From 9f44f1be490e836dd52d6d34b9ccb5345a08bd31 Mon Sep 17 00:00:00 2001
From: Andreas Karlsson <andreas.karlsson@percona.com>
Date: Tue, 10 Jun 2025 16:31:00 +0200
Subject: [PATCH] Be consistent about that finding no key in the provider is a
 success

All different provider types except Vault treated finding no key as
SUCCESS but with NULL as the key. Let's do this for Vault too which
slightly simplifies the callers which used to have to understand both
ways to handle a key not existing.
---
 contrib/pg_tde/src/catalog/tde_principal_key.c | 4 ++--
 contrib/pg_tde/src/keyring/keyring_vault.c     | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/contrib/pg_tde/src/catalog/tde_principal_key.c b/contrib/pg_tde/src/catalog/tde_principal_key.c
index 2b53d9f561c..d9990319979 100644
--- a/contrib/pg_tde/src/catalog/tde_principal_key.c
+++ b/contrib/pg_tde/src/catalog/tde_principal_key.c
@@ -256,7 +256,7 @@ set_principal_key_with_keyring(const char *key_name, const char *provider_name,
 
 		keyInfo = KeyringGetKey(new_keyring, key_name, &kr_ret);
 
-		if (kr_ret != KEYRING_CODE_SUCCESS && kr_ret != KEYRING_CODE_RESOURCE_NOT_AVAILABLE)
+		if (kr_ret != KEYRING_CODE_SUCCESS)
 		{
 			ereport(ERROR,
 					errmsg("failed to retrieve principal key from keyring provider :\"%s\"", new_keyring->provider_name),
@@ -333,7 +333,7 @@ xl_tde_perform_rotate_key(XLogPrincipalKeyRotate *xlrec)
 	new_keyring = GetKeyProviderByID(xlrec->keyringId, xlrec->databaseId);
 	keyInfo = KeyringGetKey(new_keyring, xlrec->keyName, &kr_ret);
 
-	if (kr_ret != KEYRING_CODE_SUCCESS && kr_ret != KEYRING_CODE_RESOURCE_NOT_AVAILABLE)
+	if (kr_ret != KEYRING_CODE_SUCCESS)
 	{
 		ereport(ERROR,
 				errmsg("failed to retrieve principal key from keyring provider: \"%s\"", new_keyring->provider_name),
diff --git a/contrib/pg_tde/src/keyring/keyring_vault.c b/contrib/pg_tde/src/keyring/keyring_vault.c
index 55357e88273..bd7d66c1b29 100644
--- a/contrib/pg_tde/src/keyring/keyring_vault.c
+++ b/contrib/pg_tde/src/keyring/keyring_vault.c
@@ -236,7 +236,6 @@ get_key_by_name(GenericKeyring *keyring, const char *key_name, KeyringReturnCode
 
 	if (httpCode == 404)
 	{
-		*return_code = KEYRING_CODE_RESOURCE_NOT_AVAILABLE;
 		goto cleanup;
 	}