upgrade plugin instruction

ilijamt / vault-plugin-secrets-gitlab

Vault Plugin for Gitlab Access Tokens

MIT License

43 stars 6 forks source link

upgrade plugin instruction #74

Closed venerari closed 3 months ago

venerari commented 5 months ago

Hey Ilijamt

I tried this instruction,

https://developer.hashicorp.com/vault/docs/upgrading/plugins

/etc/vault/plugins $ vault plugin register \
>   -sha256=da7a2e4ecdbef307933bf62c8c643b25f79e9114b47e49693e7dcfb70f99f846 \
>   -command=vault-plugin-secrets-gitlab_v0.3.3 \
>   -version=v0.3.3 \
>   secret gitlab
Success! Registered plugin: gitlab
/etc/vault/plugins $ 
/etc/vault/plugins $ vault write sys/plugins/pins/secret/gitlab version=v0.3.3
Error writing data to sys/plugins/pins/secret/gitlab: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/plugins/pins/secret/gitlab
Code: 404. Errors:

* 1 error occurred:
        * unsupported path

But got error?

Please help! Venerari

ilijamt commented 4 months ago

I haven't tried the new way of upgrading of plugins. But what works for me is.

$ vault plugin register \
  -sha256=b5fd0a3481930211a09bb944aa96a18a9eab8e594b6773b25209330d752e5f83 \
  -command=gitlab\
  -version=v0.2.4 \
  secret \
  gitlab
$ vault secrets tune -plugin-version=v0.2.4 gitlab
$ vault plugin reload -plugin gitlab
$ vault secrets list -detailed -format=json | jq '."gitlab/"'
{
   "uuid":"759239c4-5fe1-4eb0-6105-480d1d67de5e",
   "type":"gitlab",
   "description":"",
   "accessor":"gitlab_294d3aea",
   "config":{
      "default_lease_ttl":2678400,
      "max_lease_ttl":31622400,
      "force_no_cache":false
   },
   "options":null,
   "local":false,
   "seal_wrap":false,
   "external_entropy_access":false,
   "plugin_version":"v0.2.4",
   "running_plugin_version":"v0.2.4",
   "running_sha256":"b5fd0a3481930211a09bb944aa96a18a9eab8e594b6773b25209330d752e5f83",
   "deprecation_status":""
}

TJM commented 3 months ago

The vault write sys/plugins/pins/secret/gitlab path is new in 1.16.x (at least it changed in the 1.16.x docs), and even though we are on vault 1.16.2, the path didn't work for us. We used the old vault secrets tune -plugin-version=v0.3.3 gitlab, and it worked for us.

ilijamt commented 3 months ago

I haven't had a chance to go over and see what is needed to change the upgrade path to the new way of things.