From 520e2389d3123efc9269bbf82c6c9998b6c62564 Mon Sep 17 00:00:00 2001
From: ramishra <ramishra@redhat.com>
Date: Tue, 16 Mar 2021 10:02:47 +0530
Subject: [PATCH] Allow deleting user_creds when can't be decrypted

There are situations when the auth_encryption_key changes
and customer wants to delete old stacks. We should allow
deleting those stacks.

Task: #42055
Change-Id: Ifc8c19e181902566d4f295fa979ab6869a4e0852
---
 heat/engine/stack.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/heat/engine/stack.py b/heat/engine/stack.py
index 829609f06b..d9fea31f95 100644
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@@ -1881,11 +1881,13 @@ class Stack(collections.abc.Mapping):
     def _try_get_user_creds(self):
         # There are cases where the user_creds cannot be returned
         # due to credentials truncated when being saved to DB.
-        # Ignore this error instead of blocking stack deletion.
+        # Also, there are cases where auth_encryption_key has
+        # changed for some reason.
+        # Ignore these errors instead of blocking stack deletion.
         try:
             return ucreds_object.UserCreds.get_by_id(self.context,
                                                      self.user_creds_id)
-        except exception.Error:
+        except (exception.Error, exception.InvalidEncryptionKey):
             LOG.exception("Failed to retrieve user_creds")
             return None