From 266d883f5bc57e828f3122d73e6c57c9e22a0e1b Mon Sep 17 00:00:00 2001
From: Mike Palmiotto <mike.palmiotto@hashicorp.com>
Date: Wed, 9 Nov 2022 09:55:18 -0500
Subject: [PATCH] plugins: Filter builtins by RunningVersion

This commit adds some logic to handle the case where a mount entry has a
non-builtin RunningVersion. This ensures that we only report deprecation
status for builtins.

This resolves VAULT-9019.
---
 vault/logical_system.go |  2 +-
 vault/mount.go          | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/vault/logical_system.go b/vault/logical_system.go
index d67ce5f2fc69d..303bc8908f22b 100644
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@@ -956,7 +956,7 @@ func (b *SystemBackend) mountInfo(ctx context.Context, entry *MountEntry) map[st
 	}
 
 	// Add deprecation status only if it exists
-	builtinType := b.Core.builtinTypeFromMountEntry(ctx, entry)
+	builtinType := b.Core.builtinTypeFromMountEntry(ctx, entry, entry.RunningVersion)
 	if status, ok := b.Core.builtinRegistry.DeprecationStatus(entry.Type, builtinType); ok {
 		info["deprecation_status"] = status.String()
 	}
diff --git a/vault/mount.go b/vault/mount.go
index b3b76396ab41f..574bbc4d116f3 100644
--- a/vault/mount.go
+++ b/vault/mount.go
@@ -712,13 +712,18 @@ func (c *Core) mountInternal(ctx context.Context, entry *MountEntry, updateStora
 
 // builtinTypeFromMountEntry attempts to find a builtin PluginType associated
 // with the specified MountEntry. Returns consts.PluginTypeUnknown if not found.
-func (c *Core) builtinTypeFromMountEntry(ctx context.Context, entry *MountEntry) consts.PluginType {
+func (c *Core) builtinTypeFromMountEntry(ctx context.Context, entry *MountEntry, version string) consts.PluginType {
 	if c.builtinRegistry == nil || entry == nil {
 		return consts.PluginTypeUnknown
 	}
 
+	// Builtin plugins should contain the "builtin" string in their RunningVersion
+	if !strings.Contains(version, "builtin") {
+		return consts.PluginTypeUnknown
+	}
+
 	builtinPluginType := func(name string, pluginType consts.PluginType) (consts.PluginType, bool) {
-		plugin, err := c.pluginCatalog.Get(ctx, name, pluginType, "")
+		plugin, err := c.pluginCatalog.Get(ctx, name, pluginType, version)
 		if err == nil && plugin != nil && plugin.Builtin {
 			return plugin.Type, true
 		}
@@ -964,7 +969,7 @@ func (c *Core) handleDeprecatedMountEntry(ctx context.Context, entry *MountEntry
 
 	// Allow type to be determined from mount entry when not otherwise specified
 	if pluginType == consts.PluginTypeUnknown {
-		pluginType = c.builtinTypeFromMountEntry(ctx, entry)
+		pluginType = c.builtinTypeFromMountEntry(ctx, entry, entry.RunningVersion)
 	}
 
 	// Handle aliases