Gracefully handle a missing crypt key in the Query Tool connection endpoints

[dpage]

Summary

After a backend/pod restart the in-memory crypt key is gone, so
manager.connection() raises CryptKeyMissing. The Query Tool new-connection
endpoints (_check_server_connection_status and the get_new_connection_*
handlers) swallowed it in a broad except Exception, logged a full ERROR
traceback, and returned a generic error the client cannot recognise. The
standard recovery — a 503 CRYPTKEY_MISSING response that the client uses to
transparently re-establish the key and retry — therefore never fired, leaving
the spurious "Crypt key is missing" message in the Query Tool (and noisy
tracebacks in the log) reported in #10027.

This re-raises CryptKeyMissing (along with ConnectionLost /
SSHTunnelConnectionLost) before the generic handler, matching the pattern
already used by the query-execution path, so these endpoints emit the standard
CRYPTKEY_MISSING response and the client recovers gracefully. No change to
key derivation or storage.

Test plan

• New regression scenario asserts the new-connection endpoint returns
  503 with CRYPTKEY_MISSING when the crypt key is missing (previously a
  swallowed generic error), and that the normal path is unchanged
  (tools.sqleditor.tests.test_new_connection_dialog).
• pycodestyle clean.

Closes #10027

Summary by CodeRabbit

• Bug Fixes
  • Query Tool new-connection endpoints now return a standard error response when the backend crypt key is missing after a restart, preventing a confusing traceback and allowing clients to recover transparently.
• Tests
  • Added/updated tests to validate the crypt-key-missing scenario and corresponding HTTP responses.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fbae23be-077d-40f8-a393-acca7f7aa094

📥 Commits

Reviewing files that changed from the base of the PR and between d775dc5 and 41cb678.

📒 Files selected for processing (2)

• docs/en_US/release_notes_9_16.rst
• web/pgadmin/tools/sqleditor/__init__.py

✅ Files skipped from review due to trivial changes (1)

• docs/en_US/release_notes_9_16.rst

🚧 Files skipped from review as they are similar to previous changes (1)

• web/pgadmin/tools/sqleditor/init.py

---

Walkthrough

This PR fixes Issue #10027 by updating Query Tool new-connection endpoints to catch CryptKeyMissing as a connection error so the framework returns the standard 503 CRYPTKEY_MISSING response; tests were added to simulate the exception and release notes document the fix.

Changes

CryptKeyMissing Exception Handling

Layer / File(s)	Summary
New-connection endpoint exception handling web/pgadmin/tools/sqleditor/__init__.py	Five handlers (_check_server_connection_status, get_new_connection_data, get_new_connection_database, get_new_connection_user, get_new_connection_role) now catch CryptKeyMissing alongside ConnectionLost and SSHTunnelConnectionLost, re-raising immediately instead of falling through to generic exception handling.
Test coverage for crypt key missing scenario web/pgadmin/tools/sqleditor/tests/test_new_connection_dialog.py	Import CryptKeyMissing, extend scenarios with crypt_key_missing flag and conditional 503 status, and update test execution to patch ServerManager.connection to raise the exception, then assert the 503 status and CRYPTKEY_MISSING response marker.
Release notes documentation docs/en_US/release_notes_9_16.rst	Document Issue #10027 fix: Query Tool new-connection endpoints now return standard CRYPTKEY_MISSING response instead of spurious error traceback after backend restart.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: gracefully handling missing crypt key in Query Tool connection endpoints, which matches the code changes across all modified files.
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from issue #10027: CryptKeyMissing is re-raised before generic exception handlers [#10027], standard CRYPTKEY_MISSING response is returned [#10027], and regression test validates the behavior [#10027].
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the crypt key handling issue: exception handling updates, release notes, and regression testing—no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR restores standard error handling for Query Tool “new connection” endpoints when the in-memory crypt key is missing after a backend restart, ensuring the client receives the expected 503 CRYPTKEY_MISSING response and can recover transparently.

Changes:

• Re-raise CryptKeyMissing (and existing ConnectionLost / SSHTunnelConnectionLost) ahead of broad except Exception handlers in Query Tool new-connection endpoints.
• Add a regression test asserting /sqleditor/new_connection_dialog/ returns 503 with CRYPTKEY_MISSING when the crypt key is missing.
• Document the fix in the 9.16 release notes (Issue #10027).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
web/pgadmin/tools/sqleditor/init.py	Ensures CryptKeyMissing propagates to the global handler so these endpoints emit the standard 503 CRYPTKEY_MISSING response.
web/pgadmin/tools/sqleditor/tests/test_new_connection_dialog.py	Adds a regression scenario covering the missing-crypt-key behavior for the new-connection dialog endpoint.
docs/en_US/release_notes_9_16.rst	Adds a release note entry for Issue #10027 describing the corrected behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.