DB import command not working without cert_digest under ca_certificates in declarative config

[guillaumesmo]

Is there an existing issue for this?

• I have searched the existing issues

Kong version ($ kong version)

3.4

Current Behavior

_format_version: '3.0'
_transform: false
ca_certificates:
  - id: 85a67812-678c-5fe5-9ff1-60af91f31b4b
    cert: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----

Output of kong config db_import:

parse successful, beginning import
Error: Failed importing:
[postgres] primary key violation on key '{id="85a67812-678c-5fe5-9ff1-60af91f31b4b"}'

  Run with --v (verbose) or --vv (debug) for more details

The error message was misleading as the database didn't have any records in the ca_certificates table. However, logging on the database revealed the underlying issue:

ERROR:  null value in column "cert_digest" of relation "ca_certificates" violates not-null constraint
DETAIL:  Failing row contains (85a67812-678c-5fe5-9ff1-60af91f31b4b, 2023-11-28 13:42:58+00, -----BEGIN CERTIFICATE-----
2023-11-28 14:42:58    ..., null, null, 2023-11-28 13:42:58+00).

As a workaround, it's possible to add the "cert_digest" key to the CA certificate, however that is not consistent with the API for which cert_digest is optional and also the DB-less mode which works fine without that key.

Expected Behavior

I expect the db_import command to allow ca_certificates without mentioning cert_digest.

This should either store it in database with a null value (and handle that properly afterwards) or generate a digest on the fly when importing ( as already the case in the API I believe - see https://github.com/Kong/kong/blob/3.4.0/kong/db/schema/entities/ca_certificates.lua#L32 )

Steps To Reproduce

No response

Anything else?

No response

[bungle]

Internal ticket: KAG-3280