From af617facc5d6a63f416c1a047c91a66008ee4364 Mon Sep 17 00:00:00 2001
From: ramishra <ramishra@redhat.com>
Date: Tue, 16 Mar 2021 12:19:26 +0530
Subject: Ignore resource_data decryption errors

If the auth_encryption_key changes We can possibly
ignore these errors when deleting stacks.

Task: 42056
Change-Id: I326e415db194a5b9c67acd038d7d2d993293ecb3
(cherry picked from commit 9407b4897e77db24bf1948153afbb1479d5dad42)
---
 heat/db/sqlalchemy/api.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/heat/db/sqlalchemy/api.py b/heat/db/sqlalchemy/api.py
index 31e6a5c78..7ca61a756 100644
--- a/heat/db/sqlalchemy/api.py
+++ b/heat/db/sqlalchemy/api.py
@@ -387,9 +387,14 @@ def resource_data_get_all(context, resource_id, data=None):
 
     for res in data:
         if res.redact:
-            ret[res.key] = crypt.decrypt(res.decrypt_method, res.value)
-        else:
-            ret[res.key] = res.value
+            try:
+                ret[res.key] = crypt.decrypt(res.decrypt_method, res.value)
+                continue
+            except exception.InvalidEncryptionKey:
+                LOG.exception('Failed to decrypt resource data %(rkey)s '
+                              'for %(rid)s, ignoring.',
+                              {'rkey': res.key, 'rid': resource_id})
+        ret[res.key] = res.value
     return ret
 
 
-- 
cgit v1.2.1