestone Sep 19, 2022
tvoran
tvoran approved these changes Sep 19, 2022
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to work for me!

vault/external_plugin_test.go
Comment on lines +262 to +281
if raw.(*routeEntry).mountEntry.RunningSha == "" {
t.Errorf("Expected RunningSha to be present: %+v", raw.(*routeEntry).mountEntry.RunningSha)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to check that the running sha is the one that was submitted?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We just copy the runningSha from the requested SHA, since there isn't much of a need to compute it again.

tomhjp
tomhjp reviewed Sep 20, 2022
View reviewed changes
vault/mount.go Show resolved Hide resolved
vault/plugin_reload.go Outdated Show resolved Hide resolved
@swenson
Copy link
Contributor Author

swenson commented Sep 21, 2022

Thanks!

@swenson swenson merged commit e2c22dc into vault-8143/check-version Sep 21, 2022
@swenson swenson deleted the populate-running-sha branch September 21, 2022 15:38
swenson pushed a commit that referenced this pull request Sep 21, 2022
Check if plugin version matches running version (#17182)
0b34b73 
Check if plugin version matches running version

When registering a plugin, we check if the request version matches the
self-reported version from the plugin. If these do not match, we log a
warning.

This uncovered a few missing pieces for getting the database version
code fully working.

We added an environment variable that helps us unit test the running
version behavior as well, but only for approle, postgresql, and consul
plugins.

Return 400 on plugin not found or version mismatch

Populate the running SHA256 of plugins in the mount and auth tables (#17217)
This was referenced Sep 22, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhjp tomhjp tomhjp approved these changes

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
pr/no-changelog
Projects
None yet
Milestone
1.12.0-rc1
Development

Successfully merging this pull request may close these issues.
3 participants
@swenson @tvoran @tomhjp