@@ -336,26 +336,56 @@ func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description
336336 }
337337
338338 var secretName string
339+ credentialsUpdated := false
339340 // We want to rotate credentials
340341 if creds != nil {
341342 secretName , err = uc .credsRW .SaveCredentials (ctx , orgID , creds )
342343 if err != nil {
343344 return nil , fmt .Errorf ("storing the credentials: %w" , err )
344345 }
346+ credentialsUpdated = true
345347 }
346348
347- after , err := uc .repo .Update (ctx , & CASBackendUpdateOpts {
349+ // Update the backend without modifying validation status directly
350+ // The validation status will be updated through PerformValidation if needed
351+ // Don't set validation status here - let PerformValidation handle it
352+ updateOpts := & CASBackendUpdateOpts {
348353 ID : uuid ,
349354 CASBackendOpts : & CASBackendOpts {
350- SecretName : secretName , Default : defaultB , Description : description , OrgID : orgUUID ,
351- ValidationStatus : CASBackendValidationOK ,
352- ValidationError : ToPtr ("" ),
355+ SecretName : secretName ,
356+ Default : defaultB ,
357+ Description : description ,
358+ OrgID : orgUUID ,
353359 },
354- })
360+ }
361+
362+ // If we're not updating credentials, preserve the current validation status
363+ if ! credentialsUpdated {
364+ updateOpts .CASBackendOpts .ValidationStatus = before .ValidationStatus
365+ updateOpts .CASBackendOpts .ValidationError = before .ValidationError
366+ }
367+
368+ after , err := uc .repo .Update (ctx , updateOpts )
355369 if err != nil {
356370 return nil , err
357371 }
358372
373+ // If credentials were updated, perform validation to check if they work
374+ // This will properly update validation status and send events
375+ if credentialsUpdated {
376+ if err := uc .PerformValidation (ctx , id ); err != nil {
377+ // Log the validation error but don't fail the update operation
378+ // The validation status will be updated by PerformValidation
379+ uc .logger .Warnw ("msg" , "validation failed after credential update" , "ID" , id , "error" , err )
380+ }
381+
382+ // Reload the backend to get the updated validation status
383+ after , err = uc .repo .FindByIDInOrg (ctx , orgUUID , uuid )
384+ if err != nil {
385+ return nil , fmt .Errorf ("reloading backend after validation: %w" , err )
386+ }
387+ }
388+
359389 // If we just updated the backend from default=true => default=false, we need to set up the fallback as default
360390 if before .Default && ! after .Default {
361391 if _ , err := uc .defaultFallbackBackend (ctx , orgID ); err != nil {
@@ -374,7 +404,7 @@ func (uc *CASBackendUseCase) Update(ctx context.Context, orgID, id, description
374404 Default : after .Default ,
375405 },
376406 NewDescription : & description ,
377- CredentialsChanged : creds != nil ,
407+ CredentialsChanged : credentialsUpdated ,
378408 PreviousDefault : before .Default ,
379409 }, & orgUUID )
380410 }
0 commit comments