kong
kong copied to clipboard
Kong
DB import command not working without cert_digest under ca_certificates in declarative config
Is there an existing issue for this?
- [X] I have searched the existing issues
Kong version ($ kong version)
3.4
Current Behavior
_format_version: '3.0'
_transform: false
ca_certificates:
- id: 85a67812-678c-5fe5-9ff1-60af91f31b4b
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Output of kong config db_import:
parse successful, beginning import
Error: Failed importing:
[postgres] primary key violation on key '{id="85a67812-678c-5fe5-9ff1-60af91f31b4b"}'
Run with --v (verbose) or --vv (debug) for more details
The error message was misleading as the database didn't have any records in the ca_certificates table. However, logging on the database revealed the underlying issue:
ERROR: null value in column "cert_digest" of relation "ca_certificates" violates not-null constraint
DETAIL: Failing row contains (85a67812-678c-5fe5-9ff1-60af91f31b4b, 2023-11-28 13:42:58+00, -----BEGIN CERTIFICATE-----
2023-11-28 14:42:58 ..., null, null, 2023-11-28 13:42:58+00).
As a workaround, it's possible to add the "cert_digest" key to the CA certificate, however that is not consistent with the API for which cert_digest is optional and also the DB-less mode which works fine without that key.
Expected Behavior
I expect the db_import command to allow ca_certificates without mentioning cert_digest.
This should either store it in database with a null value (and handle that properly afterwards) or generate a digest on the fly when importing ( as already the case in the API I believe - see https://github.com/Kong/kong/blob/3.4.0/kong/db/schema/entities/ca_certificates.lua#L32 )
Steps To Reproduce
No response
Anything else?
No response
