Vault 36295 Improve plugin mgmt ux in api and cli #30811
Conversation
…ning before returning in RegisterPluginWithContext
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
benashz
changed the title
benashz
changed the title
helenfufu
force-pushed
the
vault-36295-improve-plugin-mgmt-ux-in-api-and-cli
branch
from
ddb46b0 to
76b9dec
Compare
There was a problem hiding this comment.
This PR includes the doc updates for the sha256, command, and version parameters, as well as the current state of the manual registration flow with an extracted artifact.
It does not currently include any doc updates for the download functionality. IMO it would be better to get this into main first so the current state is up-to-date, and then do a subsequent PR for download docs once our vault-enterprise feature branch is shipped.
| Version: "v1.0.0", | ||
| }) | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
| if len(resp.Warnings) > 0 { |
There was a problem hiding this comment.
nit: any chance we could check the Warnings here using reflect.DeepEqual()?
There was a problem hiding this comment.
Having a bit of trouble with this, namely needing to differentiate when resp.Warnings is []string(nil) or []string{}, which the length check handles. Are we ok ignoring this nit in favor of prioritizing the download work?
There was a problem hiding this comment.
In the case where we don't expect a warning, we should not assert the value. Maybe I am misunderstanding. Is the suggestion to test the non-happy path?
| t.Fatal(err) | ||
| } | ||
| if len(registerResp.Warnings) > 0 { |
There was a problem hiding this comment.
nit: similar comment as above about testing the equality rather than the length of Warnings. Testing both is fine however.
There was a problem hiding this comment.
Same as above #30811 (comment)
vault/logical_system.go
Outdated
| return logical.ErrorResponse("must provide at least one of command or oci_image"), nil | ||
| var resp logical.Response | ||
|
|
||
| if sha256 == "" { |
There was a problem hiding this comment.
Ideally these parameter constraints would be handled by the Vault server API. The vault client could just pass in everything that it got from the command line to Vault and the Vault server would do the parameter checks, returning any errors to the vault client. This is not a blocker, but something to consider for the future, especially since the Vault client may be connecting to some version of Vault that does support plugin artifacts, etc.
There was a problem hiding this comment.
Ack for the future, thanks for the input.
There might be a misunderstanding on my side: I thought handlePluginCatalogUpdatein logical_system.go is the API handler? Where would you suggest making the change in the future?
…gisterPluginWithContext
… binary plugins, which rely on plugin.Command input; extracted artifact plugins don't rely on plugin.Command input
helenfufu
removed
backport/ent/1.16.x+ent
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
Co-authored-by: Sarah Chavis <[email protected]>
* suggestions * move common reqs to a partial * fix typo * tweak reqs * Update website/content/partials/plugins/prepare-plugin.mdx Co-authored-by: helenfufu <[email protected]> * Update website/content/partials/plugins/prepare-plugin.mdx Co-authored-by: helenfufu <[email protected]> * Update website/content/partials/plugins/prepare-plugin.mdx Co-authored-by: helenfufu <[email protected]> * tweak feedback * remove deprecation * Update website/content/partials/plugins/common-requirements.mdx Co-authored-by: helenfufu <[email protected]> * save * Update website/content/docs/plugins/rollback.mdx Co-authored-by: helenfufu <[email protected]> * Update website/content/docs/plugins/upgrade.mdx Co-authored-by: helenfufu <[email protected]> * fix formatting --------- Co-authored-by: helenfufu <[email protected]>
Description
This PR improves the API and CLI UX for
sha256andcommandfollowing the below guidelines:sha256is provided,commandis required (following the existing behavior). Whensha256is not provided,commandis ignored and give a warningfmt.Sprintf("When sha256 is unspecified, a plugin artifact is expected for registration and the command parameter %q will be ignored.", command).sha256is provided and bothcommandandoci_imageare not provided, defaultcommandto plugin name. Whensha256is not provided, make the API call and propagate up the API warning.We additionally update the plugin registration docs (overview, API, and CLI) around
sha256,command, andversionto capture the two supported plugin registration mechanisms at this time: binary with-sha256and (extracted) artifact with-versiononly.Local testing: link
ENT PR: https://github.com/hashicorp/vault-enterprise/pull/8365
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.