From 8d609ba98c9365fb089d5a98e3980ad9f5214946 Mon Sep 17 00:00:00 2001
From: ramishra <ramishra@redhat.com>
Date: Tue, 16 Mar 2021 10:02:47 +0530
Subject: Allow deleting user_creds when can't be decrypted

There are situations when the auth_encryption_key changes
and customer wants to delete old stacks. We should allow
deleting those stacks.

Task: #42055
Change-Id: Ifc8c19e181902566d4f295fa979ab6869a4e0852
(cherry picked from commit 520e2389d3123efc9269bbf82c6c9998b6c62564)
(cherry picked from commit c3a8e3d64ebb37ab83b3cebb868cd68d4135f59d)
(cherry picked from commit c37ec5180cefbc992640bdb2e80ed67b92dc5664)
---
 heat/engine/stack.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/heat/engine/stack.py b/heat/engine/stack.py
index 7eecb6dab..9757aaa91 100644
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@@ -1884,11 +1884,13 @@ class Stack(collections.abc.Mapping):
     def _try_get_user_creds(self):
         # There are cases where the user_creds cannot be returned
         # due to credentials truncated when being saved to DB.
-        # Ignore this error instead of blocking stack deletion.
+        # Also, there are cases where auth_encryption_key has
+        # changed for some reason.
+        # Ignore these errors instead of blocking stack deletion.
         try:
             return ucreds_object.UserCreds.get_by_id(self.context,
                                                      self.user_creds_id)
-        except exception.Error:
+        except (exception.Error, exception.InvalidEncryptionKey):
             LOG.exception("Failed to retrieve user_creds")
             return None
 
-- 
cgit v1.2.1