diff --git a/pkg/resource/certificate/sdk.go b/pkg/resource/certificate/sdk.go index 8b45005..76316b1 100644 --- a/pkg/resource/certificate/sdk.go +++ b/pkg/resource/certificate/sdk.go @@ -406,13 +406,7 @@ func (rm *resourceManager) sdkCreate( exit(err) }() if err = validatePublicValidationOptions(desired); err != nil { - ackcondition.SetTerminal( - desired, - corev1.ConditionTrue, - &domainValidationOptionsExceededMsg, - nil, - ) - return desired, nil + return nil, ackerr.NewTerminalError(err) } input, err := rm.newCreateRequestPayload(ctx, desired) diff --git a/templates/hooks/certificate/sdk_create_pre_build_request.go.tpl b/templates/hooks/certificate/sdk_create_pre_build_request.go.tpl index 2d638c6..1380067 100644 --- a/templates/hooks/certificate/sdk_create_pre_build_request.go.tpl +++ b/templates/hooks/certificate/sdk_create_pre_build_request.go.tpl @@ -1,9 +1,3 @@ if err = validatePublicValidationOptions(desired); err != nil { - ackcondition.SetTerminal( - desired, - corev1.ConditionTrue, - &domainValidationOptionsExceededMsg, - nil, - ) - return desired, nil + return nil, ackerr.NewTerminalError(err) } diff --git a/test/e2e/resources/certificate_public_invalid.yaml b/test/e2e/resources/certificate_public_invalid.yaml new file mode 100644 index 0000000..7ef1824 --- /dev/null +++ b/test/e2e/resources/certificate_public_invalid.yaml @@ -0,0 +1,18 @@ +apiVersion: acm.services.k8s.aws/v1alpha1 +kind: Certificate +metadata: + name: $CERTIFICATE_NAME +spec: + domainName: $DOMAIN_NAME + certificateAuthorityARN: invalid + domainValidationOptions: + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + - domainName: $DOMAIN_NAME + tags: + - key: environment + value: dev diff --git a/test/e2e/tests/test_certificate.py b/test/e2e/tests/test_certificate.py index 63292dc..f42bf20 100644 --- a/test/e2e/tests/test_certificate.py +++ b/test/e2e/tests/test_certificate.py @@ -18,7 +18,7 @@ import pytest -from acktest.k8s import resource as k8s +from acktest.k8s import resource as k8s, condition from acktest.resources import random_suffix_name from e2e import service_marker, CRD_GROUP, CRD_VERSION, load_resource from e2e.replacement_values import REPLACEMENT_VALUES @@ -38,7 +38,7 @@ MAX_WAIT_FOR_SYNCED_MINUTES = 1 @pytest.fixture -def certificate_public(): +def certificate_public(request): certificate_name = random_suffix_name("certificate", 20) domain_name = "example.com" @@ -47,7 +47,7 @@ def certificate_public(): replacements['DOMAIN_NAME'] = domain_name resource_data = load_resource( - "certificate_public", + request.param, additional_replacements=replacements, ) @@ -78,6 +78,7 @@ def certificate_public(): @service_marker @pytest.mark.canary class TestCertificate: + @pytest.mark.parametrize('certificate_public', ['certificate_public'], indirect=True) def test_crud_public( self, certificate_public, @@ -172,4 +173,20 @@ def test_crud_public( k8s.delete_custom_resource(ref) time.sleep(DELETE_WAIT_AFTER_SECONDS) - certificate.wait_until_deleted(certificate_arn) \ No newline at end of file + certificate.wait_until_deleted(certificate_arn) + + @pytest.mark.parametrize('certificate_public', ['certificate_public_invalid'], indirect=True) + def test_invalid( + self, + certificate_public, + ): + (ref, cr) = certificate_public + assert 'status' in cr + + cond = k8s.get_resource_condition(ref, condition.CONDITION_TYPE_TERMINAL) + assert cond is not None + assert cond == { + 'message': 'Too many domain validation errors', + 'status': 'True', + 'type': condition.CONDITION_TYPE_TERMINAL, + }