Skip to content

[3.3] Complete dynamic plugin management and configurable plugin settings #15475

Description

@KomachiSion

Motivation

Follow-up of #14049.

#14049 introduced the foundation for unified plugin discovery, plugin state visibility, plugin state APIs, and a console page. The current code already has the basic building blocks:

  • PluginManager discovers PluginProvider implementations, tracks loaded/enabled state, persists state/config, and synchronizes state/config changes across the cluster.
  • PluginConfigSpec and ConfigItemDefinition let a plugin expose configuration metadata and receive applyConfig(...).
  • /v3/admin/core/plugin/* and /v3/console/plugin/* expose list, detail, status, config, and availability operations.
  • The plugin spec defines plugin identity, loaded/enabled state, configurable plugins, critical plugins, and cluster-level state/config changes.

However, the 3.2-level capability is still not a complete operational loop for 3.3. In practice, plugin management still has several gaps:

  1. The console experience is still mainly about visibility and basic status display. The new console page can list plugins and toggle non-critical/non-exclusive plugins, but it does not yet fetch full plugin config definitions, edit plugin configuration, distinguish editable and read-only config items, or show the effective configuration source.
  2. Plugin configuration keys are not yet standardized across plugin types. Some plugin families use domain-specific formats, such as nacos.plugin.visibility.{serviceName}.*, while others use their own historical configuration prefixes. This makes it hard for Nacos to load plugin configuration from files in a uniform way and pass the normalized configuration into plugin implementations.
  3. The current config metadata model is too small for safe console editing. ConfigItemDefinition can describe key/name/type/default/required/enum, but it cannot express whether a value is runtime-editable, read-only, sensitive, node-scoped, cluster-scoped, requires restart, or has validation constraints beyond "required".
  4. Dynamic enable/disable semantics are not consistently defined per plugin type. Critical and exclusive plugins are handled at the core level, but each domain manager still needs clear rules about whether runtime state changes are supported and how the disabled state affects request handling.

The goal of this issue is to make plugin management usable as an initial 3.3 feature, not only a discovery page.

Desired Capability

1. Define a unified plugin configuration model

Add a documented, stable convention for plugin configuration loaded from Nacos configuration files, for example a normalized plugin-id based format:

nacos.plugin.{pluginType}.{pluginName}.{configKey}=...

The exact format should be decided in the design, but it should satisfy:

  • pluginType + pluginName can be mapped to a stable pluginId.
  • Nacos can collect all configuration for a plugin during startup and pass it to the plugin implementation through a common mechanism.
  • Existing historical configuration keys remain compatible, with a clear migration or alias rule.
  • File/default configuration and runtime persisted configuration have a deterministic precedence rule.
  • The effective configuration can be exposed through the plugin detail API without leaking sensitive values.

2. Extend plugin config metadata for console-safe editing

Extend ConfigItemDefinition or introduce a compatible v2 metadata model that can describe at least:

  • whether the item is editable from the console;
  • whether the item is sensitive and should be masked;
  • whether the item can be changed at runtime or requires restart;
  • whether the item is local-node scoped or cluster scoped;
  • validation constraints such as min/max, pattern, enum, or custom validation message;
  • current value source, such as file/default/runtime override, if feasible.

The console should use this metadata instead of guessing which fields are safe to edit.

3. Complete runtime plugin switch semantics

For each plugin type, clarify whether the plugin is:

  • switchable at runtime;
  • critical and cannot be disabled;
  • exclusive, where only one implementation can be active;
  • chain/broadcast style, where multiple enabled plugins can participate;
  • restart-required for certain changes.

Domain managers should consistently use PluginStateCheckerHolder or the corresponding plugin manager state when deciding whether a loaded plugin can participate in request handling.

Cluster-level changes should remain synchronized by default. localOnly should be treated as a diagnostic/emergency option and should be clearly exposed as such.

4. Complete console support

The 3.3 console should provide a complete first-stage plugin management workflow:

  • list plugins by type and state;
  • show plugin detail, critical/exclusive/configurable status, and node availability;
  • enable/disable non-critical runtime-switchable plugins with confirmation and error handling;
  • fetch config definitions and current effective config;
  • edit only runtime-editable config items;
  • mask sensitive values;
  • show restart-required or read-only items as non-editable;
  • refresh plugin state after update.

5. Update specs and tests

The implementation should update the plugin spec and affected plugin type specs.

Testing should cover:

  • startup config loading and normalization;
  • compatibility with existing plugin-specific config keys;
  • config validation and applyConfig(...) behavior;
  • cluster sync for state/config changes;
  • non-editable/sensitive/restart-required metadata serialization;
  • console API behavior for detail, status, config update, and availability;
  • at least one real built-in plugin using the new config definition path.

If any HTTP API contract changes or new endpoints are added, the corresponding OpenAPI integration test scenario matrix and coverage registry should be updated according to the repository API IT rules.

Non-goals

  • This issue does not require every existing plugin to become fully runtime-configurable in one step.
  • This issue should not remove existing historical plugin configuration keys without a compatibility plan.
  • This issue should not make critical runtime dependencies disableable.

Acceptance Criteria

  • A spec-backed unified plugin configuration format is available for 3.3.
  • Plugin implementations have a common way to receive startup and runtime configuration.
  • Console API responses expose enough metadata for safe config editing.
  • The new console can complete list, detail, runtime switch, and editable config update flows.
  • Sensitive/read-only/restart-required configuration items are handled safely.
  • Built-in plugin behavior remains backward compatible with existing deployments.

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions