secrets/database: fixes external plugin reconnect after shutdown for …

…v4 and v5 interface (#12087) (#12104) * secrets/database: fixes external plugin shutdown reconnect for v5 interface * adds changelog entry * fixes handling of plugin shutdown for password generation on v4 interface
hashicorp · Jul 15, 2021 · a9ae65d · a9ae65d
1 parent d7cb1ff
commit a9ae65d
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/builtin/logical/database/backend.go b/builtin/logical/database/backend.go
@@ -316,7 +316,7 @@ func (b *databaseBackend) clearConnection(name string) error {
 func (b *databaseBackend) CloseIfShutdown(db *dbPluginInstance, err error) {
 	// Plugin has shutdown, close it so next call can reconnect.
 	switch err {
-	case rpc.ErrShutdown, v4.ErrPluginShutdown:
+	case rpc.ErrShutdown, v4.ErrPluginShutdown, v5.ErrPluginShutdown:
 		// Put this in a goroutine so that requests can run with the read or write lock
 		// and simply defer the unlock.  Since we are attaching the instance and matching
 		// the id in the connection map, we can safely do this.

diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go
@@ -92,6 +92,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 
 		password, err := dbi.database.GeneratePassword(ctx, b.System(), dbConfig.PasswordPolicy)
 		if err != nil {
+			b.CloseIfShutdown(dbi, err)
 			return nil, fmt.Errorf("unable to generate password: %w", err)
 		}
 

diff --git a/changelog/12087.txt b/changelog/12087.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/database: Fixed an issue that prevented external database plugin processes from restarting after a shutdown.
+```