Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CertificateRequest status extension #2289

Closed
chojnack opened this issue Oct 25, 2019 · 4 comments · Fixed by #2508
Closed

CertificateRequest status extension #2289

chojnack opened this issue Oct 25, 2019 · 4 comments · Fixed by #2508
Assignees
@JoshVanL
Labels
area/api Indicates a PR directly modifies the 'pkg/apis' directory kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
v0.13

Comments

@chojnack
Copy link

Is your feature request related to a problem? Please describe.
The CertificateRequest status currently supports only these Reason values:

const (
        CertificateRequestReasonPending = "Pending"
        CertificateRequestReasonFailed  = "Failed"
        CertificateRequestReasonIssued  = "Issued"
)

The Failed value is used to indicate errors when issuing the certificate which are always considered to be an intermittent, so the CertificateRequest is always re-tried after 1 hour.

However, when clearing the error requires change in the certificate request (e.g. fixing common name or domain names) then re-trying such request automatically doesn't make sense.

Describe the solution you'd like

I think additional Reason value should be added to indicate problems that require change in the request for which automatic retry will be blocked e.g:

const (
CertificateRequestReasonPending = "Pending"
CertificateRequestReasonFailed = "Failed"
CertificateRequestReasonFailedNoRetry = "FailedNoRetry"
CertificateRequestReasonIssued = "Issued"
)

Additional context
ADCS Issuer implementation

Environment details (if applicable):

  • cert-manager version: 0.11.0

/kind feature
@jetstack-bot jetstack-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 25, 2019
@munnerz
Copy link
Member

munnerz commented Oct 29, 2019

👍 to this in terms of motivation - my only question would be around the terminology we use here for the reason string, although FailedNoRetry is at least clear and explicit for end-users.

cc @JoshVanL

@chojnack
Copy link
Author

I agree that readability of the code should be the priority. Other option could be e.g. 'Rejected' but it will not be so clear reg. the expected reaction.
I suspect that there' may be more potential reasons of unsuccessful requests in context of different issuers and protocols and the need of adding each one to the list will be annoying. So better to leave the decision how each failure reason should be interpreted to the issuer implementation, and just inform the cert-manager core what reaction is expected (retry/ noretry/anythingelse? )

Jut my thoughts. I'm leaving the decision to you of course :-)
Marcin

@munnerz munnerz added this to the Next milestone Nov 15, 2019
@munnerz munnerz mentioned this issue Nov 15, 2019
Closed
@munnerz
Copy link
Member

munnerz commented Nov 15, 2019

Another place where this would be useful #2370

@munnerz munnerz added area/api Indicates a PR directly modifies the 'pkg/apis' directory priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Nov 15, 2019
@munnerz munnerz modified the milestones: Next, v0.13 Dec 2, 2019
@munnerz munnerz mentioned this issue Dec 10, 2019
Merged
@munnerz
Copy link
Member

munnerz commented Dec 17, 2019

I've also raised this in the upstream discussion around extending the certificates.k8s.io CertificateSigningRequest type to include a signerName field: kubernetes/enhancements#1400 (comment)

@JoshVanL JoshVanL mentioned this issue Jan 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JoshVanL JoshVanL

Labels
area/api Indicates a PR directly modifies the 'pkg/apis' directory kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
v0.13
Development

Successfully merging a pull request may close this issue.

CertificateRequest InvalidRequest JoshVanL/cert-manager
4 participants
@munnerz @JoshVanL @chojnack @jetstack-bot