diff --git a/changelog/21681.txt b/changelog/21681.txt new file mode 100644 index 000000000..8d684423a --- /dev/null +++ b/changelog/21681.txt @@ -0,0 +1,3 @@ +```release-note:improvement +sys/metrics (enterprise): Adds a gauge metric that tracks whether enterprise builtin secret plugins are enabled. +``` diff --git a/helper/builtinplugins/registry_util.go b/helper/builtinplugins/registry_util.go new file mode 100644 index 000000000..948092e44 --- /dev/null +++ b/helper/builtinplugins/registry_util.go @@ -0,0 +1,10 @@ +//go:build !enterprise + +package builtinplugins + +import "github.com/hashicorp/vault/sdk/helper/consts" + +// IsBuiltinEntPlugin checks whether the plugin is an enterprise only builtin plugin +func (r *registry) IsBuiltinEntPlugin(name string, pluginType consts.PluginType) bool { + return false +} diff --git a/helper/testhelpers/corehelpers/corehelpers.go b/helper/testhelpers/corehelpers/corehelpers.go index 846db21da..34ac1e5ab 100644 --- a/helper/testhelpers/corehelpers/corehelpers.go +++ b/helper/testhelpers/corehelpers/corehelpers.go @@ -26,6 +26,8 @@ import ( "github.com/mitchellh/go-testing-interface" ) +var externalPlugins = []string{"transform", "kmip", "keymgmt"} + // RetryUntil runs f until it returns a nil result or the timeout is reached. // If a nil result hasn't been obtained by timeout, calls t.Fatal. func RetryUntil(t testing.T, timeout time.Duration, f func() error) { @@ -180,10 +182,23 @@ func (m *mockBuiltinRegistry) Keys(pluginType consts.PluginType) []string { "pending-removal-test-plugin", "approle", } + + case consts.PluginTypeSecrets: + return append(externalPlugins, "kv") } + return []string{} } +func (r *mockBuiltinRegistry) IsBuiltinEntPlugin(name string, pluginType consts.PluginType) bool { + for _, i := range externalPlugins { + if i == name { + return true + } + } + return false +} + func (m *mockBuiltinRegistry) Contains(name string, pluginType consts.PluginType) bool { for _, key := range m.Keys(pluginType) { if key == name { diff --git a/vault/core.go b/vault/core.go index 473de0362..e36a882d0 100644 --- a/vault/core.go +++ b/vault/core.go @@ -3181,6 +3181,7 @@ type BuiltinRegistry interface { Get(name string, pluginType consts.PluginType) (func() (interface{}, error), bool) Keys(pluginType consts.PluginType) []string DeprecationStatus(name string, pluginType consts.PluginType) (consts.DeprecationStatus, bool) + IsBuiltinEntPlugin(name string, pluginType consts.PluginType) bool } func (c *Core) AuditLogger() AuditLogger { diff --git a/vault/mount.go b/vault/mount.go index 45ec7cc09..a4bc4c02e 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -728,6 +728,10 @@ func (c *Core) mountInternal(ctx context.Context, entry *MountEntry, updateStora if err := c.router.Mount(backend, entry.Path, entry, view); err != nil { return err } + if err = c.entBuiltinPluginMetrics(ctx, entry, 1); err != nil { + c.logger.Error("failed to emit enabled ent builtin plugin metrics", "error", err) + return err + } // Re-evaluate filtered paths if err := runFilteredPathsEvaluation(ctx, c, false); err != nil { @@ -915,6 +919,10 @@ func (c *Core) unmountInternal(ctx context.Context, path string, updateStorage b if err := c.router.Unmount(ctx, path); err != nil { return err } + if err = c.entBuiltinPluginMetrics(ctx, entry, -1); err != nil { + c.logger.Error("failed to emit disabled ent builtin plugin metrics", "error", err) + return err + } removePathCheckers(c, entry, viewPath) diff --git a/vault/mount_util.go b/vault/mount_util.go index ffd937b78..13f141817 100644 --- a/vault/mount_util.go +++ b/vault/mount_util.go @@ -72,3 +72,7 @@ func (c *Core) mountEntrySysView(entry *MountEntry) extendedSystemView { } return c.NewAcmeBillingSystemView(esi) } + +func (c *Core) entBuiltinPluginMetrics(ctx context.Context, entry *MountEntry, val float32) error { + return nil +}