Gracefully handle a missing crypt key in the Query Tool connection endpoints

[dpage]

Summary

After a backend/pod restart the in-memory crypt key is gone, so
manager.connection() raises CryptKeyMissing. The Query Tool new-connection
endpoints (_check_server_connection_status and the get_new_connection_*
handlers) swallowed it in a broad except Exception, logged a full ERROR
traceback, and returned a generic error the client cannot recognise. The
standard recovery — a 503 CRYPTKEY_MISSING response that the client uses to
transparently re-establish the key and retry — therefore never fired, leaving
the spurious "Crypt key is missing" message in the Query Tool (and noisy
tracebacks in the log) reported in #10027.

This re-raises CryptKeyMissing (along with ConnectionLost /
SSHTunnelConnectionLost) before the generic handler, matching the pattern
already used by the query-execution path, so these endpoints emit the standard
CRYPTKEY_MISSING response and the client recovers gracefully. No change to
key derivation or storage.

Test plan

• New regression scenario asserts the new-connection endpoint returns
  503 with CRYPTKEY_MISSING when the crypt key is missing (previously a
  swallowed generic error), and that the normal path is unchanged
  (tools.sqleditor.tests.test_new_connection_dialog).
• pycodestyle clean.

Closes #10027

Summary by CodeRabbit

• Bug Fixes
  • Fixed Query Tool new-connection endpoints to return a standard error response when the backend crypt key is missing after a restart, enabling transparent client recovery instead of surfacing a cryptic traceback.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9a9c18aa-8e6a-4f83-a7d2-336c76dd19f5

📥 Commits

Reviewing files that changed from the base of the PR and between 04fa05c and d775dc5.

📒 Files selected for processing (3)

• docs/en_US/release_notes_9_16.rst
• web/pgadmin/tools/sqleditor/__init__.py
• web/pgadmin/tools/sqleditor/tests/test_new_connection_dialog.py

---

Walkthrough

This PR fixes Issue #10027 by updating Query Tool new-connection endpoints to catch CryptKeyMissing exceptions as connection errors, triggering a standard 503 response with the CRYPTKEY_MISSING marker instead of a generic error with traceback. Five handlers are updated with identical exception patterns, test coverage validates the behavior, and release notes document the fix.

Changes

CryptKeyMissing Exception Handling

Layer / File(s)	Summary
New-connection endpoint exception handling web/pgadmin/tools/sqleditor/__init__.py	Five handlers (_check_server_connection_status, get_new_connection_data, get_new_connection_database, get_new_connection_user, get_new_connection_role) now catch CryptKeyMissing alongside ConnectionLost and SSHTunnelConnectionLost, re-raising immediately instead of falling through to generic exception handling.
Test coverage for crypt key missing scenario web/pgadmin/tools/sqleditor/tests/test_new_connection_dialog.py	Import CryptKeyMissing, extend scenarios with crypt_key_missing flag and conditional 503 status code, and update test execution to patch ServerManager.connection to raise the exception, then assert the 503 status and CRYPTKEY_MISSING response marker.
Release notes documentation docs/en_US/release_notes_9_16.rst	Document Issue #10027 fix: Query Tool new-connection endpoints now return standard CRYPTKEY_MISSING response instead of spurious error traceback after backend restart.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: gracefully handling a missing crypt key in Query Tool connection endpoints, which is precisely what the PR accomplishes.
Linked Issues check	✅ Passed	All coding requirements from issue #10027 are met: CryptKeyMissing is re-raised before generic handlers in connection endpoints, enabling standard CRYPTKEY_MISSING responses for client recovery.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing issue #10027: exception handling in sqleditor endpoints, test coverage, and release notes documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}