feat(secret-rotation): added back the secret rotations to PIT

feat(secret-rotation): add fix for PIT to avoid commiting on secret rotations
2025-07-15 09:42:14 +00:00 · 2025-06-10 17:38:23 -03:00 · 2025-06-10 17:06:26 -03:00
4 changed files with 21 additions and 26 deletions
--- a/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-service.ts
+++ b/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-service.ts
@ -139,6 +139,7 @@ export const secretRotationV2ServiceFactory = ({
  resourceMetadataDAL,
  permissionService,
  appConnectionService,
  folderCommitService,
  projectBotService,
  licenseService,
  kmsService,
@ -147,7 +148,6 @@ export const secretRotationV2ServiceFactory = ({
  snapshotService,
  keyStore,
  queueService,
  folderCommitService,
  appConnectionDAL
 }: TSecretRotationV2ServiceFactoryDep) => {
  const $queueSendSecretRotationStatusNotification = async (secretRotation: TSecretRotationV2Raw) => {
@ -541,12 +541,8 @@ export const secretRotationV2ServiceFactory = ({
            secretVersionDAL: secretVersionV2BridgeDAL,
            secretVersionTagDAL: secretVersionTagV2BridgeDAL,
            secretTagDAL,
            folderCommitService,
            resourceMetadataDAL,
-            actor: {
+            folderCommitService
              type: actor.type,
              actorId: actor.id
            }
          });
          await secretRotationV2DAL.insertSecretMappings(
@ -682,12 +678,8 @@ export const secretRotationV2ServiceFactory = ({
            secretVersionDAL: secretVersionV2BridgeDAL,
            secretVersionTagDAL: secretVersionTagV2BridgeDAL,
            secretTagDAL,
            folderCommitService,
            resourceMetadataDAL,
-            actor: {
+            folderCommitService
              type: actor.type,
              actorId: actor.id
            }
          });
          secretsMappingUpdated = true;
@ -805,7 +797,6 @@ export const secretRotationV2ServiceFactory = ({
            projectId,
            folderId,
            actorId: actor.id, // not actually used since rotated secrets are shared
            actorType: actor.type,
            folderCommitService,
            secretVersionDAL: secretVersionV2BridgeDAL,
            tx
@ -951,12 +942,9 @@ export const secretRotationV2ServiceFactory = ({
              secretDAL: secretV2BridgeDAL,
              secretVersionDAL: secretVersionV2BridgeDAL,
              secretVersionTagDAL: secretVersionTagV2BridgeDAL,
              folderCommitService,
              actor: {
                type: ActorType.PLATFORM
              },
              secretTagDAL,
-              resourceMetadataDAL
+              resourceMetadataDAL,
              folderCommitService
            });
            const currentTime = new Date();
--- a/backend/src/services/folder-commit/folder-commit-service.ts
+++ b/backend/src/services/folder-commit/folder-commit-service.ts
@ -804,8 +804,9 @@ export const folderCommitServiceFactory = ({
      );
    };
-    const arraysEqual = (a1: unknown[], a2: unknown[]) =>
+    const arraysEqual = (a1: unknown[], a2: unknown[]) => {
-      a1.length === a2.length && a1.every((obj1) => a2.some((obj2) => objectsEqual(obj1, obj2)));
+      return a1.length === a2.length && a1.every((obj1) => a2.some((obj2) => objectsEqual(obj1, obj2)));
    };
    const version1Reshaped = {
      ...version1,
@ -815,7 +816,7 @@ export const folderCommitServiceFactory = ({
      encryptedComment: version1.encryptedComment
        ? secretManagerDecryptor({ cipherTextBlob: version1.encryptedComment }).toString()
        : "",
-      metadata: version1.metadata as { key: string; value: string }[],
+      metadata: Array.isArray(version1.metadata) ? (version1.metadata as { key: string; value: string }[]) : [],
      tags: version1.tags.map((tag) => tag.id)
    };
    const version2Reshaped = {
@ -826,7 +827,7 @@ export const folderCommitServiceFactory = ({
      encryptedComment: version2.encryptedComment
        ? secretManagerDecryptor({ cipherTextBlob: version2.encryptedComment }).toString()
        : "",
-      metadata: version2.metadata as { key: string; value: string }[],
+      metadata: Array.isArray(version2.metadata) ? (version2.metadata as { key: string; value: string }[]) : [],
      tags: version2.tags.map((tag) => tag.id)
    };
    return (
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
@ -76,6 +76,7 @@ export const fnSecretBulkInsert = async ({
  secretVersionTagDAL,
  folderCommitService,
  actor,
  skipCommit,
  tx
 }: TFnSecretBulkInsert) => {
  const sanitizedInputSecrets = inputSecrets.map(
@ -141,7 +142,7 @@ export const fnSecretBulkInsert = async ({
      secretVersionId: sv.id
    }));
-  if (commitChanges.length > 0) {
+  if (commitChanges.length > 0 && !skipCommit) {
    await folderCommitService.createCommit(
      {
        actor: {
@ -216,7 +217,8 @@ export const fnSecretBulkUpdate = async ({
  secretTagDAL,
  secretVersionTagDAL,
  resourceMetadataDAL,
-  actor
+  actor,
  skipCommit
 }: TFnSecretBulkUpdate) => {
  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
  const identityActorId = actor && actor?.type === ActorType.IDENTITY ? actor?.actorId : undefined;
@ -366,7 +368,7 @@ export const fnSecretBulkUpdate = async ({
      isUpdate: true,
      secretVersionId: sv.id
    }));
-  if (commitChanges.length > 0) {
+  if (commitChanges.length > 0 && !skipCommit) {
    await folderCommitService.createCommit(
      {
        actor: {
@ -395,7 +397,8 @@ export const fnSecretBulkDelete = async ({
  secretDAL,
  secretQueueService,
  folderCommitService,
-  secretVersionDAL
+  secretVersionDAL,
  skipCommit
 }: TFnSecretBulkDelete) => {
  const deletedSecrets = await secretDAL.deleteMany(
    inputSecrets.map(({ type, secretKey }) => ({
@ -427,7 +430,7 @@ export const fnSecretBulkDelete = async ({
      type: CommitType.DELETE,
      secretVersionId: secretVersions[id].id
    }));
-  if (commitChanges.length > 0) {
+  if (commitChanges.length > 0 && !skipCommit) {
    await folderCommitService.createCommit(
      {
        actor: {
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
@ -184,6 +184,7 @@ export type TFnSecretBulkInsert = {
    type: string;
    actorId?: string;
  };
  skipCommit?: boolean;
 };
 type TRequireReferenceIfValue =
@ -214,6 +215,7 @@ export type TFnSecretBulkUpdate = {
    actorId?: string;
  };
  tx?: Knex;
  skipCommit?: boolean;
 };
 export type TFnSecretBulkDelete = {
@ -229,6 +231,7 @@ export type TFnSecretBulkDelete = {
  };
  folderCommitService: Pick<TFolderCommitServiceFactory, "createCommit">;
  secretVersionDAL: Pick<TSecretVersionV2DALFactory, "findLatestVersionMany">;
  skipCommit?: boolean;
 };
 export type THandleReminderDTO = {
Author	SHA1	Message	Date
carlosmonastyrski	dc0a1c6c7d	feat(secret-rotation): added back the secret rotations to PIT	2025-06-10 17:38:23 -03:00
carlosmonastyrski	5e2f7cbcfb	feat(secret-rotation): add fix for PIT to avoid commiting on secret rotations	2025-06-10 17:06:26 -03:00