Allow deleting user_creds when can't be decrypted

There are situations when the auth_encryption_key changes and customer wants to delete old stacks. We should allow deleting those stacks. Task: #42055 Change-Id: Ifc8c19e181902566d4f295fa979ab6869a4e0852 (cherry picked from commit 520e2389d3) (cherry picked from commit c3a8e3d64e) (cherry picked from commit c37ec5180c) (cherry picked from commit 8d609ba98c)
2021-03-16 10:02:47 +05:30 · 2021-03-16 10:02:47 +05:30 · 15667ccb3d
parent cef030c96f
commit 15667ccb3d
1 changed files with 4 additions and 2 deletions
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@ -1835,11 +1835,13 @@ class Stack(collections.Mapping):
    def _try_get_user_creds(self):
        # There are cases where the user_creds cannot be returned
        # due to credentials truncated when being saved to DB.
-        # Ignore this error instead of blocking stack deletion.
+        # Also, there are cases where auth_encryption_key has
+        # changed for some reason.
+        # Ignore these errors instead of blocking stack deletion.
        try:
            return ucreds_object.UserCreds.get_by_id(self.context,
                                                     self.user_creds_id)
-        except exception.Error:
+        except (exception.Error, exception.InvalidEncryptionKey):
            LOG.exception("Failed to retrieve user_creds")
            return None