Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to issue certificate when namespace name + certificate name > 35 characters #30

Closed
kit837 opened this issue Jun 21, 2021 · 0 comments · Fixed by #31
Closed

Unable to issue certificate when namespace name + certificate name > 35 characters #30

kit837 opened this issue Jun 21, 2021 · 0 comments · Fixed by #31

Comments

@kit837
Copy link
Contributor

kit837 commented Jun 21, 2021
edited
Loading

Use case:

I would like to issue a certificate where the combined number of characters of the namespace and certificate name is more than 35 characters.

For example:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-very-long-certificate-name-that-has-quite-a-few-characters
  namespace: example

Expected behavior:

A certificate should be issued.

Actual behavior:

A certificate is not issued, and I receive an the following error in the logs for aws-privateca-issuer:

{"level":"error","ts":1624317003.908817,"logger":"controllers.CertificateRequest","msg":"failed to request certificate from PCA","certificaterequest":"example/my-very-long-certificate-name-that-has-quite-a-few-c-8qbnl","error":"operation error ACM PCA: IssueCertificate, https response error StatusCode: 400, RequestID: c73883c0-2ae8-42f1-9369-ca1705b36119, api error ValidationException: 1 validation error detected: Value example/my-very-long-certificate-name-that-has-quite-a-few-c-8qbnl at idempotencyToken failed to satisfy constraint: Member must have length less than or equal to 36","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error
        /go/pkg/mod/github.com/go-logr/zapr@v0.2.0/zapr.go:132
github.com/cert-manager/aws-privateca-issuer/pkg/controllers.(*CertificateRequestReconciler).Reconcile
        /workspace/pkg/controllers/certificaterequest_controller.go:172
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.8.3/pkg/internal/controller/controller.go:298
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.8.3/pkg/internal/controller/controller.go:253
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.8.3/pkg/internal/controller/controller.go:216
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:185
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:155
k8s.io/apimachinery/pkg/util/wait.BackoffUntil
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:156
k8s.io/apimachinery/pkg/util/wait.JitterUntil
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:133
k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:185
k8s.io/apimachinery/pkg/util/wait.UntilWithContext
        /go/pkg/mod/k8s.io/apimachinery@v0.20.2/pkg/util/wait/wait.go:99"}

References:
@marshields marshields mentioned this issue Jun 22, 2021
Merged
marshields added a commit to marshields/aws-privateca-issuer that referenced this issue Jun 22, 2021
@marshields
Use a md5 sum for idempotency token.
50f8cbc 
Fixes cert-manager#30

Signed-off-by: marshields <78823471+marshields@users.noreply.github.com>
marshields added a commit to marshields/aws-privateca-issuer that referenced this issue Jun 23, 2021
@marshields
Use a md5 sum for idempotency token.
34e0511 
Fixes cert-manager#30

Signed-off-by: marshields <78823471+marshields@users.noreply.github.com>
marshields added a commit to marshields/aws-privateca-issuer that referenced this issue Jun 23, 2021
@marshields
Use a md5 sum for idempotency token
37deb06 
Fixes cert-manager#30

Signed-off-by: marshields <78823471+marshields@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use a md5 sum for idempotency token marshields/aws-privateca-issuer
1 participant
@kit837