Open vt102 opened 2 years ago
Describe the bug In https://github.com/aws/aws-app-mesh-examples/blob/main/walkthroughs/tls-with-acm/README.md Step 2: Create a Certificate, the aws acm-pca issue-certificate step fails as follows:
aws acm-pca issue-certificate
[ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CSR=`aws acm-pca get-certificate-authority-csr \ > --certificate-authority-arn ${ROOT_CA_ARN} \ > --query Csr --output text` [ec2-user@ip-172-31-70-72 ~]$ AWS_CLI_VERSION=$(aws --version 2>&1 | cut -d/ -f2 | cut -d. -f1) [[ ${AWS_CLI_VERSION} -gt 1 ]] && ROOT_CA_CSR="$(echo ${ROOT_CA_CSR} | base64)"[ec2-user@ip-172-31-70-72 ~]$ [[ ${AWS_CLI_VERSION} -gt 1 ]] && ROOT_CA_CSR="$(echo ${ROOT_CA_CSR} | base64)" [ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CERT_ARN=`aws acm-pca issue-certificate \ > --certificate-authority-arn ${ROOT_CA_ARN} \ > --template-arn arn:aws:acm-pca:::template/RootCACertificate/V1 \ > --signing-algorithm SHA256WITHRSA \ > --validity Value=10,Type=YEARS \ > --csr "${ROOT_CA_CSR}" \ > --query CertificateArn --output text` An error occurred (ValidationException) when calling the IssueCertificate operation: 1 validation error detected: Value at 'csr' failed to satisfy constraint: Member must satisfy regular expression pattern: -----BEGIN CERTIFICATE REQUEST-----\r?\n([A-Za-z0-9/+]{64}\r?\n)*[A-Za-z0-9/+]{1,64}={0,2}\r?\n-----END CERTIFICATE REQUEST-----(\r?\n)?. [ec2-user@ip-172-31-70-72 ~]$ echo $ROOT_CA_CSR | base64 -d -----BEGIN CERTIFICATE REQUEST----- MIIC6jCCAdICAQAwgYIxCbase64: invalid input
The issue appears to be the CSR format:
[ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CSR=`aws acm-pca get-certificate-authority-csr \ > --certificate-authority-arn ${ROOT_CA_ARN} \ > --query Csr --output text` [ec2-user@ip-172-31-70-72 ~]$ echo $ROOT_CA_CSR -----BEGIN CERTIFICATE REQUEST----- MIIC6jCCAdICAQAwgYIxCzAJBgNVBAYTAlVTMRowGAYDVQQKDBFBcHAgTWVzaCBF eGFtcGxlczEUMBIGA1UECwwLVExTIEV4YW1wbGUxCzAJBgNVBAgMAldBMSIwIAYD ...teaKGrewvobYC8EKU2MMNfM+TNYeO9OBGgc74iamdXIPB9WWYCX9a0AIpRcenO0C 0eIZIIC8q/Ohy5o0E5epoKLnHX1xsqcfbsO1tkWI -----END CERTIFICATE REQUEST-----
The cause of this weird formatting appears to be due to BASH's IFS (internal field separator) behavior.
[ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS" $' \t\n' [ec2-user@ip-172-31-70-72 ~]$ FOO=`cat foo.txt` [ec2-user@ip-172-31-70-72 ~]$ echo $FOO foo bar baz [ec2-user@ip-172-31-70-72 ~]$ IFS= [ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS" '' [ec2-user@ip-172-31-70-72 ~]$ FOO=`cat foo.txt` [ec2-user@ip-172-31-70-72 ~]$ echo $FOO foo bar baz
Platform Amazon Linux 4.14.281-212.502.amzn2.x86_64, bash 4.2.46(2)
To Reproduce Steps to reproduce the behavior:
[ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS" $' \t\n'
I'll work up a PR soon.
Describe the bug In https://github.com/aws/aws-app-mesh-examples/blob/main/walkthroughs/tls-with-acm/README.md Step 2: Create a Certificate, the
aws acm-pca issue-certificate
step fails as follows:The issue appears to be the CSR format:
The cause of this weird formatting appears to be due to BASH's IFS (internal field separator) behavior.
Platform Amazon Linux 4.14.281-212.502.amzn2.x86_64, bash 4.2.46(2)
To Reproduce Steps to reproduce the behavior: