fix: resolved first time rotation issue in rotation

2026-01-06 22:23:53 -05:00 · 2025-12-19 23:44:55 +05:30
parent fa52dca642
commit a1fff0f167
2 changed files with 7 additions and 5 deletions
--- a/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
+++ b/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
@@ -17,7 +17,8 @@ import { AppConnection } from "@app/services/app-connection/app-connection-enums

 export const MongoDBCredentialsRotationGeneratedCredentialsSchema = SqlCredentialsRotationGeneratedCredentialsSchema;
 export const MongoDBCredentialsRotationParametersSchema = SqlCredentialsRotationParametersSchema.omit({
-  rotationStatement: true
+  rotationStatement: true,
+  passwordRequirements: true
 });
 export const MongoDBCredentialsRotationTemplateSchema = SqlCredentialsRotationTemplateSchema.omit({
  rotationStatement: true
--- a/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
+++ b/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
@@ -110,10 +110,11 @@ export const sqlCredentialsRotationFactory: TRotationFactory<
  ) => {
    // For SQL, since we get existing users, we change both their passwords
    // on issue to invalidate their existing passwords
-    const credentialsSet = [
-      { username: username1, password: generatePassword(passwordRequirement) },
-      { username: username2, password: generatePassword(passwordRequirement) }
-    ];
+    const credentialsSet = [{ username: username1, password: generatePassword(passwordRequirement) }];
+    // if both are same username like for mysql dual password rotation - we don't want to reissue twice loosing first cred access
+    if (username1 !== username2) {
+      credentialsSet.push({ username: username2, password: generatePassword(passwordRequirement) });
+    }

    try {
      await executeOperation(async (client) => {