From b27a3e9f70920bcdcf8ed327af43ab5eca7abee4 Mon Sep 17 00:00:00 2001
From: Michael Golowka <72365+pcman312@users.noreply.github.com>
Date: Wed, 12 May 2021 17:09:56 -0600
Subject: [PATCH] DB engine: Check ErrPluginStaticUnsupported in rollback code
 (#11601)

---
 builtin/logical/database/rollback.go | 4 +++-
 changelog/11585.txt                  | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelog/11585.txt

diff --git a/builtin/logical/database/rollback.go b/builtin/logical/database/rollback.go
index ab261b87e..c8221f3c4 100644
--- a/builtin/logical/database/rollback.go
+++ b/builtin/logical/database/rollback.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 
+	"github.com/hashicorp/vault/sdk/database/dbplugin"
+
 	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/mitchellh/mapstructure"
@@ -104,7 +106,7 @@ func (b *databaseBackend) rollbackDatabaseCredentials(ctx context.Context, confi
 	// It actually is the root user here, but we only want to use SetCredentials since
 	// RotateRootCredentials doesn't give any control over what password is used
 	_, err = dbi.database.UpdateUser(ctx, updateReq, false)
-	if status.Code(err) == codes.Unimplemented {
+	if status.Code(err) == codes.Unimplemented || err == dbplugin.ErrPluginStaticUnsupported {
 		return nil
 	}
 	return err
diff --git a/changelog/11585.txt b/changelog/11585.txt
new file mode 100644
index 000000000..c983802a6
--- /dev/null
+++ b/changelog/11585.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/database: Fixes issue for V4 database interface where `SetCredentials` wasn't falling back to using `RotateRootCredentials` if `SetCredentials` is `Unimplemented`
+```