From d6d8006ae8521b791a3b1382648035a4dc8f778b Mon Sep 17 00:00:00 2001
From: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Date: Tue, 1 Nov 2022 17:32:54 -0400
Subject: [PATCH] Fix gen_openapi.sh script to load plugins (#17752)

---
 changelog/17752.txt    |  3 ++
 scripts/gen_openapi.sh | 94 +++++++++++++++++++++++++++++-------------
 2 files changed, 69 insertions(+), 28 deletions(-)
 create mode 100644 changelog/17752.txt

diff --git a/changelog/17752.txt b/changelog/17752.txt
new file mode 100644
index 000000000..628eed8e6
--- /dev/null
+++ b/changelog/17752.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+openapi: fix gen_openapi.sh script to correctly load vault plugins
+```
diff --git a/scripts/gen_openapi.sh b/scripts/gen_openapi.sh
index e98633b29..0119a3198 100755
--- a/scripts/gen_openapi.sh
+++ b/scripts/gen_openapi.sh
@@ -24,56 +24,94 @@ vault server -dev -dev-root-token-id=root &
 sleep 2
 VAULT_PID=$!
 
-echo "Mounting all builtin backends..."
+export VAULT_ADDR=http://127.0.0.1:8200
 
-# Read auth backends
+echo "Mounting all builtin plugins..."
+
+# Enable auth plugins
 codeLinesStarted=false
-inQuotesRegex='".*"'
+
 while read -r line; do
     if [[ $line == *"credentialBackends:"* ]] ; then
         codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
+    elif [[ $line == *"databasePlugins:"* ]] ; then
         break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault auth enable "${plugin}"
+    elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+        auth_plugin_previous=""
+    elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+        auth_plugin_current=${BASH_REMATCH[1]}
+
+        if [[ -n "${auth_plugin_previous}" ]] ; then
+            echo "enabling auth plugin: ${auth_plugin_previous}"
+            vault auth enable "${auth_plugin_previous}"
+        fi
+
+        auth_plugin_previous="${auth_plugin_current}"
     fi
 done <../../vault/helper/builtinplugins/registry.go
 
-# Read secrets backends
+if [[ -n "${auth_plugin_previous}" ]] ; then
+    echo "enabling auth plugin: ${auth_plugin_previous}"
+    vault auth enable "${auth_plugin_previous}"
+fi
+
+# Enable secrets plugins
 codeLinesStarted=false
+
 while read -r line; do
     if [[ $line == *"logicalBackends:"* ]] ; then
         codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
+    elif [[ $line == *"addExternalPlugins("* ]] ; then
         break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault secrets enable "${plugin}"
+    elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+        secrets_plugin_previous=""
+    elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+        secrets_plugin_current=${BASH_REMATCH[1]}
+
+        if [[ -n "${secrets_plugin_previous}" ]] ; then
+            echo "enabling secrets plugin: ${secrets_plugin_previous}"
+            vault secrets enable "${secrets_plugin_previous}"
+        fi
+
+        secrets_plugin_previous="${secrets_plugin_current}"
     fi
 done <../../vault/helper/builtinplugins/registry.go
 
+if [[ -n "${secrets_plugin_previous}" ]] ; then
+    echo "enabling secrets plugin: ${secrets_plugin_previous}"
+    vault secrets enable "${secrets_plugin_previous}"
+fi
 
 # Enable enterprise features
 entRegFile=../../vault/helper/builtinplugins/registry_util_ent.go
-if [ -f $entRegFile ] && [[ -n "$VAULT_LICENSE" ]]; then
-  vault write sys/license text="$VAULT_LICENSE"
+if [ -f $entRegFile ] && [[ -n "${VAULT_LICENSE}" ]]; then
+    vault write sys/license text="${VAULT_LICENSE}"
 
-  inQuotesRegex='".*"'
-  codeLinesStarted=false
-  while read -r line; do
-        if [[ $line == *"ExternalPluginsEnt"* ]] ; then
-        codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
-        break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault secrets enable "${plugin}"
+    codeLinesStarted=false
+
+    while read -r line; do
+        if [[ $line == *"ExternalPluginsEnt:"* ]] ; then
+            codeLinesStarted=true
+        elif [[ $line == *"addExtPluginsEntImpl("* ]] ; then
+            break
+        elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+            secrets_plugin_previous=""
+        elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+            ent_plugin_current=${BASH_REMATCH[1]}
+
+            if [[ -n "${ent_plugin_previous}" ]] ; then
+                echo "enabling enterprise plugin: ${ent_plugin_previous}"
+                vault secrets enable "${ent_plugin_previous}"
+            fi
+
+            ent_plugin_previous="${ent_plugin_current}"
+        fi
+    done <$entRegFile
+
+    if [[ -n "${ent_plugin_previous}" ]] ; then
+        echo "enabling enterprise plugin: ${ent_plugin_previous}"
+        vault secrets enable "${ent_plugin_previous}"
     fi
-  done <$entRegFile
 fi
 
 # Output OpenAPI, optionally formatted