From fff95b20e68e634e2f7a4a4e9ffbe70cf21f248a Mon Sep 17 00:00:00 2001
From: Weimin Yu <weiminyu@google.com>
Date: Tue, 20 Apr 2021 16:26:40 -0400
Subject: [PATCH] Skip undefined secrets in keyring migration (#1098)

* Skip undefined secrets in keyring migration

If a secret does not exist in datastore, log and skip it.
---
 .../main/java/google/registry/keyring/kms/KmsKeyring.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/google/registry/keyring/kms/KmsKeyring.java b/core/src/main/java/google/registry/keyring/kms/KmsKeyring.java
index 3b5c4c970..cd615a104 100644
--- a/core/src/main/java/google/registry/keyring/kms/KmsKeyring.java
+++ b/core/src/main/java/google/registry/keyring/kms/KmsKeyring.java
@@ -266,7 +266,13 @@ public class KmsKeyring implements Keyring {
             .collect(ImmutableList.toImmutableList());
 
     for (String keyName : labels) {
-      byte[] dsData = getDecryptedDataFromDatastore(keyName);
+      byte[] dsData;
+      try {
+        dsData = getDecryptedDataFromDatastore(keyName);
+      } catch (IllegalStateException e) {
+        logger.atWarning().log("Cannot load %s from Datastore. Skipping...", keyName);
+        continue;
+      }
       byte[] secretStoreData = getDataFromSecretStore(keyName);
       if (Arrays.equals(dsData, secretStoreData)) {
         logger.atInfo().log("%s is already up to date.\n", keyName);