Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: Implementing the plugin version interface #19606

Merged
merged 4 commits into from
Mar 20, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 13 additions & 16 deletions website/content/docs/plugins/plugin-development.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -75,22 +75,6 @@ func main() {
And that's basically it! You would just need to change `myPlugin` to your actual
plugin.

### Implementing the Version interface

Plugins can optionally self-report their own semantic version. For plugins that
do so, Vault will automatically populate the plugin's version in the catalog
without requiring the user to provide it. If users do provide a version during
registration, Vault will validate the version provided matches what the plugin
reports. Plugins that report a non-empty version _must_ report a valid
[Semantic Version](https://semver.org/) or registration will fail.

To implement the version interface, plugins using the Vault SDK package should
set the `RunningVersion` variable in the struct
[`framework.Backend`](https://github.com/hashicorp/vault/blob/main/sdk/framework/backend.go).

All other plugins should implement the `PluginVersion` service defined
in [`version.proto`](https://github.com/hashicorp/vault/blob/main/sdk/logical/version.proto).

## Plugin Backwards Compatibility with Vault

Let's take a closer look at a snippet from the above main package.
Expand All @@ -116,6 +100,19 @@ be omitted.

[api_addr]: /vault/docs/configuration#api_addr

## Leveraging plugin versioning

@include 'plugin-versioning.mdx'

Auth and secrets plugins based on `framework.Backend` from the SDK should set the
[`RunningVersion`](https://github.com/hashicorp/vault/blob/sdk/v0.6.0/sdk/framework/backend.go#L95-L96)
variable, and the framework will implement the version interface.

Database plugins have a smaller API than `framework.Backend` exposes, and should
instead implement the
[`PluginVersioner`](https://github.com/hashicorp/vault/blob/sdk/v0.6.0/sdk/logical/logical.go#L150-L154)
interface directly.

## Building a Plugin from Source

To build a plugin from source, first navigate to the location holding the
Expand Down
23 changes: 22 additions & 1 deletion website/content/docs/secrets/databases/custom.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ build with [gox](https://github.com/mitchellh/gox) for cross platform builds.
To use your plugin with the database secrets engine you need to place the binary in the
plugin directory as specified in the [plugin internals](/vault/docs/plugins) docs.

You should now be able to register your plugin into the vault catalog. To do
You should now be able to register your plugin into the Vault catalog. To do
this your token will need sudo permissions.

```shell-session
Expand All @@ -228,6 +228,27 @@ $ vault write database/config/mydatabase \
myplugins_connection_details="..."
```

## Updating database plugins to leverage plugin versioning

@include 'plugin-versioning.mdx'

In addition to the `Database` interface above, database plugins can then also
implement the
[`PluginVersioner`](https://github.com/hashicorp/vault/blob/sdk/v0.6.0/sdk/logical/logical.go#L150-L154)
interface:

```go
// PluginVersioner is an optional interface to return version info.
type PluginVersioner interface {
// PluginVersion returns the version for the backend
PluginVersion() PluginVersion
}

type PluginVersion struct {
Version string
}
```

## Upgrading database plugins to leverage plugin multiplexing

### Background
Expand Down
14 changes: 14 additions & 0 deletions website/content/partials/plugin-versioning.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Plugins can optionally self-report their own semantic version. For plugins that
do so, Vault will automatically populate the plugin's version in the catalog
without requiring the user to provide it. If users do provide a version during
registration, Vault will validate the version provided matches what the plugin
tomhjp marked this conversation as resolved.
Show resolved Hide resolved
reports. Plugins that report a non-empty version _must_ report a valid
[Semantic Version](https://semver.org/) with a leading 'v' added or registration
will fail, e.g. `v1.0.0` or `v2.3.2-beta`.

Plugins that want to opt into this behavior can implement the version interface.
However, it is not a prerequisite; users can still provide a version during
registration if the plugin does not implement the version interface.

To implement the version interface, plugins should first upgrade the Vault SDK
package to at least v0.6.0.