The label is using the certificate.csr itself in its composition. Now, x509 may have chars that can be considered special (\n, /, +, etc). I guess you fail whenever the CSR contains a char that the label itself cannot have.
Now, I cannot find where the label is passed through a regex. I see two regexes across the `secret-add` path: 1. https://github.com/juju/juju/blob/3.6/core/secrets/createsecret.go#L19 2. Within the agent's uniter, for the URI: https://github.com/juju/juju/blob/3.6/core/secrets/secret.go#L47-L53
Still, I cannot find where the label is checked against a regex. So, this is just a hypothesis rn.
@yazansalti can you point us to the charm that is using the CSR as a label?
In any case, would be easier to hash the CSR and use the hash as a label instead.
The label is using the certificate.csr itself in its composition. Now, x509 may have chars that can be considered special (\n, /, +, etc). I guess you fail whenever the CSR contains a char that the label itself cannot have.
Now, I cannot find where the label is passed through a regex. I see two regexes across the `secret-add` path: /github. com/juju/ juju/blob/ 3.6/core/ secrets/ createsecret. go#L19 /github. com/juju/ juju/blob/ 3.6/core/ secrets/ secret. go#L47- L53
1. https:/
2. Within the agent's uniter, for the URI: https:/
Still, I cannot find where the label is checked against a regex. So, this is just a hypothesis rn.
@yazansalti can you point us to the charm that is using the CSR as a label?
In any case, would be easier to hash the CSR and use the hash as a label instead.