Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(acm): validated certificate survives eventual consistency in service #3528

Merged
merged 7 commits into from
Aug 7, 2019
Merged

fix(acm): validated certificate survives eventual consistency in service #3528

merged 7 commits into from
Aug 7, 2019

Conversation

michirue
Copy link
Contributor

@michirue michirue commented Aug 3, 2019
edited by rix0rrr
Loading

The DomainValidationOptions array could be empty, which would make the custom resource fail.

Handle that case, and limit the amount of retries.

Fixes #3527.

Please read the contribution guidelines and follow the pull-request checklist.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@hoegertn hoegertn mentioned this pull request Aug 4, 2019
Closed
@hoegertn
Copy link
Contributor

hoegertn commented Aug 4, 2019

I think

await sleep(Math.random() * (Math.pow(attempt, 2) * 100));

should be

await sleep(Math.random() * (Math.pow(2, attempt) * 100));

Can you add this fix? Then my PR is obsolete.

@hoegertn
Copy link
Contributor

hoegertn commented Aug 4, 2019

Next thing is that it only uses the first DomainValidation. If there are more ResourceRecords to set (e.g. for SANs) they are not populated in R53.

fix(aws-certificatemanager): fixes aws#3527 handling describeCertific…
68880ee 
…ate response in DnsValidatedCertificate
@michirue
Copy link
Contributor Author

michirue commented Aug 5, 2019

I think

await sleep(Math.random() * (Math.pow(attempt, 2) * 100));

should be

await sleep(Math.random() * (Math.pow(2, attempt) * 100));

Can you add this fix? Then my PR is obsolete.

Agree. Changed to 2^attempt.

@michirue
Copy link
Contributor Author

michirue commented Aug 5, 2019

Next thing is that it only uses the first DomainValidation. If there are more ResourceRecords to set (e.g. for SANs) they are not populated in R53.

Yes, it should also support providing a SAN/HostedZoneId map instead of a single hosted zone to cover all ACM/Route53 certificate creation scenarios.

@stephankaag
Copy link
Contributor

I had to adjust the max attempts to 5 before it worked for me, but after that, it worked 👍

@rix0rrr rix0rrr changed the title fix(aws-certificatemanager): fixes #3527 handling describeCertificate… fix(acm): fixes #3527 handling describeCertificate… Aug 7, 2019
@rix0rrr rix0rrr changed the title fix(acm): fixes #3527 handling describeCertificate… fix(acm): validated certificate survives eventual consistency in service Aug 7, 2019
rix0rrr
rix0rrr previously approved these changes Aug 7, 2019
View reviewed changes
@mergify mergify bot merged commit e7eabca into aws:master Aug 7, 2019
@nsvarich nsvarich mentioned this pull request Aug 12, 2019
Closed
5 tasks
@rix0rrr rix0rrr mentioned this pull request Aug 19, 2019
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@RomainMuller RomainMuller Awaiting requested review from RomainMuller

@skinny85 skinny85 Awaiting requested review from skinny85

@SoManyHs SoManyHs Awaiting requested review from SoManyHs

Assignees

@rix0rrr rix0rrr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

aws-certificatemanager DnsValidatedCertificateHandler fails on missing DomainValidatedOptions
4 participants
@michirue @hoegertn @stephankaag @rix0rrr