Ensure fatal exceptions do not cause key regeneration (#8777)

github-actions[bot] · fabiocav · web-flow · commit 8ff9df282adc · 2022-09-22T12:57:51.000-07:00
Co-authored-by: Fabio Cavalcante &lt;facaval@microsoft.com&gt;
diff --git a/src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs b/src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs
@@ -106,7 +106,7 @@ public async virtual Task<HostSecretsInfo> GetHostSecretsAsync()
                             // so we read the secrets running them through the appropriate readers
                             hostSecrets = ReadHostSecrets(hostSecrets);
                         }
-                        catch (CryptographicException ex)
+                        catch (CryptographicException ex) when (!ex.InnerException.IsFatal())
                         {
                             string message = string.Format(Resources.TraceNonDecryptedHostSecretRefresh, ex);
                             _logger.LogDebug(message);
@@ -175,7 +175,7 @@ public async virtual Task<IDictionary<string, string>> GetFunctionSecretsAsync(s
                             // Read all secrets, which will run the keys through the appropriate readers
                             secrets.Keys = secrets.Keys.Select(k => _keyValueConverterFactory.ReadKey(k)).ToList();
                         }
-                        catch (CryptographicException ex)
+                        catch (CryptographicException ex) when (!ex.InnerException.IsFatal())
                         {
                             string message = string.Format(Resources.TraceNonDecryptedFunctionSecretRefresh, functionName, ex);
                             _logger.LogDebug(message);

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ public async virtual Task<HostSecretsInfo> GetHostSecretsAsync()`
`106`	`106`	`// so we read the secrets running them through the appropriate readers`
`107`	`107`	`hostSecrets = ReadHostSecrets(hostSecrets);`
`108`	`108`	`}`
`109`		`- catch (CryptographicException ex)`
	`109`	`+ catch (CryptographicException ex) when (!ex.InnerException.IsFatal())`
`110`	`110`	`{`
`111`	`111`	`string message = string.Format(Resources.TraceNonDecryptedHostSecretRefresh, ex);`
`112`	`112`	`_logger.LogDebug(message);`
`@@ -175,7 +175,7 @@ public async virtual Task<IDictionary<string, string>> GetFunctionSecretsAsync(s`
`175`	`175`	`// Read all secrets, which will run the keys through the appropriate readers`
`176`	`176`	`secrets.Keys = secrets.Keys.Select(k => _keyValueConverterFactory.ReadKey(k)).ToList();`
`177`	`177`	`}`
`178`		`- catch (CryptographicException ex)`
	`178`	`+ catch (CryptographicException ex) when (!ex.InnerException.IsFatal())`
`179`	`179`	`{`
`180`	`180`	`string message = string.Format(Resources.TraceNonDecryptedFunctionSecretRefresh, functionName, ex);`
`181`	`181`	`_logger.LogDebug(message);`