Vault plugin deregister always success & never fails

Vault CLI steps for plugin deregister always returns a success and what's more compatibility options provided for older versions of Vault that do not require plugin-type to be passed are also impacting deregister especially since requesting a register without a plugin-type is accepted as valid yet similarly attempting a deregister without a plugin-type passed results in the same behaviour and without any complaints or warnings.

There's presently no way to determine when a plugin has been successfully deregistered (without an additional listing requests and deductive comparisons)

To Reproduce

# // register a plugin - eg:
# vault plugin register -sha256=… venafi-pki-backend ;  # // no type required.

# // --------------------------------------------------------------------------
# // WITHOUT TYPE - no errors or complaints:
vault plugin deregister venafi-pki-backend
  # Success! Deregistered plugin (if it was registered): venafi-pki-backend

curl -X DELETE -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" https://192.168.178.253:8200/v1/sys/plugins/catalog/venafi-pki-backend
  # {"request_id":"a2845804-1356-3e5a-ae07-a563287b3458","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Deprecated API endpoint, cannot deregister plugin from catalog for \"venafi-pki-backend\""],"auth":null}

vault plugin deregister does-not-exist
  # Success! Deregistered plugin (if it was registered): does-not-exist

curl -v -X DELETE -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" https://192.168.178.253:8200/v1/sys/plugins/catalog/secret/does-not-exist
  # // ...
  # < HTTP/2 204
  # < cache-control: no-store
  # < content-type: application/json
  # < date: Mon, 20 Jul 2020 18:40:31 GMT
  # <
  # * Connection #0 to host 192.168.178.253 left intact

# // --------------------------------------------------------------------------
# // WITH TYPE:
vault plugin deregister secret venafi-pki-backend
  # Success! Deregistered plugin (if it was registered): venafi-pki-backend

# //^ WORKS as `vault plugin list` can confirm since 'secret' plugin-type is set.

# // BUT then repeating CLI or API you get:
vault plugin deregister secret venafi-pki-backend
  # Success! Deregistered plugin (if it was registered): venafi-pki-backend

Expected behavior Provide contextual responses which express a HTTP-2xx / 0 exit code only when an actually deregister has been successfully performed and also provide any error messages or warnings for plugin-type that must be set for all newer and current Vault versions.

Environment:

Vault Server Version (retrieve with vault status):

#vagrant@vault1:~$ \
vault status
  # Key                      Value
  # ---                      -----
  # Recovery Seal Type       shamir
  # Initialized              true
  # Sealed                   false
  # Total Recovery Shares    1
  # Threshold                1
  # Version                  1.4.3
  # Cluster Name             primary
  # Cluster ID               fd83652e-351e-00b4-9571-b5b3840c6a18
  # HA Enabled               true
  # HA Cluster               https://192.168.178.253:8201
  # HA Mode                  active
  # Last WAL                 135

Server Operating System/Architecture: uname -pisorv ; # Linux 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) GNU/Linux

Vault server configuration file(s):

cluster_name = "primary"
api_addr = "https://192.168.178.253:8200"
cluster_addr = "https://192.168.178.253:8201"

listener "tcp" {
  address       = "0.0.0.0:8200"
  cluster_address  = "192.168.178.253:8201"
  tls_cert_file = "/home/vagrant/vault1_certificate.crt"
  tls_key_file = "/home/vagrant/vault1_private.key"
}

storage "raft" {
        path            = "/vault/data"
        node_id         = "vault1"
}

disable_mlock = true
log_level = "trace"
ui = true
raw_storage_endpoint = true
plugin_directory = "/etc/vault.d/plugins"

hashicorp / vault

Vault plugin deregister always success & never fails #9534