github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-08 23:18:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolved first time rotation issue in rotation

Browse Source
This commit is contained in:
=
2025-12-19 23:44:55 +05:30
parent fa52dca642
commit a1fff0f167
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
View File

@@ -17,7 +17,8 @@ import { AppConnection } from "@app/services/app-connection/app-connection-enums
export const MongoDBCredentialsRotationGeneratedCredentialsSchema = SqlCredentialsRotationGeneratedCredentialsSchema; export const MongoDBCredentialsRotationGeneratedCredentialsSchema = SqlCredentialsRotationGeneratedCredentialsSchema;
export const MongoDBCredentialsRotationParametersSchema = SqlCredentialsRotationParametersSchema.omit({ export const MongoDBCredentialsRotationParametersSchema = SqlCredentialsRotationParametersSchema.omit({
rotationStatement: true rotationStatement: true,
passwordRequirements: true
}); });
export const MongoDBCredentialsRotationTemplateSchema = SqlCredentialsRotationTemplateSchema.omit({ export const MongoDBCredentialsRotationTemplateSchema = SqlCredentialsRotationTemplateSchema.omit({
rotationStatement: true rotationStatement: true

9
backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
View File

@@ -110,10 +110,11 @@ export const sqlCredentialsRotationFactory: TRotationFactory<
) => { ) => {
// For SQL, since we get existing users, we change both their passwords // For SQL, since we get existing users, we change both their passwords
// on issue to invalidate their existing passwords // on issue to invalidate their existing passwords
const credentialsSet = [ const credentialsSet = [{ username: username1, password: generatePassword(passwordRequirement) }];
{ username: username1, password: generatePassword(passwordRequirement) }, // if both are same username like for mysql dual password rotation - we don't want to reissue twice loosing first cred access
{ username: username2, password: generatePassword(passwordRequirement) } if (username1 !== username2) {
]; credentialsSet.push({ username: username2, password: generatePassword(passwordRequirement) });
}
try { try {
await executeOperation(async (client) => { await executeOperation(async (client) => {