Regular expression is invalid error when certificates-relation-changed

[gatici]

I related amf charm with self-signed-certificates, then certificates-relation-changed hook failed with the error below.

juju: 3.4.0 Microk8s: v1.27.11 self-signed-certificates: beta rev: 72 ubuntu: 23.04

Juju debug logs:

unit-amf-0: 22:38:17 INFO juju.worker.uniter.operation ran "certificates-relation-joined" hook (via hook dispatching script: dispatch)
unit-self-signed-certificates-0: 22:38:18 INFO unit.self-signed-certificates/0.juju-log certificates:39: Generated certificate for relation 39
unit-self-signed-certificates-0: 22:38:18 INFO juju.worker.uniter.operation ran "certificates-relation-changed" hook (via hook dispatching script: dispatch)
unit-amf-0: 22:38:19 INFO juju.worker.uniter.operation ran "certificates-relation-changed" hook (via hook dispatching script: dispatch)
unit-amf-0: 22:38:19 WARNING unit.amf/0.certificates-relation-changed /var/lib/juju/agents/unit-amf-0/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py:682: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
unit-amf-0: 22:38:19 WARNING unit.amf/0.certificates-relation-changed   return certificate_object.not_valid_after
unit-amf-0: 22:38:20 INFO unit.amf/0.juju-log certificates:39: Pushed certificate pushed to workload
unit-amf-0: 22:38:20 INFO unit.amf/0.juju-log certificates:39: Pushed amfcfg.conf config file
unit-amf-0: 22:38:24 ERROR juju.worker.uniter.context cannot apply changes: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:24 ERROR juju.worker.uniter.operation hook "certificates-relation-changed" (via hook dispatching script: dispatch) failed: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:24 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:38:29 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:38:29 WARNING unit.amf/0.certificates-relation-changed /var/lib/juju/agents/unit-amf-0/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py:682: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
unit-amf-0: 22:38:29 WARNING unit.amf/0.certificates-relation-changed   return certificate_object.not_valid_after
unit-amf-0: 22:38:30 ERROR juju.worker.uniter.context cannot apply changes: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:30 ERROR juju.worker.uniter.operation hook "certificates-relation-changed" (via hook dispatching script: dispatch) failed: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:30 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:38:40 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:38:41 WARNING unit.amf/0.certificates-relation-changed /var/lib/juju/agents/unit-amf-0/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py:682: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
unit-amf-0: 22:38:41 WARNING unit.amf/0.certificates-relation-changed   return certificate_object.not_valid_after
unit-amf-0: 22:38:42 ERROR juju.worker.uniter.context cannot apply changes: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:42 ERROR juju.worker.uniter.operation hook "certificates-relation-changed" (via hook dispatching script: dispatch) failed: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:38:42 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:39:02 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook
unit-amf-0: 22:39:03 WARNING unit.amf/0.certificates-relation-changed /var/lib/juju/agents/unit-amf-0/charm/lib/charms/tls_certificates_interface/v3/tls_certificates.py:682: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to not_valid_after_utc.
unit-amf-0: 22:39:03 WARNING unit.amf/0.certificates-relation-changed   return certificate_object.not_valid_after
unit-amf-0: 22:39:04 ERROR juju.worker.uniter.context cannot apply changes: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:39:04 ERROR juju.worker.uniter.operation hook "certificates-relation-changed" (via hook dispatching script: dispatch) failed: creating secrets: Regular expression is invalid: nothing to repeat
unit-amf-0: 22:39:04 INFO juju.worker.uniter awaiting error resolution for "relation-changed" hook

Model  Controller          Cloud/Region        Version  SLA          Timestamp
test1  microk8s-localhost  microk8s/localhost  3.4.0    unsupported  22:39:46+03:00

App                       Version  Status   Scale  Charm                     Channel        Rev  Address         Exposed  Message
amf                                error        1  sdcore-amf-k8s                             3  10.152.183.217  no       hook failed: "certificates-relation-changed"
ausf                               active       1  sdcore-ausf-k8s           1.3/edge        47  10.152.183.114  no       
grafana-agent-k8s         0.35.2   waiting      1  grafana-agent-k8s         latest/stable   58  10.152.183.27   no       installing agent
mongodb-k8s                        active       1  mongodb-k8s               6/beta          38  10.152.183.216  no       Primary
nms                                active       1  sdcore-nms-k8s            1.3/edge        37  10.152.183.201  no       
nrf                                active       1  sdcore-nrf-k8s            1.3/edge        53  10.152.183.25   no       
nssf                               active       1  sdcore-nssf-k8s           1.3/edge        42  10.152.183.102  no       
pcf                                active       1  sdcore-pcf-k8s            1.3/edge        43  10.152.183.242  no       
self-signed-certificates           active       1  self-signed-certificates  beta            72  10.152.183.135  no       
smf                                active       1  sdcore-smf-k8s            1.3/edge        49  10.152.183.48   no       
traefik-k8s               2.10.4   active       1  traefik-k8s               latest/stable  166  10.0.0.3        no       
udm                                active       1  sdcore-udm-k8s            1.3/edge        40  10.152.183.127  no       
udr                                active       1  sdcore-udr-k8s            1.3/edge        42  10.152.183.110  no       
upf                                active       1  sdcore-upf-k8s            1.3/edge        52  10.152.183.152  no       
webui                              active       1  sdcore-webui-k8s          1.3/edge        26  10.152.183.206  no       

Unit                         Workload  Agent  Address      Ports  Message
amf/0*                       error     idle   10.1.146.8          hook failed: "certificates-relation-changed"
ausf/0*                      active    idle   10.1.146.38         
grafana-agent-k8s/0*         blocked   idle   10.1.146.25         logging-consumer: off, grafana-cloud-config: off
mongodb-k8s/0*               active    idle   10.1.146.58         Primary
nms/0*                       active    idle   10.1.146.9          
nrf/0*                       active    idle   10.1.146.33         
nssf/0*                      active    idle   10.1.146.30         
pcf/0*                       active    idle   10.1.146.63         
self-signed-certificates/0*  active    idle   10.1.146.27         

[gatici]

unit-amf-0: 22:39:04 ERROR juju.worker.uniter.context cannot apply changes: creating secrets: Regular expression is invalid: nothing to repeat

[gruyaume]

This bug could be caused by the TLS lib when we create secret on the requirer side.

[kayra1]

It's most likely in the lib and seems to be some sort of race condition, I just got this same error here: https://github.com/canonical/vault-k8s-operator/actions/runs/8278874902/job/22652130839

[saltiyazan]

Related Juju bug was created. https://bugs.launchpad.net/juju/+bug/2058012

[saltiyazan]

A fix has been committed in Juju 3.4. For the bug. I'll be closing this issue soon and we can reopen it if the error appears again.

[saltiyazan]

Fix PR in the tls library.