use BUILD_MINIMAL env to build minimal Vault with few storage options and plugins (#27394)

2025-11-02 03:27:54 +00:00 · 2024-06-12 09:53:49 -07:00
parent c4fcb4a086
commit 83111c010c
12 changed files with 417 additions and 217 deletions
--- a/6
+++ b/6
@@ -22,6 +22,12 @@ ifneq ($(FDB_ENABLED), )
 	BUILD_TAGS+=foundationdb
 endif
 # Set BUILD_MINIMAL to a non-empty value to build a minimal version of Vault with only core features.
 BUILD_MINIMAL ?=
 ifneq ($(strip $(BUILD_MINIMAL)),)
 	BUILD_TAGS+=minimal
 endif
 default: dev
 # bin generates the releasable binaries for Vault
--- a/changelog/27394.txt
+++ b/changelog/27394.txt
@@ -0,0 +1,4 @@
 ```release-note:feature
 **Vault Minimal Version**: Add the ability to build a minimal version of Vault
 with only core features using the BUILD_MINIMAL environment variable.
 ```
--- a/command/commands.go
+++ b/command/commands.go
@@ -10,48 +10,18 @@ import (
 	"github.com/hashicorp/cli"
 	hcpvlib "github.com/hashicorp/vault-hcp-lib"
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credOIDC "github.com/hashicorp/vault-plugin-auth-jwt"
 	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
 	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
 	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
 	"github.com/hashicorp/vault/audit"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credCert "github.com/hashicorp/vault/builtin/credential/cert"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
 	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credToken "github.com/hashicorp/vault/builtin/credential/token"
 	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	logicalDb "github.com/hashicorp/vault/builtin/logical/database"
 	"github.com/hashicorp/vault/builtin/plugin"
 	_ "github.com/hashicorp/vault/helper/builtinplugins"
 	physAerospike "github.com/hashicorp/vault/physical/aerospike"
 	physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
 	physAzure "github.com/hashicorp/vault/physical/azure"
 	physCassandra "github.com/hashicorp/vault/physical/cassandra"
 	physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
 	physConsul "github.com/hashicorp/vault/physical/consul"
 	physCouchDB "github.com/hashicorp/vault/physical/couchdb"
 	physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
 	physEtcd "github.com/hashicorp/vault/physical/etcd"
 	physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
 	physGCS "github.com/hashicorp/vault/physical/gcs"
 	physManta "github.com/hashicorp/vault/physical/manta"
 	physMSSQL "github.com/hashicorp/vault/physical/mssql"
 	physMySQL "github.com/hashicorp/vault/physical/mysql"
 	physOCI "github.com/hashicorp/vault/physical/oci"
 	physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
 	physRaft "github.com/hashicorp/vault/physical/raft"
 	physS3 "github.com/hashicorp/vault/physical/s3"
 	physSpanner "github.com/hashicorp/vault/physical/spanner"
 	physSwift "github.com/hashicorp/vault/physical/swift"
 	physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/physical"
 	physFile "github.com/hashicorp/vault/sdk/physical/file"
 	physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
 	sr "github.com/hashicorp/vault/serviceregistration"
 	csr "github.com/hashicorp/vault/serviceregistration/consul"
@@ -160,6 +130,23 @@ const (
 )
 var (
 	physicalBackends = map[string]physical.Factory{
 		"inmem_ha":               physInmem.NewInmemHA,
 		"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
 		"inmem_transactional":    physInmem.NewTransactionalInmem,
 		"inmem":                  physInmem.NewInmem,
 		"raft":                   physRaft.NewRaftBackend,
 	}
 	loginHandlers = map[string]LoginHandler{
 		"cert":  &credCert.CLIHandler{},
 		"oidc":  &credOIDC.CLIHandler{},
 		"token": &credToken.CLIHandler{},
 		"userpass": &credUserpass.CLIHandler{
 			DefaultMount: "userpass",
 		},
 	}
 	auditBackends = map[string]audit.Factory{
 		"file":   audit.NewFileBackend,
 		"socket": audit.NewSocketBackend,
@@ -178,66 +165,15 @@ var (
 		"kv": logicalKv.Factory,
 	}
 	physicalBackends = map[string]physical.Factory{
 		"aerospike":              physAerospike.NewAerospikeBackend,
 		"alicloudoss":            physAliCloudOSS.NewAliCloudOSSBackend,
 		"azure":                  physAzure.NewAzureBackend,
 		"cassandra":              physCassandra.NewCassandraBackend,
 		"cockroachdb":            physCockroachDB.NewCockroachDBBackend,
 		"consul":                 physConsul.NewConsulBackend,
 		"couchdb_transactional":  physCouchDB.NewTransactionalCouchDBBackend,
 		"couchdb":                physCouchDB.NewCouchDBBackend,
 		"dynamodb":               physDynamoDB.NewDynamoDBBackend,
 		"etcd":                   physEtcd.NewEtcdBackend,
 		"file_transactional":     physFile.NewTransactionalFileBackend,
 		"file":                   physFile.NewFileBackend,
 		"foundationdb":           physFoundationDB.NewFDBBackend,
 		"gcs":                    physGCS.NewBackend,
 		"inmem_ha":               physInmem.NewInmemHA,
 		"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
 		"inmem_transactional":    physInmem.NewTransactionalInmem,
 		"inmem":                  physInmem.NewInmem,
 		"manta":                  physManta.NewMantaBackend,
 		"mssql":                  physMSSQL.NewMSSQLBackend,
 		"mysql":                  physMySQL.NewMySQLBackend,
 		"oci":                    physOCI.NewBackend,
 		"postgresql":             physPostgreSQL.NewPostgreSQLBackend,
 		"s3":                     physS3.NewS3Backend,
 		"spanner":                physSpanner.NewBackend,
 		"swift":                  physSwift.NewSwiftBackend,
 		"raft":                   physRaft.NewRaftBackend,
 		"zookeeper":              physZooKeeper.NewZooKeeperBackend,
 	}
 	serviceRegistrations = map[string]sr.Factory{
 		"consul":     csr.NewServiceRegistration,
 		"kubernetes": ksr.NewServiceRegistration,
 	}
 	loginHandlers = map[string]LoginHandler{
 		"alicloud": &credAliCloud.CLIHandler{},
 		"aws":      &credAws.CLIHandler{},
 		"cert":     &credCert.CLIHandler{},
 		"cf":       &credCF.CLIHandler{},
 		"gcp":      &credGcp.CLIHandler{},
 		"github":   &credGitHub.CLIHandler{},
 		"kerberos": &credKerb.CLIHandler{},
 		"ldap":     &credLdap.CLIHandler{},
 		"oci":      &credOCI.CLIHandler{},
 		"oidc":     &credOIDC.CLIHandler{},
 		"okta":     &credOkta.CLIHandler{},
 		"pcf":      &credCF.CLIHandler{}, // Deprecated.
 		"radius": &credUserpass.CLIHandler{
 			DefaultMount: "radius",
 		},
 		"token": &credToken.CLIHandler{},
 		"userpass": &credUserpass.CLIHandler{
 			DefaultMount: "userpass",
 		},
 	}
 )
 func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
 	extendAddonCommands()
 	getBaseCommand := func() *BaseCommand {
 		return &BaseCommand{
 			UI:             ui,
--- a/command/commands_full.go
+++ b/command/commands_full.go
@@ -0,0 +1,96 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build !minimal
 package command
 import (
 	"maps"
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
 	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
 	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	_ "github.com/hashicorp/vault/helper/builtinplugins"
 	physAerospike "github.com/hashicorp/vault/physical/aerospike"
 	physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
 	physAzure "github.com/hashicorp/vault/physical/azure"
 	physCassandra "github.com/hashicorp/vault/physical/cassandra"
 	physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
 	physConsul "github.com/hashicorp/vault/physical/consul"
 	physCouchDB "github.com/hashicorp/vault/physical/couchdb"
 	physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
 	physEtcd "github.com/hashicorp/vault/physical/etcd"
 	physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
 	physGCS "github.com/hashicorp/vault/physical/gcs"
 	physManta "github.com/hashicorp/vault/physical/manta"
 	physMSSQL "github.com/hashicorp/vault/physical/mssql"
 	physMySQL "github.com/hashicorp/vault/physical/mysql"
 	physOCI "github.com/hashicorp/vault/physical/oci"
 	physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
 	physS3 "github.com/hashicorp/vault/physical/s3"
 	physSpanner "github.com/hashicorp/vault/physical/spanner"
 	physSwift "github.com/hashicorp/vault/physical/swift"
 	physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
 	"github.com/hashicorp/vault/sdk/physical"
 	physFile "github.com/hashicorp/vault/sdk/physical/file"
 )
 func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) {
 	addonPhysicalBackends := map[string]physical.Factory{
 		"aerospike":             physAerospike.NewAerospikeBackend,
 		"alicloudoss":           physAliCloudOSS.NewAliCloudOSSBackend,
 		"azure":                 physAzure.NewAzureBackend,
 		"cassandra":             physCassandra.NewCassandraBackend,
 		"cockroachdb":           physCockroachDB.NewCockroachDBBackend,
 		"consul":                physConsul.NewConsulBackend,
 		"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
 		"couchdb":               physCouchDB.NewCouchDBBackend,
 		"dynamodb":              physDynamoDB.NewDynamoDBBackend,
 		"etcd":                  physEtcd.NewEtcdBackend,
 		"file_transactional":    physFile.NewTransactionalFileBackend,
 		"file":                  physFile.NewFileBackend,
 		"foundationdb":          physFoundationDB.NewFDBBackend,
 		"gcs":                   physGCS.NewBackend,
 		"manta":                 physManta.NewMantaBackend,
 		"mssql":                 physMSSQL.NewMSSQLBackend,
 		"mysql":                 physMySQL.NewMySQLBackend,
 		"oci":                   physOCI.NewBackend,
 		"postgresql":            physPostgreSQL.NewPostgreSQLBackend,
 		"s3":                    physS3.NewS3Backend,
 		"spanner":               physSpanner.NewBackend,
 		"swift":                 physSwift.NewSwiftBackend,
 		"zookeeper":             physZooKeeper.NewZooKeeperBackend,
 	}
 	addonLoginHandlers := map[string]LoginHandler{
 		"alicloud": &credAliCloud.CLIHandler{},
 		"aws":      &credAws.CLIHandler{},
 		"cf":       &credCF.CLIHandler{},
 		"gcp":      &credGcp.CLIHandler{},
 		"github":   &credGitHub.CLIHandler{},
 		"kerberos": &credKerb.CLIHandler{},
 		"ldap":     &credLdap.CLIHandler{},
 		"oci":      &credOCI.CLIHandler{},
 		"okta":     &credOkta.CLIHandler{},
 		"pcf":      &credCF.CLIHandler{}, // Deprecated.
 		"radius": &credUserpass.CLIHandler{
 			DefaultMount: "radius",
 		},
 	}
 	return addonPhysicalBackends, addonLoginHandlers
 }
 func extendAddonCommands() {
 	addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands()
 	maps.Copy(physicalBackends, addonPhysicalBackends)
 	maps.Copy(loginHandlers, addonLoginHandlers)
 }
--- a/command/commands_full_test.go
+++ b/command/commands_full_test.go
@@ -0,0 +1,45 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build !enterprise && !minimal
 package command
 import (
 	"maps"
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 // Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with
 // those generated by newFullAddonCommands()
 func Test_extendAddonCommands(t *testing.T) {
 	expMinPhysicalBackends := maps.Clone(physicalBackends)
 	expMinLoginHandlers := maps.Clone(loginHandlers)
 	expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands()
 	extendAddonCommands()
 	require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends),
 		"extended total physical backends mismatch total of minimal and full addon physical backends")
 	require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers),
 		"extended total login handlers mismatch total of minimal and full addon login handlers")
 	for k := range expMinPhysicalBackends {
 		require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend")
 	}
 	for k := range expAddonPhysicalBackends {
 		require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend")
 	}
 	for k := range expMinLoginHandlers {
 		require.Contains(t, loginHandlers, k, "expected to contain minimal login handler")
 	}
 	for k := range expAddonLoginHandlers {
 		require.Contains(t, loginHandlers, k, "expected to contain full addon login handler")
 	}
 }
--- a/command/commands_min.go
+++ b/command/commands_min.go
@@ -0,0 +1,14 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build minimal
 package command
 import (
 	_ "github.com/hashicorp/vault/helper/builtinplugins"
 )
 func extendAddonCommands() {
 	// No-op
 }
--- a/command/commands_test.go
+++ b/command/commands_test.go
@@ -26,8 +26,6 @@ func Test_Commands_HCPInit(t *testing.T) {
 	for n, tst := range tests {
 		t.Run(n, func(t *testing.T) {
 			t.Parallel()
 			mockUi := cli.NewMockUi()
 			commands := initCommands(mockUi, nil, nil)
 			if tst.expectError {
--- a/helper/builtinplugins/registry.go
+++ b/helper/builtinplugins/registry.go
@@ -6,54 +6,14 @@ package builtinplugins
 import (
 	"context"
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credAzure "github.com/hashicorp/vault-plugin-auth-azure"
 	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credJWT "github.com/hashicorp/vault-plugin-auth-jwt"
 	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
 	credKube "github.com/hashicorp/vault-plugin-auth-kubernetes"
 	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
 	dbCouchbase "github.com/hashicorp/vault-plugin-database-couchbase"
 	dbElastic "github.com/hashicorp/vault-plugin-database-elasticsearch"
 	dbMongoAtlas "github.com/hashicorp/vault-plugin-database-mongodbatlas"
 	dbRedis "github.com/hashicorp/vault-plugin-database-redis"
 	dbRedisElastiCache "github.com/hashicorp/vault-plugin-database-redis-elasticache"
 	dbSnowflake "github.com/hashicorp/vault-plugin-database-snowflake"
 	logicalAd "github.com/hashicorp/vault-plugin-secrets-ad/plugin"
 	logicalAlicloud "github.com/hashicorp/vault-plugin-secrets-alicloud"
 	logicalAzure "github.com/hashicorp/vault-plugin-secrets-azure"
 	logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin"
 	logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms"
 	logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes"
 	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
 	logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas"
 	logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap"
 	logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform"
 	credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credCert "github.com/hashicorp/vault/builtin/credential/cert"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
 	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credRadius "github.com/hashicorp/vault/builtin/credential/radius"
 	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	logicalAws "github.com/hashicorp/vault/builtin/logical/aws"
 	logicalConsul "github.com/hashicorp/vault/builtin/logical/consul"
 	logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad"
 	logicalPki "github.com/hashicorp/vault/builtin/logical/pki"
 	logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq"
 	logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh"
 	logicalTotp "github.com/hashicorp/vault/builtin/logical/totp"
 	logicalTransit "github.com/hashicorp/vault/builtin/logical/transit"
 	dbCass "github.com/hashicorp/vault/plugins/database/cassandra"
 	dbHana "github.com/hashicorp/vault/plugins/database/hana"
 	dbInflux "github.com/hashicorp/vault/plugins/database/influxdb"
 	dbMongo "github.com/hashicorp/vault/plugins/database/mongodb"
 	dbMssql "github.com/hashicorp/vault/plugins/database/mssql"
 	dbMysql "github.com/hashicorp/vault/plugins/database/mysql"
 	dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql"
 	dbRedshift "github.com/hashicorp/vault/plugins/database/redshift"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -93,104 +53,29 @@ func removedFactory(ctx context.Context, config *logical.BackendConfig) (logical
 	return removedBackend, nil
 }
-func newRegistry() *registry {
+func newMinimalRegistry() *registry {
-	reg := &registry{
+	return &registry{
 		credentialBackends: map[string]credentialBackend{
 			"alicloud": {Factory: credAliCloud.Factory},
 			"app-id": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"approle":  {Factory: credAppRole.Factory},
 			"aws":        {Factory: credAws.Factory},
 			"azure":      {Factory: credAzure.Factory},
 			"cert":     {Factory: credCert.Factory},
 			"cf":         {Factory: credCF.Factory},
 			"gcp":        {Factory: credGcp.Factory},
 			"github":     {Factory: credGitHub.Factory},
 			"jwt":      {Factory: credJWT.Factory},
 			"kerberos":   {Factory: credKerb.Factory},
 			"kubernetes": {Factory: credKube.Factory},
 			"ldap":       {Factory: credLdap.Factory},
 			"oci":        {Factory: credOCI.Factory},
 			"oidc":     {Factory: credJWT.Factory},
 			"okta":       {Factory: credOkta.Factory},
 			"pcf": {
 				Factory:           credCF.Factory,
 				DeprecationStatus: consts.Deprecated,
 			},
 			"radius":   {Factory: credRadius.Factory},
 			"userpass": {Factory: credUserpass.Factory},
 		},
-		databasePlugins: map[string]databasePlugin{
+		databasePlugins: map[string]databasePlugin{},
 			// These four plugins all use the same mysql implementation but with
 			// different username settings passed by the constructor.
 			"mysql-database-plugin":        {Factory: dbMysql.New(dbMysql.DefaultUserNameTemplate)},
 			"mysql-aurora-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"mysql-rds-database-plugin":    {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"mysql-legacy-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"cassandra-database-plugin":         {Factory: dbCass.New},
 			"couchbase-database-plugin":         {Factory: dbCouchbase.New},
 			"elasticsearch-database-plugin":     {Factory: dbElastic.New},
 			"hana-database-plugin":              {Factory: dbHana.New},
 			"influxdb-database-plugin":          {Factory: dbInflux.New},
 			"mongodb-database-plugin":           {Factory: dbMongo.New},
 			"mongodbatlas-database-plugin":      {Factory: dbMongoAtlas.New},
 			"mssql-database-plugin":             {Factory: dbMssql.New},
 			"postgresql-database-plugin":        {Factory: dbPostgres.New},
 			"redshift-database-plugin":          {Factory: dbRedshift.New},
 			"redis-database-plugin":             {Factory: dbRedis.New},
 			"redis-elasticache-database-plugin": {Factory: dbRedisElastiCache.New},
 			"snowflake-database-plugin":         {Factory: dbSnowflake.New},
 		},
 		logicalBackends: map[string]logicalBackend{
 			"ad": {
 				Factory:           logicalAd.Factory,
 				DeprecationStatus: consts.Deprecated,
 			},
 			"alicloud": {Factory: logicalAlicloud.Factory},
 			"aws":      {Factory: logicalAws.Factory},
 			"azure":    {Factory: logicalAzure.Factory},
 			"cassandra": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"consul":     {Factory: logicalConsul.Factory},
 			"gcp":        {Factory: logicalGcp.Factory},
 			"gcpkms":     {Factory: logicalGcpKms.Factory},
 			"kubernetes": {Factory: logicalKube.Factory},
 			"kv":      {Factory: logicalKv.Factory},
 			"mongodb": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			// The mongodbatlas secrets engine is not the same as the database plugin equivalent
 			// (`mongodbatlas-database-plugin`), and thus will not be deprecated at this time.
 			"mongodbatlas": {Factory: logicalMongoAtlas.Factory},
 			"mssql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"mysql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"nomad":    {Factory: logicalNomad.Factory},
 			"openldap": {Factory: logicalLDAP.Factory},
 			"ldap":     {Factory: logicalLDAP.Factory},
 			"pki":     {Factory: logicalPki.Factory},
 			"postgresql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"rabbitmq":  {Factory: logicalRabbit.Factory},
 			"ssh":     {Factory: logicalSsh.Factory},
 			"terraform": {Factory: logicalTerraform.Factory},
 			"totp":      {Factory: logicalTotp.Factory},
 			"transit": {Factory: logicalTransit.Factory},
 		},
 	}
 }
 func newRegistry() *registry {
 	reg := newMinimalRegistry()
 	extendAddonPlugins(reg)
 	entAddExtPlugins(reg)
--- a/helper/builtinplugins/registry_full.go
+++ b/helper/builtinplugins/registry_full.go
@@ -0,0 +1,149 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build !minimal
 package builtinplugins
 import (
 	"maps"
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credAzure "github.com/hashicorp/vault-plugin-auth-azure"
 	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
 	credKube "github.com/hashicorp/vault-plugin-auth-kubernetes"
 	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
 	dbCouchbase "github.com/hashicorp/vault-plugin-database-couchbase"
 	dbElastic "github.com/hashicorp/vault-plugin-database-elasticsearch"
 	dbMongoAtlas "github.com/hashicorp/vault-plugin-database-mongodbatlas"
 	dbRedis "github.com/hashicorp/vault-plugin-database-redis"
 	dbRedisElastiCache "github.com/hashicorp/vault-plugin-database-redis-elasticache"
 	dbSnowflake "github.com/hashicorp/vault-plugin-database-snowflake"
 	logicalAd "github.com/hashicorp/vault-plugin-secrets-ad/plugin"
 	logicalAlicloud "github.com/hashicorp/vault-plugin-secrets-alicloud"
 	logicalAzure "github.com/hashicorp/vault-plugin-secrets-azure"
 	logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin"
 	logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms"
 	logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes"
 	logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas"
 	logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap"
 	logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
 	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credRadius "github.com/hashicorp/vault/builtin/credential/radius"
 	logicalAws "github.com/hashicorp/vault/builtin/logical/aws"
 	logicalConsul "github.com/hashicorp/vault/builtin/logical/consul"
 	logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad"
 	logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq"
 	logicalTotp "github.com/hashicorp/vault/builtin/logical/totp"
 	dbCass "github.com/hashicorp/vault/plugins/database/cassandra"
 	dbHana "github.com/hashicorp/vault/plugins/database/hana"
 	dbInflux "github.com/hashicorp/vault/plugins/database/influxdb"
 	dbMongo "github.com/hashicorp/vault/plugins/database/mongodb"
 	dbMssql "github.com/hashicorp/vault/plugins/database/mssql"
 	dbMysql "github.com/hashicorp/vault/plugins/database/mysql"
 	dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql"
 	dbRedshift "github.com/hashicorp/vault/plugins/database/redshift"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 )
 func newFullAddonRegistry() *registry {
 	return &registry{
 		credentialBackends: map[string]credentialBackend{
 			"alicloud": {Factory: credAliCloud.Factory},
 			"app-id": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"aws":        {Factory: credAws.Factory},
 			"azure":      {Factory: credAzure.Factory},
 			"cf":         {Factory: credCF.Factory},
 			"gcp":        {Factory: credGcp.Factory},
 			"github":     {Factory: credGitHub.Factory},
 			"kerberos":   {Factory: credKerb.Factory},
 			"kubernetes": {Factory: credKube.Factory},
 			"ldap":       {Factory: credLdap.Factory},
 			"oci":        {Factory: credOCI.Factory},
 			"okta":       {Factory: credOkta.Factory},
 			"pcf": {
 				Factory:           credCF.Factory,
 				DeprecationStatus: consts.Deprecated,
 			},
 			"radius": {Factory: credRadius.Factory},
 		},
 		databasePlugins: map[string]databasePlugin{
 			// These four plugins all use the same mysql implementation but with
 			// different username settings passed by the constructor.
 			"mysql-database-plugin":        {Factory: dbMysql.New(dbMysql.DefaultUserNameTemplate)},
 			"mysql-aurora-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"mysql-rds-database-plugin":    {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"mysql-legacy-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)},
 			"cassandra-database-plugin":         {Factory: dbCass.New},
 			"couchbase-database-plugin":         {Factory: dbCouchbase.New},
 			"elasticsearch-database-plugin":     {Factory: dbElastic.New},
 			"hana-database-plugin":              {Factory: dbHana.New},
 			"influxdb-database-plugin":          {Factory: dbInflux.New},
 			"mongodb-database-plugin":           {Factory: dbMongo.New},
 			"mongodbatlas-database-plugin":      {Factory: dbMongoAtlas.New},
 			"mssql-database-plugin":             {Factory: dbMssql.New},
 			"postgresql-database-plugin":        {Factory: dbPostgres.New},
 			"redshift-database-plugin":          {Factory: dbRedshift.New},
 			"redis-database-plugin":             {Factory: dbRedis.New},
 			"redis-elasticache-database-plugin": {Factory: dbRedisElastiCache.New},
 			"snowflake-database-plugin":         {Factory: dbSnowflake.New},
 		},
 		logicalBackends: map[string]logicalBackend{
 			"ad": {
 				Factory:           logicalAd.Factory,
 				DeprecationStatus: consts.Deprecated,
 			},
 			"alicloud": {Factory: logicalAlicloud.Factory},
 			"aws":      {Factory: logicalAws.Factory},
 			"azure":    {Factory: logicalAzure.Factory},
 			"cassandra": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"consul":     {Factory: logicalConsul.Factory},
 			"gcp":        {Factory: logicalGcp.Factory},
 			"gcpkms":     {Factory: logicalGcpKms.Factory},
 			"kubernetes": {Factory: logicalKube.Factory},
 			"mongodb": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"mongodbatlas": {Factory: logicalMongoAtlas.Factory},
 			"mssql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"mysql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"nomad":    {Factory: logicalNomad.Factory},
 			"openldap": {Factory: logicalLDAP.Factory},
 			"ldap":     {Factory: logicalLDAP.Factory},
 			"postgresql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"rabbitmq":  {Factory: logicalRabbit.Factory},
 			"terraform": {Factory: logicalTerraform.Factory},
 			"totp":      {Factory: logicalTotp.Factory},
 		},
 	}
 }
 func extendAddonPlugins(reg *registry) {
 	addonReg := newFullAddonRegistry()
 	maps.Copy(reg.credentialBackends, addonReg.credentialBackends)
 	maps.Copy(reg.databasePlugins, addonReg.databasePlugins)
 	maps.Copy(reg.logicalBackends, addonReg.logicalBackends)
 }
--- a/helper/builtinplugins/registry_full_test.go
+++ b/helper/builtinplugins/registry_full_test.go
@@ -0,0 +1,30 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build !enterprise && !minimal
 package builtinplugins
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 // Test_newRegistry tests that newRegistry() returns a registry with
 // the expected minimal registry extended with full addon registry
 func Test_newRegistry(t *testing.T) {
 	actual := newRegistry()
 	expMinimal := newMinimalRegistry()
 	expFullAddon := newFullAddonRegistry()
 	require.Equal(t, len(expMinimal.credentialBackends)+len(expFullAddon.credentialBackends), len(actual.credentialBackends),
 		"newRegistry() total auth backends mismatch total of minimal and full addon registries")
 	require.Equal(t, len(expMinimal.databasePlugins)+len(expFullAddon.databasePlugins), len(actual.databasePlugins),
 		"newRegistry() total database plugins mismatch total of minimal and full addon registries")
 	require.Equal(t, len(expMinimal.logicalBackends)+len(expFullAddon.logicalBackends), len(actual.logicalBackends),
 		"newRegistry() total logical backends mismatch total of minimal and full addon registries")
 	assertRegistrySubset(t, actual, expMinimal, "common")
 	assertRegistrySubset(t, actual, expFullAddon, "full addon")
 }
--- a/helper/builtinplugins/registry_min.go
+++ b/helper/builtinplugins/registry_min.go
@@ -0,0 +1,10 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 //go:build minimal
 package builtinplugins
 func extendAddonPlugins(_ *registry) {
 	// No-op
 }
--- a/helper/builtinplugins/registry_testing_util.go
+++ b/helper/builtinplugins/registry_testing_util.go
@@ -0,0 +1,27 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 package builtinplugins
 import (
 	"fmt"
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func assertRegistrySubset(t *testing.T, r, subset *registry, subsetName string) {
 	t.Helper()
 	for k := range subset.credentialBackends {
 		require.Contains(t, r.credentialBackends, k, fmt.Sprintf("expected to contain %s auth backend", subsetName))
 	}
 	for k := range subset.databasePlugins {
 		require.Contains(t, r.databasePlugins, k, fmt.Sprintf("expected to contain %s database plugin", subsetName))
 	}
 	for k := range subset.logicalBackends {
 		require.Contains(t, r.logicalBackends, k, fmt.Sprintf("expected to contain %s logical backend", subsetName))
 	}
 }