From 576a4ba7017ac97af5793e2a88fbb10ddffaeb3f Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Mon, 15 Jul 2024 16:56:12 +0200
Subject: [PATCH] [nova] use short service name for CommonName vencrypt cert

The CommonName has a max length of 64 bytes.

From https://docs.openstack.org/nova/latest/admin/remote-console-access.html#vnc-proxy-security

~~~
An x509 certificate to be presented to the VNC server. While
libvirt/QEMU will not currently do any validation of the CommonName
field, future versions will allow for setting up access controls
based on the CommonName. The CommonName field should match the
primary hostname of the controller node.
~~~

Related: https://issues.redhat.com/browse/OSPRH-8652

Signed-off-by: Martin Schuppert <mschuppert@redhat.com>
---
 pkg/openstack/nova.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/openstack/nova.go b/pkg/openstack/nova.go
index ca2e561e7..e1305818f 100644
--- a/pkg/openstack/nova.go
+++ b/pkg/openstack/nova.go
@@ -273,7 +273,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
 					certRequest := certmanager.CertificateRequest{
 						IssuerName: instance.GetLibvirtIssuer(),
 						CertName:   nova.Name + "-novncproxy-" + cellName + "-vencrypt",
-						CommonName: ptr.To(fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace)),
+						CommonName: ptr.To(serviceName),
 						Subject: &certmgrv1.X509Subject{
 							Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, ClusterInternalDomain)},
 						},