Scheduled tasks can't find the HSM user pin

[theseal]

Source installation from main (228c3c9297fda55f02ff48a6ff297dddce9feba9)

From log file:

  Value error, Provide one of so_pin or user_pin. [type=value_error, input_value={}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/value_error
Traceback (most recent call last):
  File "/opt/django-ca/venv/lib/python3.11/site-packages/celery/app/trace.py", line 453, in trace_task
    R = retval = fun(*args, **kwargs)
                 ^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/venv/lib/python3.11/site-packages/celery/app/trace.py", line 736, in __protected_call__
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/src/django-ca-228c3c9297fda55f02ff48a6ff297dddce9feba9/ca/django_ca/tasks.py", line 94, in cache_crl
    key_backend_options_model = ca.key_backend.use_model.model_validate(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/venv/lib/python3.11/site-packages/pydantic/main.py", line 596, in model_validate
    return cls.__pydantic_validator__.validate_python(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 1 validation error for HSMBackendUsePrivateKeyOptions
  Value error, Provide one of so_pin or user_pin. [type=value_error, input_value={}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/value_error
[2024-09-30 09:29:54,909: INFO/MainProcess] Task django_ca.tasks.acme_cleanup[f0490017-1166-4d3e-9c95-4dcc48319e9c] received
[2024-09-30 09:29:54,916: INFO/MainProcess] Task django_ca.tasks.generate_ocsp_keys[0f1e7cf9-4730-44c6-9eb1-24da32665f56] received
[2024-09-30 09:29:54,935: INFO/ForkPoolWorker-7] Task django_ca.tasks.acme_cleanup[f0490017-1166-4d3e-9c95-4dcc48319e9c] succeeded in 0.022879703028593212s: None
[2024-09-30 09:29:54,939: INFO/MainProcess] Task django_ca.tasks.generate_ocsp_key[78686bf5-3128-4535-9f92-05c81b930373] received
[2024-09-30 09:29:54,939: INFO/ForkPoolWorker-8] Task django_ca.tasks.generate_ocsp_keys[0f1e7cf9-4730-44c6-9eb1-24da32665f56] succeeded in 0.021443081961479038s: None
[2024-09-30 09:29:54,966: ERROR/ForkPoolWorker-7] Task django_ca.tasks.generate_ocsp_key[78686bf5-3128-4535-9f92-05c81b930373] raised unexpected: 1 validation error for HSMBackendUsePrivateKeyOptions
  Value error, Provide one of so_pin or user_pin. [type=value_error, input_value={}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/value_error
Traceback (most recent call last):
  File "/opt/django-ca/venv/lib/python3.11/site-packages/celery/app/trace.py", line 453, in trace_task
    R = retval = fun(*args, **kwargs)
                 ^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/venv/lib/python3.11/site-packages/celery/app/trace.py", line 736, in __protected_call__
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/src/django-ca-228c3c9297fda55f02ff48a6ff297dddce9feba9/ca/django_ca/tasks.py", line 162, in generate_ocsp_key
    key_backend_options_model = ca.key_backend.use_model.model_validate(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/django-ca/venv/lib/python3.11/site-packages/pydantic/main.py", line 596, in model_validate
    return cls.__pydantic_validator__.validate_python(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 1 validation error for HSMBackendUsePrivateKeyOptions
  Value error, Provide one of so_pin or user_pin. [type=value_error, input_value={}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.9/v/value_error

HSM configuration:

CA_KEY_BACKENDS:
  default:
    BACKEND: django_ca.key_backends.hsm.HSMBackend
    OPTIONS:
      library_path: "/usr/safenet/lunaclient/lib/libCryptoki2_64.so"
      token: services
      user_pin: hemliga_dokument

Regular signing with the HSM works fine.

[mathiasertl]

I believe this issue should be solved in the current main branch.

[theseal]

Yes, can confirm that the main branch works as intended. Great work, thanks!