Merge branch 'master' into VAULT-672-backport

5c05a460 · Hridoy Roy · GitHub · ed98852d · a69ee0f6 · 5c05a460
Unverified Commit 5c05a460 authored 4 years ago by Hridoy Roy Committed by GitHub 4 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 220 additions and 216 deletions
+220 -216
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,7 +27,6 @@ BUG FIXES:
 * core: Fix resource leak in plugin API (plugin-dependent, not all plugins impacted) [[GH-9557](https://github.com/hashicorp/vault/pull/9557)]
 * core: Fix race involved in enabling certain features via a license change
 * identity: Check for timeouts in entity API [[GH-9925](https://github.com/hashicorp/vault/pull/9925)]
-* replication (enterprise): Fix panic when old filter path evaluation fails
 * secrets/database: Fix handling of TLS options in mongodb connection strings [[GH-9519](https://github.com/hashicorp/vault/pull/9519)]
 * secrets/gcp: Ensure that the IAM policy version is appropriately set after a roleset's bindings have changed. [[GH-93](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/93)]

@@ -228,6 +227,13 @@ BUG FIXES:
 * ui: Disallow max versions value of large than 9999999999999999 on kv2 secrets engine. [[GH-9242](https://github.com/hashicorp/vault/pull/9242)]
 * ui: Add and upgrade missing dependencies to resolve a failure with `make static-dist`. [[GH-9277](https://github.com/hashicorp/vault/pull/9371)]

+## 1.4.7.1
+### October 15th, 2020
+### Enterprise Only
+
+BUG FIXES:
+* replication (enterprise): Fix panic when old filter path evaluation fails
+
 ## 1.4.7
 ### September 24th, 2020


--- a/Makefile
+++ b/Makefile
@@ -200,7 +200,7 @@ proto:
 	protoc helper/identity/mfa/types.proto --go_out=plugins=grpc,paths=source_relative:.
 	protoc helper/identity/types.proto --go_out=plugins=grpc,paths=source_relative:.
 	protoc sdk/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:.
-	protoc sdk/database/newdbplugin/proto/*.proto --go_out=plugins=grpc,paths=source_relative:.
+	protoc sdk/database/dbplugin/v5/proto/*.proto --go_out=plugins=grpc,paths=source_relative:.
 	protoc sdk/plugin/pb/*.proto --go_out=plugins=grpc,paths=source_relative:.
 	sed -i -e 's/Id/ID/' vault/request_forwarding_service.pb.go
 	sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go vault/activity/activity_log.pb.go

--- a/builtin/logical/database/backend.go
+++ b/builtin/logical/database/backend.go
@@ -11,9 +11,9 @@ import (
 	"github.com/hashicorp/errwrap"
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-uuid"
-	"github.com/hashicorp/vault/sdk/database/dbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/database/helper/dbutil"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/locksutil"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
@@ -193,7 +193,7 @@ func (b *databaseBackend) roleAtPath(ctx context.Context, s logical.Storage, rol

 	switch {
 	case upgradeCh.Statements != nil:
-		var stmts dbplugin.Statements
+		var stmts v4.Statements
 		if upgradeCh.Statements.CreationStatements != "" {
 			stmts.Creation = []string{upgradeCh.Statements.CreationStatements}
 		}
@@ -265,7 +265,7 @@ func (b *databaseBackend) GetConnectionWithConfig(ctx context.Context, name stri
 		return nil, fmt.Errorf("unable to create database instance: %w", err)
 	}

-	initReq := newdbplugin.InitializeRequest{
+	initReq := v5.InitializeRequest{
 		Config:           config.ConnectionDetails,
 		VerifyConnection: true,
 	}
@@ -316,7 +316,7 @@ func (b *databaseBackend) clearConnection(name string) error {
 func (b *databaseBackend) CloseIfShutdown(db *dbPluginInstance, err error) {
 	// Plugin has shutdown, close it so next call can reconnect.
 	switch err {
-	case rpc.ErrShutdown, dbplugin.ErrPluginShutdown:
+	case rpc.ErrShutdown, v4.ErrPluginShutdown:
 		// Put this in a goroutine so that requests can run with the read or write lock
 		// and simply defer the unlock.  Since we are attaching the instance and matching
 		// the id in the connection map, we can safely do this.

--- a/builtin/logical/database/mocks_test.go
+++ b/builtin/logical/database/mocks_test.go
@@ -4,35 +4,35 @@ import (
 	"context"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/dbplugin"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/stretchr/testify/mock"
 )

-var _ newdbplugin.Database = &mockNewDatabase{}
+var _ v5.Database = &mockNewDatabase{}

 type mockNewDatabase struct {
 	mock.Mock
 }

-func (m *mockNewDatabase) Initialize(ctx context.Context, req newdbplugin.InitializeRequest) (newdbplugin.InitializeResponse, error) {
+func (m *mockNewDatabase) Initialize(ctx context.Context, req v5.InitializeRequest) (v5.InitializeResponse, error) {
 	args := m.Called(ctx, req)
-	return args.Get(0).(newdbplugin.InitializeResponse), args.Error(1)
+	return args.Get(0).(v5.InitializeResponse), args.Error(1)
 }

-func (m *mockNewDatabase) NewUser(ctx context.Context, req newdbplugin.NewUserRequest) (newdbplugin.NewUserResponse, error) {
+func (m *mockNewDatabase) NewUser(ctx context.Context, req v5.NewUserRequest) (v5.NewUserResponse, error) {
 	args := m.Called(ctx, req)
-	return args.Get(0).(newdbplugin.NewUserResponse), args.Error(1)
+	return args.Get(0).(v5.NewUserResponse), args.Error(1)
 }

-func (m *mockNewDatabase) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserRequest) (newdbplugin.UpdateUserResponse, error) {
+func (m *mockNewDatabase) UpdateUser(ctx context.Context, req v5.UpdateUserRequest) (v5.UpdateUserResponse, error) {
 	args := m.Called(ctx, req)
-	return args.Get(0).(newdbplugin.UpdateUserResponse), args.Error(1)
+	return args.Get(0).(v5.UpdateUserResponse), args.Error(1)
 }

-func (m *mockNewDatabase) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRequest) (newdbplugin.DeleteUserResponse, error) {
+func (m *mockNewDatabase) DeleteUser(ctx context.Context, req v5.DeleteUserRequest) (v5.DeleteUserResponse, error) {
 	args := m.Called(ctx, req)
-	return args.Get(0).(newdbplugin.DeleteUserResponse), args.Error(1)
+	return args.Get(0).(v5.DeleteUserResponse), args.Error(1)
 }

 func (m *mockNewDatabase) Type() (string, error) {
@@ -45,23 +45,23 @@ func (m *mockNewDatabase) Close() error {
 	return args.Error(0)
 }

-var _ dbplugin.Database = &mockLegacyDatabase{}
+var _ v4.Database = &mockLegacyDatabase{}

 type mockLegacyDatabase struct {
 	mock.Mock
 }

-func (m *mockLegacyDatabase) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, expiration time.Time) (username string, password string, err error) {
+func (m *mockLegacyDatabase) CreateUser(ctx context.Context, statements v4.Statements, usernameConfig v4.UsernameConfig, expiration time.Time) (username string, password string, err error) {
 	args := m.Called(ctx, statements, usernameConfig, expiration)
 	return args.String(0), args.String(1), args.Error(2)
 }

-func (m *mockLegacyDatabase) RenewUser(ctx context.Context, statements dbplugin.Statements, username string, expiration time.Time) error {
+func (m *mockLegacyDatabase) RenewUser(ctx context.Context, statements v4.Statements, username string, expiration time.Time) error {
 	args := m.Called(ctx, statements, username, expiration)
 	return args.Error(0)
 }

-func (m *mockLegacyDatabase) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error {
+func (m *mockLegacyDatabase) RevokeUser(ctx context.Context, statements v4.Statements, username string) error {
 	args := m.Called(ctx, statements, username)
 	return args.Error(0)
 }
@@ -76,7 +76,7 @@ func (m *mockLegacyDatabase) GenerateCredentials(ctx context.Context) (string, e
 	return args.String(0), args.Error(1)
 }

-func (m *mockLegacyDatabase) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticConfig dbplugin.StaticUserConfig) (username string, password string, err error) {
+func (m *mockLegacyDatabase) SetCredentials(ctx context.Context, statements v4.Statements, staticConfig v4.StaticUserConfig) (username string, password string, err error) {
 	args := m.Called(ctx, statements, staticConfig)
 	return args.String(0), args.String(1), args.Error(2)
 }

--- a/builtin/logical/database/mockv4.go
+++ b/builtin/logical/database/mockv4.go
@@ -7,7 +7,7 @@ import (

 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/sdk/database/dbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
 )

 const mockV4Type = "mockv4"
@@ -17,7 +17,7 @@ type MockDatabaseV4 struct {
 	config map[string]interface{}
 }

-var _ dbplugin.Database = &MockDatabaseV4{}
+var _ v4.Database = &MockDatabaseV4{}

 // New returns a new in-memory instance
 func NewV4() (interface{}, error) {
@@ -31,7 +31,7 @@ func RunV4(apiTLSConfig *api.TLSConfig) error {
 		return err
 	}

-	dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))
+	v4.Serve(dbType.(v4.Database), api.VaultPluginTLSProvider(apiTLSConfig))

 	return nil
 }
@@ -49,7 +49,7 @@ func (m MockDatabaseV4) Initialize(ctx context.Context, config map[string]interf
 	return err
 }

-func (m MockDatabaseV4) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, expiration time.Time) (username string, password string, err error) {
+func (m MockDatabaseV4) CreateUser(ctx context.Context, statements v4.Statements, usernameConfig v4.UsernameConfig, expiration time.Time) (username string, password string, err error) {
 	log.Default().Info("CreateUser called",
 		"statements", statements,
 		"usernameConfig", usernameConfig,
@@ -64,7 +64,7 @@ func (m MockDatabaseV4) CreateUser(ctx context.Context, statements dbplugin.Stat
 	return user, pass, nil
 }

-func (m MockDatabaseV4) RenewUser(ctx context.Context, statements dbplugin.Statements, username string, expiration time.Time) error {
+func (m MockDatabaseV4) RenewUser(ctx context.Context, statements v4.Statements, username string, expiration time.Time) error {
 	log.Default().Info("RenewUser called",
 		"statements", statements,
 		"username", username,
@@ -73,7 +73,7 @@ func (m MockDatabaseV4) RenewUser(ctx context.Context, statements dbplugin.State
 	return nil
 }

-func (m MockDatabaseV4) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error {
+func (m MockDatabaseV4) RevokeUser(ctx context.Context, statements v4.Statements, username string) error {
 	log.Default().Info("RevokeUser called",
 		"statements", statements,
 		"username", username)
@@ -94,7 +94,7 @@ func (m MockDatabaseV4) RotateRootCredentials(ctx context.Context, statements []
 	return m.config, nil
 }

-func (m MockDatabaseV4) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticConfig dbplugin.StaticUserConfig) (username string, password string, err error) {
+func (m MockDatabaseV4) SetCredentials(ctx context.Context, statements v4.Statements, staticConfig v4.StaticUserConfig) (username string, password string, err error) {
 	log.Default().Info("SetCredentials called",
 		"statements", statements,
 		"staticConfig", staticConfig)

--- a/builtin/logical/database/mockv5.go
+++ b/builtin/logical/database/mockv5.go
@@ -7,7 +7,7 @@ import (

 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 )

 const mockV5Type = "mockv5"
@@ -17,7 +17,7 @@ type MockDatabaseV5 struct {
 	config map[string]interface{}
 }

-var _ newdbplugin.Database = &MockDatabaseV5{}
+var _ v5.Database = &MockDatabaseV5{}

 // New returns a new in-memory instance
 func New() (interface{}, error) {
@@ -32,46 +32,46 @@ func RunV5(apiTLSConfig *api.TLSConfig) error {
 		return err
 	}

-	newdbplugin.Serve(dbType.(newdbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))
+	v5.Serve(dbType.(v5.Database), api.VaultPluginTLSProvider(apiTLSConfig))

 	return nil
 }

-func (m MockDatabaseV5) Initialize(ctx context.Context, req newdbplugin.InitializeRequest) (newdbplugin.InitializeResponse, error) {
+func (m MockDatabaseV5) Initialize(ctx context.Context, req v5.InitializeRequest) (v5.InitializeResponse, error) {
 	log.Default().Info("Initialize called",
 		"req", req)

 	config := req.Config
 	config["from-plugin"] = "this value is from the plugin itself"

-	resp := newdbplugin.InitializeResponse{
+	resp := v5.InitializeResponse{
 		Config: req.Config,
 	}
 	return resp, nil
 }

-func (m MockDatabaseV5) NewUser(ctx context.Context, req newdbplugin.NewUserRequest) (newdbplugin.NewUserResponse, error) {
+func (m MockDatabaseV5) NewUser(ctx context.Context, req v5.NewUserRequest) (v5.NewUserResponse, error) {
 	log.Default().Info("NewUser called",
 		"req", req)

 	now := time.Now()
 	user := fmt.Sprintf("mockv5_user_%s", now.Format(time.RFC3339))
-	resp := newdbplugin.NewUserResponse{
+	resp := v5.NewUserResponse{
 		Username: user,
 	}
 	return resp, nil
 }

-func (m MockDatabaseV5) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserRequest) (newdbplugin.UpdateUserResponse, error) {
+func (m MockDatabaseV5) UpdateUser(ctx context.Context, req v5.UpdateUserRequest) (v5.UpdateUserResponse, error) {
 	log.Default().Info("UpdateUser called",
 		"req", req)
-	return newdbplugin.UpdateUserResponse{}, nil
+	return v5.UpdateUserResponse{}, nil
 }

-func (m MockDatabaseV5) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRequest) (newdbplugin.DeleteUserResponse, error) {
+func (m MockDatabaseV5) DeleteUser(ctx context.Context, req v5.DeleteUserRequest) (v5.DeleteUserResponse, error) {
 	log.Default().Info("DeleteUser called",
 		"req", req)
-	return newdbplugin.DeleteUserResponse{}, nil
+	return v5.DeleteUserResponse{}, nil
 }

 func (m MockDatabaseV5) Type() (string, error) {

--- a/builtin/logical/database/path_config_connection.go
+++ b/builtin/logical/database/path_config_connection.go
@@ -10,7 +10,7 @@ import (
 	"github.com/fatih/structs"
 	"github.com/hashicorp/errwrap"
 	uuid "github.com/hashicorp/go-uuid"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )
@@ -318,7 +318,7 @@ func (b *databaseBackend) connectionWriteHandler() framework.OperationFunc {
 			return logical.ErrorResponse("error creating database object: %s", err), nil
 		}

-		initReq := newdbplugin.InitializeRequest{
+		initReq := v5.InitializeRequest{
 			Config:           config.ConnectionDetails,
 			VerifyConnection: verifyConnection,
 		}

--- a/builtin/logical/database/path_creds_create.go
+++ b/builtin/logical/database/path_creds_create.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -95,15 +95,15 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			return nil, fmt.Errorf("unable to generate password: %w", err)
 		}

-		newUserReq := newdbplugin.NewUserRequest{
-			UsernameConfig: newdbplugin.UsernameMetadata{
+		newUserReq := v5.NewUserRequest{
+			UsernameConfig: v5.UsernameMetadata{
 				DisplayName: req.DisplayName,
 				RoleName:    name,
 			},
-			Statements: newdbplugin.Statements{
+			Statements: v5.Statements{
 				Commands: role.Statements.Creation,
 			},
-			RollbackStatements: newdbplugin.Statements{
+			RollbackStatements: v5.Statements{
 				Commands: role.Statements.Rollback,
 			},
 			Password:   password,

--- a/builtin/logical/database/path_roles.go
+++ b/builtin/logical/database/path_roles.go
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/dbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/locksutil"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
@@ -522,11 +522,11 @@ func (b *databaseBackend) pathStaticRoleCreateUpdate(ctx context.Context, req *l
 }

 type roleEntry struct {
-	DBName        string              `json:"db_name"`
-	Statements    dbplugin.Statements `json:"statements"`
-	DefaultTTL    time.Duration       `json:"default_ttl"`
-	MaxTTL        time.Duration       `json:"max_ttl"`
-	StaticAccount *staticAccount      `json:"static_account" mapstructure:"static_account"`
+	DBName        string         `json:"db_name"`
+	Statements    v4.Statements  `json:"statements"`
+	DefaultTTL    time.Duration  `json:"default_ttl"`
+	MaxTTL        time.Duration  `json:"max_ttl"`
+	StaticAccount *staticAccount `json:"static_account" mapstructure:"static_account"`
 }

 type staticAccount struct {

--- a/builtin/logical/database/path_rotate_credentials.go
+++ b/builtin/logical/database/path_rotate_credentials.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/queue"
@@ -111,11 +111,11 @@ func (b *databaseBackend) pathRotateRootCredentialsUpdate() framework.OperationF
 			return nil, err
 		}

-		updateReq := newdbplugin.UpdateUserRequest{
+		updateReq := v5.UpdateUserRequest{
 			Username: username,
-			Password: &newdbplugin.ChangePassword{
+			Password: &v5.ChangePassword{
 				NewPassword: newPassword,
-				Statements: newdbplugin.Statements{
+				Statements: v5.Statements{
 					Commands: config.RootCredentialsRotateStatements,
 				},
 			},

--- a/builtin/logical/database/rollback.go
+++ b/builtin/logical/database/rollback.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"

-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/mitchellh/mapstructure"
 	"google.golang.org/grpc/codes"
@@ -91,11 +91,11 @@ func (b *databaseBackend) rollbackDatabaseCredentials(ctx context.Context, confi
 		}
 	}()

-	updateReq := newdbplugin.UpdateUserRequest{
+	updateReq := v5.UpdateUserRequest{
 		Username: entry.UserName,
-		Password: &newdbplugin.ChangePassword{
+		Password: &v5.ChangePassword{
 			NewPassword: entry.OldPassword,
-			Statements: newdbplugin.Statements{
+			Statements: v5.Statements{
 				Commands: config.RootCredentialsRotateStatements,
 			},
 		},

--- a/builtin/logical/database/rollback_test.go
+++ b/builtin/logical/database/rollback_test.go
@@ -8,7 +8,7 @@ import (

 	"github.com/hashicorp/vault/helper/namespace"
 	postgreshelper "github.com/hashicorp/vault/helper/testhelpers/postgresql"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )
@@ -102,9 +102,9 @@ func TestBackend_RotateRootCredentials_WAL_rollback(t *testing.T) {
 	// Alter the database password so it no longer matches what is in storage
 	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
 	defer cancel()
-	updateReq := newdbplugin.UpdateUserRequest{
+	updateReq := v5.UpdateUserRequest{
 		Username: databaseUser,
-		Password: &newdbplugin.ChangePassword{
+		Password: &v5.ChangePassword{
 			NewPassword: "newSecret",
 		},
 	}
@@ -348,9 +348,9 @@ func TestBackend_RotateRootCredentials_WAL_no_rollback_2(t *testing.T) {
 	// Alter the database password
 	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
 	defer cancel()
-	updateReq := newdbplugin.UpdateUserRequest{
+	updateReq := v5.UpdateUserRequest{
 		Username: databaseUser,
-		Password: &newdbplugin.ChangePassword{
+		Password: &v5.ChangePassword{
 			NewPassword: "newSecret",
 		},
 	}

--- a/builtin/logical/database/rotation.go
+++ b/builtin/logical/database/rotation.go
@@ -9,8 +9,8 @@ import (

 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/go-multierror"
-	"github.com/hashicorp/vault/sdk/database/dbplugin"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/helper/locksutil"
@@ -340,7 +340,7 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag
 	}
 	output.Password = newPassword

-	config := dbplugin.StaticUserConfig{
+	config := v4.StaticUserConfig{
 		Username: input.Role.StaticAccount.Username,
 		Password: newPassword,
 	}
@@ -358,11 +358,11 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag
 		}
 	}

-	updateReq := newdbplugin.UpdateUserRequest{
+	updateReq := v5.UpdateUserRequest{
 		Username: input.Role.StaticAccount.Username,
-		Password: &newdbplugin.ChangePassword{
+		Password: &v5.ChangePassword{
 			NewPassword: newPassword,
-			Statements: newdbplugin.Statements{
+			Statements: v5.Statements{
 				Commands: input.Role.Statements.Rotation,
 			},
 		},

--- a/builtin/logical/database/rotation_test.go
+++ b/builtin/logical/database/rotation_test.go
@@ -2,14 +2,13 @@ package database

 import (
 	"context"
+	"database/sql"
 	"log"
 	"os"
 	"strings"
 	"testing"
 	"time"

-	"database/sql"
-
 	"github.com/Sectorbob/mlab-ns2/gae/ns/digest"
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/helper/testhelpers/mongodb"

--- a/builtin/logical/database/secret_creds.go
+++ b/builtin/logical/database/secret_creds.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/dbplugin"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )
@@ -65,11 +65,11 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 			// to ensure the database credential does not expire before the lease
 			expireTime = expireTime.Add(5 * time.Second)

-			updateReq := newdbplugin.UpdateUserRequest{
+			updateReq := v5.UpdateUserRequest{
 				Username: username,
-				Expiration: &newdbplugin.ChangeExpiration{
+				Expiration: &v5.ChangeExpiration{
 					NewExpiration: expireTime,
-					Statements: newdbplugin.Statements{
+					Statements: v5.Statements{
 						Commands: role.Statements.Renewal,
 					},
 				},
@@ -104,7 +104,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 		}

 		var dbName string
-		var statements dbplugin.Statements
+		var statements v4.Statements

 		role, err := b.Role(ctx, req.Storage, roleNameRaw.(string))
 		if err != nil {
@@ -148,9 +148,9 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 		dbi.RLock()
 		defer dbi.RUnlock()

-		deleteReq := newdbplugin.DeleteUserRequest{
+		deleteReq := v5.DeleteUserRequest{
 			Username: username,
-			Statements: newdbplugin.Statements{
+			Statements: v5.Statements{
 				Commands: statements.Revocation,
 			},
 		}

--- a/builtin/logical/database/version_wrapper.go
+++ b/builtin/logical/database/version_wrapper.go
@@ -8,22 +8,22 @@ import (
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/vault/helper/random"
-	"github.com/hashicorp/vault/sdk/database/dbplugin"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/helper/pluginutil"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )

 type databaseVersionWrapper struct {
-	v4 dbplugin.Database
-	v5 newdbplugin.Database
+	v4 v4.Database
+	v5 v5.Database
 }

 // newDatabaseWrapper figures out which version of the database the pluginName is referring to and returns a wrapper object
 // that can be used to make operations on the underlying database plugin.
 func newDatabaseWrapper(ctx context.Context, pluginName string, sys pluginutil.LookRunnerUtil, logger log.Logger) (dbw databaseVersionWrapper, err error) {
-	newDB, err := newdbplugin.PluginFactory(ctx, pluginName, sys, logger)
+	newDB, err := v5.PluginFactory(ctx, pluginName, sys, logger)
 	if err == nil {
 		dbw = databaseVersionWrapper{
 			v5: newDB,
@@ -34,7 +34,7 @@ func newDatabaseWrapper(ctx context.Context, pluginName string, sys pluginutil.L
 	merr := &multierror.Error{}
 	merr = multierror.Append(merr, err)

-	legacyDB, err := dbplugin.PluginFactory(ctx, pluginName, sys, logger)
+	legacyDB, err := v4.PluginFactory(ctx, pluginName, sys, logger)
 	if err == nil {
 		dbw = databaseVersionWrapper{
 			v4: legacyDB,
@@ -48,9 +48,9 @@ func newDatabaseWrapper(ctx context.Context, pluginName string, sys pluginutil.L

 // Initialize the underlying database. This is analogous to a constructor on the database plugin object.
 // Errors if the wrapper does not contain an underlying database.
-func (d databaseVersionWrapper) Initialize(ctx context.Context, req newdbplugin.InitializeRequest) (newdbplugin.InitializeResponse, error) {
+func (d databaseVersionWrapper) Initialize(ctx context.Context, req v5.InitializeRequest) (v5.InitializeResponse, error) {
 	if !d.isV5() && !d.isV4() {
-		return newdbplugin.InitializeResponse{}, fmt.Errorf("no underlying database specified")
+		return v5.InitializeResponse{}, fmt.Errorf("no underlying database specified")
 	}

 	// v5 Database
@@ -61,9 +61,9 @@ func (d databaseVersionWrapper) Initialize(ctx context.Context, req newdbplugin.
 	// v4 Database
 	saveConfig, err := d.v4.Init(ctx, req.Config, req.VerifyConnection)
 	if err != nil {
-		return newdbplugin.InitializeResponse{}, err
+		return v5.InitializeResponse{}, err
 	}
-	resp := newdbplugin.InitializeResponse{
+	resp := v5.InitializeResponse{
 		Config: saveConfig,
 	}
 	return resp, nil
@@ -74,9 +74,9 @@ func (d databaseVersionWrapper) Initialize(ctx context.Context, req newdbplugin.
 // does not have a way of returning the password so this function signature needs to be different.
 // The password returned here should be considered the source of truth, not the provided password.
 // Errors if the wrapper does not contain an underlying database.
-func (d databaseVersionWrapper) NewUser(ctx context.Context, req newdbplugin.NewUserRequest) (resp newdbplugin.NewUserResponse, password string, err error) {
+func (d databaseVersionWrapper) NewUser(ctx context.Context, req v5.NewUserRequest) (resp v5.NewUserResponse, password string, err error) {
 	if !d.isV5() && !d.isV4() {
-		return newdbplugin.NewUserResponse{}, "", fmt.Errorf("no underlying database specified")
+		return v5.NewUserResponse{}, "", fmt.Errorf("no underlying database specified")
 	}

 	// v5 Database
@@ -86,11 +86,11 @@ func (d databaseVersionWrapper) NewUser(ctx context.Context, req newdbplugin.New
 	}

 	// v4 Database
-	stmts := dbplugin.Statements{
+	stmts := v4.Statements{
 		Creation: req.Statements.Commands,
 		Rollback: req.RollbackStatements.Commands,
 	}
-	usernameConfig := dbplugin.UsernameConfig{
+	usernameConfig := v4.UsernameConfig{
 		DisplayName: req.UsernameConfig.DisplayName,
 		RoleName:    req.UsernameConfig.RoleName,
 	}
@@ -99,7 +99,7 @@ func (d databaseVersionWrapper) NewUser(ctx context.Context, req newdbplugin.New
 		return resp, "", err
 	}

-	resp = newdbplugin.NewUserResponse{
+	resp = v5.NewUserResponse{
 		Username: username,
 	}
 	return resp, password, nil
@@ -108,7 +108,7 @@ func (d databaseVersionWrapper) NewUser(ctx context.Context, req newdbplugin.New
 // UpdateUser in the underlying database. This is used to update any information currently supported
 // in the UpdateUserRequest such as password credentials or user TTL.
 // Errors if the wrapper does not contain an underlying database.
-func (d databaseVersionWrapper) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserRequest, isRootUser bool) (saveConfig map[string]interface{}, err error) {
+func (d databaseVersionWrapper) UpdateUser(ctx context.Context, req v5.UpdateUserRequest, isRootUser bool) (saveConfig map[string]interface{}, err error) {
 	if !d.isV5() && !d.isV4() {
 		return nil, fmt.Errorf("no underlying database specified")
 	}
@@ -136,7 +136,7 @@ func (d databaseVersionWrapper) UpdateUser(ctx context.Context, req newdbplugin.

 	// Change expiration date
 	if req.Expiration != nil {
-		stmts := dbplugin.Statements{
+		stmts := v4.Statements{
 			Renewal: req.Expiration.Statements.Commands,
 		}
 		err := d.v4.RenewUser(ctx, stmts, req.Username, req.Expiration.NewExpiration)
@@ -148,7 +148,7 @@ func (d databaseVersionWrapper) UpdateUser(ctx context.Context, req newdbplugin.
 // changePasswordLegacy attempts to use SetCredentials to change the password for the user with the password provided
 // in ChangePassword. If that user is the root user and SetCredentials is unimplemented, it will fall back to using
 // RotateRootCredentials. If not the root user, this will not use RotateRootCredentials.
-func (d databaseVersionWrapper) changePasswordLegacy(ctx context.Context, username string, passwordChange *newdbplugin.ChangePassword, isRootUser bool) (saveConfig map[string]interface{}, err error) {
+func (d databaseVersionWrapper) changePasswordLegacy(ctx context.Context, username string, passwordChange *v5.ChangePassword, isRootUser bool) (saveConfig map[string]interface{}, err error) {
 	err = d.changeUserPasswordLegacy(ctx, username, passwordChange)

 	// If changing the root user's password but SetCredentials is unimplemented, fall back to RotateRootCredentials
@@ -165,11 +165,11 @@ func (d databaseVersionWrapper) changePasswordLegacy(ctx context.Context, userna
 	return nil, nil
 }

-func (d databaseVersionWrapper) changeUserPasswordLegacy(ctx context.Context, username string, passwordChange *newdbplugin.ChangePassword) (err error) {
-	stmts := dbplugin.Statements{
+func (d databaseVersionWrapper) changeUserPasswordLegacy(ctx context.Context, username string, passwordChange *v5.ChangePassword) (err error) {
+	stmts := v4.Statements{
 		Rotation: passwordChange.Statements.Commands,
 	}
-	staticConfig := dbplugin.StaticUserConfig{
+	staticConfig := v4.StaticUserConfig{
 		Username: username,
 		Password: passwordChange.NewPassword,
 	}
@@ -177,14 +177,14 @@ func (d databaseVersionWrapper) changeUserPasswordLegacy(ctx context.Context, us
 	return err
 }

-func (d databaseVersionWrapper) changeRootUserPasswordLegacy(ctx context.Context, passwordChange *newdbplugin.ChangePassword) (saveConfig map[string]interface{}, err error) {
+func (d databaseVersionWrapper) changeRootUserPasswordLegacy(ctx context.Context, passwordChange *v5.ChangePassword) (saveConfig map[string]interface{}, err error) {
 	return d.v4.RotateRootCredentials(ctx, passwordChange.Statements.Commands)
 }

 // DeleteUser in the underlying database. Errors if the wrapper does not contain an underlying database.
-func (d databaseVersionWrapper) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRequest) (newdbplugin.DeleteUserResponse, error) {
+func (d databaseVersionWrapper) DeleteUser(ctx context.Context, req v5.DeleteUserRequest) (v5.DeleteUserResponse, error) {
 	if !d.isV5() && !d.isV4() {
-		return newdbplugin.DeleteUserResponse{}, fmt.Errorf("no underlying database specified")
+		return v5.DeleteUserResponse{}, fmt.Errorf("no underlying database specified")
 	}

 	// v5 Database
@@ -193,11 +193,11 @@ func (d databaseVersionWrapper) DeleteUser(ctx context.Context, req newdbplugin.
 	}

 	// v4 Database
-	stmts := dbplugin.Statements{
+	stmts := v4.Statements{
 		Revocation: req.Statements.Commands,
 	}
 	err := d.v4.RevokeUser(ctx, stmts, req.Username)
-	return newdbplugin.DeleteUserResponse{}, err
+	return v5.DeleteUserResponse{}, err
 }

 // Type of the underlying database. Errors if the wrapper does not contain an underlying database.

--- a/builtin/logical/database/version_wrapper_test.go
+++ b/builtin/logical/database/version_wrapper_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/stretchr/testify/mock"
 	"google.golang.org/grpc/codes"
@@ -18,13 +18,13 @@ import (
 func TestInitDatabase_missingDB(t *testing.T) {
 	dbw := databaseVersionWrapper{}

-	req := newdbplugin.InitializeRequest{}
+	req := v5.InitializeRequest{}
 	resp, err := dbw.Initialize(context.Background(), req)
 	if err == nil {
 		t.Fatalf("err expected, got nil")
 	}

-	expectedResp := newdbplugin.InitializeResponse{}
+	expectedResp := v5.InitializeResponse{}
 	if !reflect.DeepEqual(resp, expectedResp) {
 		t.Fatalf("Actual resp: %#v\nExpected resp: %#v", resp, expectedResp)
 	}
@@ -32,31 +32,31 @@ func TestInitDatabase_missingDB(t *testing.T) {

 func TestInitDatabase_newDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.InitializeRequest
+		req v5.InitializeRequest

-		newInitResp  newdbplugin.InitializeResponse
+		newInitResp  v5.InitializeResponse
 		newInitErr   error
 		newInitCalls int

-		expectedResp newdbplugin.InitializeResponse
+		expectedResp v5.InitializeResponse
 		expectErr    bool
 	}

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.InitializeRequest{
+			req: v5.InitializeRequest{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
 				VerifyConnection: true,
 			},
-			newInitResp: newdbplugin.InitializeResponse{
+			newInitResp: v5.InitializeResponse{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
 			},
 			newInitCalls: 1,
-			expectedResp: newdbplugin.InitializeResponse{
+			expectedResp: v5.InitializeResponse{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
@@ -64,16 +64,16 @@ func TestInitDatabase_newDB(t *testing.T) {
 			expectErr: false,
 		},
 		"error": {
-			req: newdbplugin.InitializeRequest{
+			req: v5.InitializeRequest{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
 				VerifyConnection: true,
 			},
-			newInitResp:  newdbplugin.InitializeResponse{},
+			newInitResp:  v5.InitializeResponse{},
 			newInitErr:   fmt.Errorf("test error"),
 			newInitCalls: 1,
-			expectedResp: newdbplugin.InitializeResponse{},
+			expectedResp: v5.InitializeResponse{},
 			expectErr:    true,
 		},
 	}
@@ -106,19 +106,19 @@ func TestInitDatabase_newDB(t *testing.T) {

 func TestInitDatabase_legacyDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.InitializeRequest
+		req v5.InitializeRequest

 		initConfig map[string]interface{}
 		initErr    error
 		initCalls  int

-		expectedResp newdbplugin.InitializeResponse
+		expectedResp v5.InitializeResponse
 		expectErr    bool
 	}

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.InitializeRequest{
+			req: v5.InitializeRequest{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
@@ -128,7 +128,7 @@ func TestInitDatabase_legacyDB(t *testing.T) {
 				"foo": "bar",
 			},
 			initCalls: 1,
-			expectedResp: newdbplugin.InitializeResponse{
+			expectedResp: v5.InitializeResponse{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
@@ -136,7 +136,7 @@ func TestInitDatabase_legacyDB(t *testing.T) {
 			expectErr: false,
 		},
 		"error": {
-			req: newdbplugin.InitializeRequest{
+			req: v5.InitializeRequest{
 				Config: map[string]interface{}{
 					"foo": "bar",
 				},
@@ -144,7 +144,7 @@ func TestInitDatabase_legacyDB(t *testing.T) {
 			},
 			initErr:      fmt.Errorf("test error"),
 			initCalls:    1,
-			expectedResp: newdbplugin.InitializeResponse{},
+			expectedResp: v5.InitializeResponse{},
 			expectErr:    true,
 		},
 	}
@@ -348,13 +348,13 @@ func TestGeneratePassword_no_policy(t *testing.T) {
 func TestNewUser_missingDB(t *testing.T) {
 	dbw := databaseVersionWrapper{}

-	req := newdbplugin.NewUserRequest{}
+	req := v5.NewUserRequest{}
 	resp, pass, err := dbw.NewUser(context.Background(), req)
 	if err == nil {
 		t.Fatalf("err expected, got nil")
 	}

-	expectedResp := newdbplugin.NewUserResponse{}
+	expectedResp := v5.NewUserResponse{}
 	if !reflect.DeepEqual(resp, expectedResp) {
 		t.Fatalf("Actual resp: %#v\nExpected resp: %#v", resp, expectedResp)
 	}
@@ -366,41 +366,41 @@ func TestNewUser_missingDB(t *testing.T) {

 func TestNewUser_newDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.NewUserRequest
+		req v5.NewUserRequest

-		newUserResp  newdbplugin.NewUserResponse
+		newUserResp  v5.NewUserResponse
 		newUserErr   error
 		newUserCalls int

-		expectedResp newdbplugin.NewUserResponse
+		expectedResp v5.NewUserResponse
 		expectErr    bool
 	}

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.NewUserRequest{
+			req: v5.NewUserRequest{
 				Password: "new_password",
 			},

-			newUserResp: newdbplugin.NewUserResponse{
+			newUserResp: v5.NewUserResponse{
 				Username: "newuser",
 			},
 			newUserCalls: 1,

-			expectedResp: newdbplugin.NewUserResponse{
+			expectedResp: v5.NewUserResponse{
 				Username: "newuser",
 			},
 			expectErr: false,
 		},
 		"error": {
-			req: newdbplugin.NewUserRequest{
+			req: v5.NewUserRequest{
 				Password: "new_password",
 			},

 			newUserErr:   fmt.Errorf("test error"),
 			newUserCalls: 1,

-			expectedResp: newdbplugin.NewUserResponse{},
+			expectedResp: v5.NewUserResponse{},
 			expectErr:    true,
 		},
 	}
@@ -437,21 +437,21 @@ func TestNewUser_newDB(t *testing.T) {

 func TestNewUser_legacyDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.NewUserRequest
+		req v5.NewUserRequest

 		createUserUsername string
 		createUserPassword string
 		createUserErr      error
 		createUserCalls    int

-		expectedResp     newdbplugin.NewUserResponse
+		expectedResp     v5.NewUserResponse
 		expectedPassword string
 		expectErr        bool
 	}

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.NewUserRequest{
+			req: v5.NewUserRequest{
 				Password: "new_password",
 			},

@@ -459,21 +459,21 @@ func TestNewUser_legacyDB(t *testing.T) {
 			createUserPassword: "securepassword",
 			createUserCalls:    1,

-			expectedResp: newdbplugin.NewUserResponse{
+			expectedResp: v5.NewUserResponse{
 				Username: "newuser",
 			},
 			expectedPassword: "securepassword",
 			expectErr:        false,
 		},
 		"error": {
-			req: newdbplugin.NewUserRequest{
+			req: v5.NewUserRequest{
 				Password: "new_password",
 			},

 			createUserErr:   fmt.Errorf("test error"),
 			createUserCalls: 1,

-			expectedResp: newdbplugin.NewUserResponse{},
+			expectedResp: v5.NewUserResponse{},
 			expectErr:    true,
 		},
 	}
@@ -511,7 +511,7 @@ func TestNewUser_legacyDB(t *testing.T) {
 func TestUpdateUser_missingDB(t *testing.T) {
 	dbw := databaseVersionWrapper{}

-	req := newdbplugin.UpdateUserRequest{}
+	req := v5.UpdateUserRequest{}
 	resp, err := dbw.UpdateUser(context.Background(), req, false)
 	if err == nil {
 		t.Fatalf("err expected, got nil")
@@ -525,25 +525,25 @@ func TestUpdateUser_missingDB(t *testing.T) {

 func TestUpdateUser_newDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.UpdateUserRequest
+		req v5.UpdateUserRequest

 		updateUserErr   error
 		updateUserCalls int

-		expectedResp newdbplugin.UpdateUserResponse
+		expectedResp v5.UpdateUserResponse
 		expectErr    bool
 	}

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
 			},
 			updateUserCalls: 1,
 			expectErr:       false,
 		},
 		"error": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
 			},
 			updateUserErr:   fmt.Errorf("test error"),
@@ -556,7 +556,7 @@ func TestUpdateUser_newDB(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			newDB := new(mockNewDatabase)
 			newDB.On("UpdateUser", mock.Anything, mock.Anything).
-				Return(newdbplugin.UpdateUserResponse{}, test.updateUserErr)
+				Return(v5.UpdateUserResponse{}, test.updateUserErr)
 			defer newDB.AssertNumberOfCalls(t, "UpdateUser", test.updateUserCalls)

 			dbw := databaseVersionWrapper{
@@ -576,7 +576,7 @@ func TestUpdateUser_newDB(t *testing.T) {

 func TestUpdateUser_legacyDB(t *testing.T) {
 	type testCase struct {
-		req        newdbplugin.UpdateUserRequest
+		req        v5.UpdateUserRequest
 		isRootUser bool

 		setCredentialsErr   error
@@ -595,7 +595,7 @@ func TestUpdateUser_legacyDB(t *testing.T) {

 	tests := map[string]testCase{
 		"missing changes": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
 			},
 			isRootUser: false,
@@ -607,10 +607,10 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr: true,
 		},
 		"both password and expiration changes": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username:   "existing_user",
-				Password:   &newdbplugin.ChangePassword{},
-				Expiration: &newdbplugin.ChangeExpiration{},
+				Password:   &v5.ChangePassword{},
+				Expiration: &v5.ChangeExpiration{},
 			},
 			isRootUser: false,

@@ -621,9 +621,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr: true,
 		},
 		"change password - SetCredentials": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Password: &newdbplugin.ChangePassword{
+				Password: &v5.ChangePassword{
 					NewPassword: "newpassowrd",
 				},
 			},
@@ -638,9 +638,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr:      false,
 		},
 		"change password - SetCredentials failed": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Password: &newdbplugin.ChangePassword{
+				Password: &v5.ChangePassword{
 					NewPassword: "newpassowrd",
 				},
 			},
@@ -655,9 +655,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr:      true,
 		},
 		"change password - SetCredentials unimplemented but not a root user": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Password: &newdbplugin.ChangePassword{
+				Password: &v5.ChangePassword{
 					NewPassword: "newpassowrd",
 				},
 			},
@@ -673,9 +673,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr:      true,
 		},
 		"change password - RotateRootCredentials": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Password: &newdbplugin.ChangePassword{
+				Password: &v5.ChangePassword{
 					NewPassword: "newpassowrd",
 				},
 			},
@@ -697,9 +697,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr: false,
 		},
 		"change password - RotateRootCredentials failed": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Password: &newdbplugin.ChangePassword{
+				Password: &v5.ChangePassword{
 					NewPassword: "newpassowrd",
 				},
 			},
@@ -717,9 +717,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 		},

 		"change expiration": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Expiration: &newdbplugin.ChangeExpiration{
+				Expiration: &v5.ChangeExpiration{
 					NewExpiration: time.Now(),
 				},
 			},
@@ -735,9 +735,9 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 			expectErr:      false,
 		},
 		"change expiration failed": {
-			req: newdbplugin.UpdateUserRequest{
+			req: v5.UpdateUserRequest{
 				Username: "existing_user",
-				Expiration: &newdbplugin.ChangeExpiration{
+				Expiration: &v5.ChangeExpiration{
 					NewExpiration: time.Now(),
 				},
 			},
@@ -791,7 +791,7 @@ func TestUpdateUser_legacyDB(t *testing.T) {
 func TestDeleteUser_missingDB(t *testing.T) {
 	dbw := databaseVersionWrapper{}

-	req := newdbplugin.DeleteUserRequest{}
+	req := v5.DeleteUserRequest{}
 	_, err := dbw.DeleteUser(context.Background(), req)
 	if err == nil {
 		t.Fatalf("err expected, got nil")
@@ -800,7 +800,7 @@ func TestDeleteUser_missingDB(t *testing.T) {

 func TestDeleteUser_newDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.DeleteUserRequest
+		req v5.DeleteUserRequest

 		deleteUserErr   error
 		deleteUserCalls int
@@ -810,7 +810,7 @@ func TestDeleteUser_newDB(t *testing.T) {

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.DeleteUserRequest{
+			req: v5.DeleteUserRequest{
 				Username: "existing_user",
 			},

@@ -820,7 +820,7 @@ func TestDeleteUser_newDB(t *testing.T) {
 			expectErr: false,
 		},
 		"error": {
-			req: newdbplugin.DeleteUserRequest{
+			req: v5.DeleteUserRequest{
 				Username: "existing_user",
 			},

@@ -835,7 +835,7 @@ func TestDeleteUser_newDB(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			newDB := new(mockNewDatabase)
 			newDB.On("DeleteUser", mock.Anything, mock.Anything).
-				Return(newdbplugin.DeleteUserResponse{}, test.deleteUserErr)
+				Return(v5.DeleteUserResponse{}, test.deleteUserErr)
 			defer newDB.AssertNumberOfCalls(t, "DeleteUser", test.deleteUserCalls)

 			dbw := databaseVersionWrapper{
@@ -855,7 +855,7 @@ func TestDeleteUser_newDB(t *testing.T) {

 func TestDeleteUser_legacyDB(t *testing.T) {
 	type testCase struct {
-		req newdbplugin.DeleteUserRequest
+		req v5.DeleteUserRequest

 		revokeUserErr   error
 		revokeUserCalls int
@@ -865,7 +865,7 @@ func TestDeleteUser_legacyDB(t *testing.T) {

 	tests := map[string]testCase{
 		"success": {
-			req: newdbplugin.DeleteUserRequest{
+			req: v5.DeleteUserRequest{
 				Username: "existing_user",
 			},

@@ -875,7 +875,7 @@ func TestDeleteUser_legacyDB(t *testing.T) {
 			expectErr: false,
 		},
 		"error": {
-			req: newdbplugin.DeleteUserRequest{
+			req: v5.DeleteUserRequest{
 				Username: "existing_user",
 			},


--- a/builtin/logical/database/versioning_large_test.go
+++ b/builtin/logical/database/versioning_large_test.go
@@ -92,7 +92,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 				Storage:   config.StorageView,
 				Data:      test.configData,
 			}
-			ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err := b.HandleRequest(ctx, req)
@@ -113,7 +113,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 				Path:      fmt.Sprintf("rotate-root/%s", test.dbName),
 				Storage:   config.StorageView,
 			}
-			ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err = b.HandleRequest(ctx, req)
@@ -136,7 +136,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 					"max_ttl":     "1m",
 				},
 			}
-			ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err = b.HandleRequest(ctx, req)
@@ -156,7 +156,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 				Path:      fmt.Sprintf("creds/%s", dynamicRoleName),
 				Storage:   config.StorageView,
 			}
-			ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err = b.HandleRequest(ctx, req)
@@ -182,7 +182,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 					"rotation_period": "5",
 				},
 			}
-			ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err = b.HandleRequest(ctx, req)
@@ -202,7 +202,7 @@ func TestPlugin_lifecycle(t *testing.T) {
 				Path:      fmt.Sprintf("static-creds/%s", staticRoleName),
 				Storage:   config.StorageView,
 			}
-			ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
+			ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
 			defer cancel()

 			resp, err = b.HandleRequest(ctx, req)

--- a/plugins/database/cassandra/cassandra.go
+++ b/plugins/database/cassandra/cassandra.go
@@ -8,9 +8,9 @@ import (
 	"github.com/gocql/gocql"
 	multierror "github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/vault/api"
+	dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/database/helper/credsutil"
 	"github.com/hashicorp/vault/sdk/database/helper/dbutil"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 )

@@ -21,7 +21,7 @@ const (
 	cassandraTypeName        = "cassandra"
 )

-var _ newdbplugin.Database = &Cassandra{}
+var _ dbplugin.Database = &Cassandra{}

 // Cassandra is an implementation of Database interface
 type Cassandra struct {
@@ -31,7 +31,7 @@ type Cassandra struct {
 // New returns a new Cassandra instance
 func New() (interface{}, error) {
 	db := new()
-	dbType := newdbplugin.NewDatabaseErrorSanitizerMiddleware(db, db.secretValues)
+	dbType := dbplugin.NewDatabaseErrorSanitizerMiddleware(db, db.secretValues)

 	return dbType, nil
 }
@@ -52,7 +52,7 @@ func Run(apiTLSConfig *api.TLSConfig) error {
 		return err
 	}

-	newdbplugin.Serve(dbType.(newdbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))
+	dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))

 	return nil
 }
@@ -73,13 +73,13 @@ func (c *Cassandra) getConnection(ctx context.Context) (*gocql.Session, error) {

 // NewUser generates the username/password on the underlying Cassandra secret backend as instructed by
 // the statements provided.
-func (c *Cassandra) NewUser(ctx context.Context, req newdbplugin.NewUserRequest) (newdbplugin.NewUserResponse, error) {
+func (c *Cassandra) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (dbplugin.NewUserResponse, error) {
 	c.Lock()
 	defer c.Unlock()

 	session, err := c.getConnection(ctx)
 	if err != nil {
-		return newdbplugin.NewUserResponse{}, err
+		return dbplugin.NewUserResponse{}, err
 	}

 	creationCQL := req.Statements.Commands
@@ -100,7 +100,7 @@ func (c *Cassandra) NewUser(ctx context.Context, req newdbplugin.NewUserRequest)
 		credsutil.ToLower(),
 	)
 	if err != nil {
-		return newdbplugin.NewUserResponse{}, err
+		return dbplugin.NewUserResponse{}, err
 	}
 	username = strings.ReplaceAll(username, "-", "_")

@@ -124,12 +124,12 @@ func (c *Cassandra) NewUser(ctx context.Context, req newdbplugin.NewUserRequest)
 				if rollbackErr != nil {
 					err = multierror.Append(err, rollbackErr)
 				}
-				return newdbplugin.NewUserResponse{}, err
+				return dbplugin.NewUserResponse{}, err
 			}
 		}
 	}

-	resp := newdbplugin.NewUserResponse{
+	resp := dbplugin.NewUserResponse{
 		Username: username,
 	}
 	return resp, nil
@@ -158,20 +158,20 @@ func rollbackUser(ctx context.Context, session *gocql.Session, username string,
 	return nil
 }

-func (c *Cassandra) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserRequest) (newdbplugin.UpdateUserResponse, error) {
+func (c *Cassandra) UpdateUser(ctx context.Context, req dbplugin.UpdateUserRequest) (dbplugin.UpdateUserResponse, error) {
 	if req.Password == nil && req.Expiration == nil {
-		return newdbplugin.UpdateUserResponse{}, fmt.Errorf("no changes requested")
+		return dbplugin.UpdateUserResponse{}, fmt.Errorf("no changes requested")
 	}

 	if req.Password != nil {
 		err := c.changeUserPassword(ctx, req.Username, req.Password)
-		return newdbplugin.UpdateUserResponse{}, err
+		return dbplugin.UpdateUserResponse{}, err
 	}
 	// Expiration is no-op
-	return newdbplugin.UpdateUserResponse{}, nil
+	return dbplugin.UpdateUserResponse{}, nil
 }

-func (c *Cassandra) changeUserPassword(ctx context.Context, username string, changePass *newdbplugin.ChangePassword) error {
+func (c *Cassandra) changeUserPassword(ctx context.Context, username string, changePass *dbplugin.ChangePassword) error {
 	session, err := c.getConnection(ctx)
 	if err != nil {
 		return err
@@ -206,13 +206,13 @@ func (c *Cassandra) changeUserPassword(ctx context.Context, username string, cha
 }

 // DeleteUser attempts to drop the specified user.
-func (c *Cassandra) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRequest) (newdbplugin.DeleteUserResponse, error) {
+func (c *Cassandra) DeleteUser(ctx context.Context, req dbplugin.DeleteUserRequest) (dbplugin.DeleteUserResponse, error) {
 	c.Lock()
 	defer c.Unlock()

 	session, err := c.getConnection(ctx)
 	if err != nil {
-		return newdbplugin.DeleteUserResponse{}, err
+		return dbplugin.DeleteUserResponse{}, err
 	}

 	revocationCQL := req.Statements.Commands
@@ -240,5 +240,5 @@ func (c *Cassandra) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRe
 		}
 	}

-	return newdbplugin.DeleteUserResponse{}, result.ErrorOrNil()
+	return dbplugin.DeleteUserResponse{}, result.ErrorOrNil()
 }
--- a/plugins/database/cassandra/cassandra_test.go
+++ b/plugins/database/cassandra/cassandra_test.go
@@ -7,12 +7,11 @@ import (
 	"testing"
 	"time"

-	dbtesting "github.com/hashicorp/vault/sdk/database/newdbplugin/testing"
-
 	backoff "github.com/cenkalti/backoff/v3"
 	"github.com/gocql/gocql"
 	"github.com/hashicorp/vault/helper/testhelpers/cassandra"
-	"github.com/hashicorp/vault/sdk/database/newdbplugin"
+	dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
+	dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing"
 )

 func getCassandra(t *testing.T, protocolVersion interface{}) (*Cassandra, func()) {
@@ -20,7 +19,7 @@ func getCassandra(t *testing.T, protocolVersion interface{}) (*Cassandra, func()
 	pieces := strings.Split(connURL, ":")

 	db := new()
-	initReq := newdbplugin.InitializeRequest{
+	initReq := dbplugin.InitializeRequest{
 		Config: map[string]interface{}{
 			"hosts":            connURL,
 			"port":             pieces[1],
@@ -70,12 +69,12 @@ func TestCassandra_CreateUser(t *testing.T) {
 	defer cleanup()

 	password := "myreallysecurepassword"
-	createReq := newdbplugin.NewUserRequest{
-		UsernameConfig: newdbplugin.UsernameMetadata{
+	createReq := dbplugin.NewUserRequest{
+		UsernameConfig: dbplugin.UsernameMetadata{
 			DisplayName: "test",
 			RoleName:    "test",
 		},
-		Statements: newdbplugin.Statements{
+		Statements: dbplugin.Statements{
 			Commands: []string{createUserStatements},
 		},
 		Password:   password,
@@ -98,12 +97,12 @@ func TestMyCassandra_UpdateUserPassword(t *testing.T) {
 	defer cleanup()

 	password := "myreallysecurepassword"
-	createReq := newdbplugin.NewUserRequest{
-		UsernameConfig: newdbplugin.UsernameMetadata{
+	createReq := dbplugin.NewUserRequest{
+		UsernameConfig: dbplugin.UsernameMetadata{
 			DisplayName: "test",
 			RoleName:    "test",
 		},
-		Statements: newdbplugin.Statements{
+		Statements: dbplugin.Statements{
 			Commands: []string{createUserStatements},
 		},
 		Password:   password,
@@ -115,11 +114,11 @@ func TestMyCassandra_UpdateUserPassword(t *testing.T) {
 	assertCreds(t, db.Hosts, db.Port, createResp.Username, password, 5*time.Second)

 	newPassword := "somenewpassword"
-	updateReq := newdbplugin.UpdateUserRequest{
+	updateReq := dbplugin.UpdateUserRequest{
 		Username: createResp.Username,
-		Password: &newdbplugin.ChangePassword{
+		Password: &dbplugin.ChangePassword{
 			NewPassword: newPassword,
-			Statements:  newdbplugin.Statements{},
+			Statements:  dbplugin.Statements{},
 		},
 		Expiration: nil,
 	}
@@ -134,12 +133,12 @@ func TestCassandra_DeleteUser(t *testing.T) {
 	defer cleanup()

 	password := "myreallysecurepassword"
-	createReq := newdbplugin.NewUserRequest{
-		UsernameConfig: newdbplugin.UsernameMetadata{
+	createReq := dbplugin.NewUserRequest{
+		UsernameConfig: dbplugin.UsernameMetadata{
 			DisplayName: "test",
 			RoleName:    "test",
 		},
-		Statements: newdbplugin.Statements{
+		Statements: dbplugin.Statements{
 			Commands: []string{createUserStatements},
 		},
 		Password:   password,
@@ -150,7 +149,7 @@ func TestCassandra_DeleteUser(t *testing.T) {

 	assertCreds(t, db.Hosts, db.Port, createResp.Username, password, 5*time.Second)

-	deleteReq := newdbplugin.DeleteUserRequest{
+	deleteReq := dbplugin.DeleteUserRequest{
 		Username: createResp.Username,
 	}