fix plugin register cli error on unfound oci images

[thyton]

The vault plugin register command doesn't return an error when the image isn't found. This PR refactors the logic in generating errors in getting backend type version and generating an error response through the system backend when both containerized plugin v4 and v5 loads fail.

[github-actions]

Build Results:
All builds succeeded! ✅

[github-actions]

CI Results:
All Go tests succeeded! ✅

[tomhjp]

This seems too early to return? What if running the plugin as a v5 plugin would have succeeded?

[thyton]

It looks to me we'd have actually returned the plugin version early if running the plugin as a v5 plugin succeeded. I think we attempt to run v4 plugin only when we fail to run v5 plugin. Let me know if I missed something in your question.

vault/vault/plugincatalog/plugin_catalog.go

Lines 575 to 588 in 2acac70

	// dispense the plugin so we can get its version
	client, err = backendplugin.Dispense(pc.ClientProtocol, pc)
	if err == nil {
	c.logger.Debug("successfully dispensed v5 backend plugin", "name", pluginRunner.Name)
	err = client.Setup(ctx, &logical.BackendConfig{})
	if err != nil {
	return logical.EmptyPluginVersion, nil
	}
	if versioner, ok := client.(logical.PluginVersioner); ok {
	return versioner.PluginVersion(), nil
	}
	return logical.EmptyPluginVersion, nil
	}

[tomhjp]

I don't think we need 2 sentinel errors. We should just need a sentinel error along the lines of "unable to run plugin", and we can return the same error from both db and backend functions.

[tomhjp]

Looking good! I left a few comments, but it's mostly just nits and CI/test considerations.

[thyton]

Thank you very much for your feedback!

[tomhjp]

LGTM! 👍