Fix calling ReadOne indefinitely for invalid Certificate specs (#45)

Issue #, if available: aws-controllers-k8s/community#2114

Description of changes:

Fixes calling `ReadOne` indefinitely for invalid Certificate specs.

Fixes aws-controllers-k8s/community#2114

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: cPu1

pkg/resource/certificate/sdk.go

@@ -1,9 +1,3 @@
 	if err = validatePublicValidationOptions(desired); err != nil {
-		ackcondition.SetTerminal(
-			desired,
-			corev1.ConditionTrue,
-			&domainValidationOptionsExceededMsg,
-			nil,
-		)
-		return desired, nil
+		return nil, ackerr.NewTerminalError(err)
 	}

templates/hooks/certificate/sdk_create_pre_build_request.go.tpl

@@ -0,0 +1,18 @@
+apiVersion: acm.services.k8s.aws/v1alpha1
+kind: Certificate
+metadata:
+  name: $CERTIFICATE_NAME
+spec:
+  domainName: $DOMAIN_NAME
+  certificateAuthorityARN: invalid
+  domainValidationOptions:
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+    - domainName: $DOMAIN_NAME
+  tags:
+  - key: environment
+    value: dev

test/e2e/resources/certificate_public_invalid.yaml

@@ -18,7 +18,7 @@
 
 import pytest
 
-from acktest.k8s import resource as k8s
+from acktest.k8s import resource as k8s, condition
 from acktest.resources import random_suffix_name
 from e2e import service_marker, CRD_GROUP, CRD_VERSION, load_resource
 from e2e.replacement_values import REPLACEMENT_VALUES
@@ -38,7 +38,7 @@
 MAX_WAIT_FOR_SYNCED_MINUTES = 1
 
 @pytest.fixture
-def certificate_public():
+def certificate_public(request):
     certificate_name = random_suffix_name("certificate", 20)
     domain_name = "example.com"
 
@@ -47,7 +47,7 @@ def certificate_public():
     replacements['DOMAIN_NAME'] = domain_name
 
     resource_data = load_resource(
-        "certificate_public",
+        request.param,
         additional_replacements=replacements,
     )
 
@@ -78,6 +78,7 @@ def certificate_public():
 @service_marker
 @pytest.mark.canary
 class TestCertificate:
+    @pytest.mark.parametrize('certificate_public', ['certificate_public'], indirect=True)
     def test_crud_public(
             self,
             certificate_public,
@@ -172,4 +173,20 @@ def test_crud_public(
 
         k8s.delete_custom_resource(ref)
         time.sleep(DELETE_WAIT_AFTER_SECONDS)
-        certificate.wait_until_deleted(certificate_arn)
+        certificate.wait_until_deleted(certificate_arn)
+
+    @pytest.mark.parametrize('certificate_public', ['certificate_public_invalid'], indirect=True)
+    def test_invalid(
+            self,
+            certificate_public,
+    ):
+        (ref, cr) = certificate_public
+        assert 'status' in cr
+
+        cond = k8s.get_resource_condition(ref, condition.CONDITION_TYPE_TERMINAL)
+        assert cond is not None
+        assert cond == {
+            'message': 'Too many domain validation errors',
+            'status': 'True',
+            'type': condition.CONDITION_TYPE_TERMINAL,
+        }