improve error messages when resource creation fails

[SgtCoDFish]

Pull Request Motivation

I was creating some test certs for #7642 and observed that the error messages absolutely sucked if I tried to create a CertificateRequest which was far too large:

Warning  RequestFailed  22m (x6 over 22m)  cert-manager-certificates-request-manager  Failed to create CertificateRequest: admission webhook "webhook.cert-manager.io" denied the request: spec.request: Invalid value: []byte{...}: error decoding certificate request PEM block

This has two issues:

1. The []byte{...} contained tens of thousands of hex-encoded characters (e.g. 0x30) from the literal certificate request, making the actual error huge
2. The actual error (that the CR is too large) is removed.

This PR should add the actual error message in a few places, and will also truncate the stringified CR specifically when the CR is too large.

Kind

/kind cleanup

Release Note

Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data

[hjoshi123]

Looks like some of the tests are failing because the expected and actual message is different due to the change.. but otherwise lgtm

[SgtCoDFish]

note: these changes are just fixing spaces -> tabs to stop my editor complaining about mixed indentation

[erikgb]

This generally looks good to me. I've added a few comments/questions, but none of them are blockers. 😉

[SgtCoDFish]

/cherry-pick release-1.17

[cert-manager-bot]

@SgtCoDFish: once the present PR merges, I will cherry-pick it on top of release-1.17 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[SgtCoDFish]

/cherry-pick release-1.18

[cert-manager-bot]

@SgtCoDFish: once the present PR merges, I will cherry-pick it on top of release-1.18 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[erikgb]

/lgtm
/approve

🚀

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erikgb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [erikgb]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cert-manager-bot]

@SgtCoDFish: #7928 failed to apply on top of branch "release-1.17":

Applying: improve error messages when resource creation fails due to malformed PEM
Using index info to reconstruct a base tree...
M	internal/apis/certmanager/validation/certificaterequest.go
M	internal/controller/certificates/policies/checks_test.go
M	pkg/controller/certificaterequests/acme/acme_test.go
M	pkg/controller/certificaterequests/ca/ca_test.go
M	pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
M	pkg/controller/certificaterequests/sync_test.go
M	pkg/controller/certificates/readiness/readiness_controller_test.go
M	pkg/controller/certificatesigningrequests/acme/acme_test.go
M	pkg/controller/certificatesigningrequests/ca/ca_test.go
M	pkg/controller/certificatesigningrequests/selfsigned/selfsigned_test.go
M	pkg/controller/certificatesigningrequests/venafi/venafi_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/controller/certificatesigningrequests/venafi/venafi_test.go
Auto-merging pkg/controller/certificatesigningrequests/selfsigned/selfsigned_test.go
Auto-merging pkg/controller/certificatesigningrequests/ca/ca_test.go
Auto-merging pkg/controller/certificatesigningrequests/acme/acme_test.go
Auto-merging pkg/controller/certificates/readiness/readiness_controller_test.go
Auto-merging pkg/controller/certificaterequests/sync_test.go
Auto-merging pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
Auto-merging pkg/controller/certificaterequests/ca/ca_test.go
Auto-merging pkg/controller/certificaterequests/acme/acme_test.go
CONFLICT (content): Merge conflict in pkg/controller/certificaterequests/acme/acme_test.go
Auto-merging internal/controller/certificates/policies/checks_test.go
Auto-merging internal/apis/certmanager/validation/certificaterequest.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 improve error messages when resource creation fails due to malformed PEM

Details

In response to this:

/cherry-pick release-1.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[cert-manager-bot]

@SgtCoDFish: new pull request created: #7964

Details

In response to this:

/cherry-pick release-1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.