credhub icon indicating copy to clipboard operation
credhub copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry

IOException in CertificateDataService.findAllValidMetadata(names) when names.length > 32768

Open andreasf opened this issue 3 years ago • 2 comments

CertificateDataService.findAllValidMetadata(names) passes the list of certificate names into a SELECT... IN (:names) statement. JdbcTemplate turns (:names) into a list of bind variables (?, ?, ?, ...) – one per cert name.

https://github.com/cloudfoundry/credhub/blob/16f5359eeef0d36b55dcc983a55e8fb9a082d8cd/components/credentials/src/main/kotlin/org/cloudfoundry/credhub/services/CertificateDataService.kt#L60

Postgres has a limit of 32768 bind variables per query that can easily be reached in production, especially in combination with cloudfoundry/bosh#2045.

Instead of passing in all cert names, they should be retrieved from the database as part of the same query.

andreasf avatar Jun 08 '22 13:06 andreasf

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Jun 08 '22 13:06 cf-gitbot

I am working on a fix

andreasf avatar Jun 08 '22 15:06 andreasf