From 418ac54158f0188b7163ce968c4bbf20a655e6af Mon Sep 17 00:00:00 2001
From: Angus Salkeld <asalkeld@mirantis.com>
Date: Fri, 26 Jun 2015 10:55:45 +1000
Subject: [PATCH] Handle UnicodeDecodeError in
 db_decrypt_parameters_and_properties

When an incorrect encryption key is provided the decrypt function
will return rubbish that sometimes encodeutils will not be able
to deal with.

Change-Id: I7586bc16ce492144f617ee3adc31a2bc19a62173
Closes-bug: #1467965
---
 heat/db/sqlalchemy/api.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/heat/db/sqlalchemy/api.py b/heat/db/sqlalchemy/api.py
index 53fbddd014..36a3b837de 100644
--- a/heat/db/sqlalchemy/api.py
+++ b/heat/db/sqlalchemy/api.py
@@ -1169,7 +1169,13 @@ def db_decrypt_parameters_and_properties(ctxt, encryption_key):
             decrypt_function = getattr(crypt, decrypt_function_name)
             decrypted_val = decrypt_function(parameters[param_name][1],
                                              encryption_key)
-            parameters[param_name] = encodeutils.safe_decode(decrypted_val)
+            try:
+                parameters[param_name] = encodeutils.safe_decode(decrypted_val)
+            except UnicodeDecodeError:
+                # if the incorrect encryption_key was used then we can
+                # get total gibberish here and safe_decode() will freak out.
+                parameters[param_name] = decrypted_val
+
         raw_template.environment['encrypted_param_names'] = []
 
     session.commit()