fix(konnect): handle CACertificate creation conflicts

Signed-off-by: Jintao Zhang <[email protected]>

controller/konnect/ops/ops.go

@@ -143,6 +143,8 @@ func Create[
 			id, err = getKongCredentialAPIKeyForUID(ctx, sdk.GetAPIKeyCredentialsSDK(), ent)
 		case *configurationv1alpha1.KongCredentialACL:
 			id, err = getKongCredentialACLForUID(ctx, sdk.GetACLCredentialsSDK(), ent)
+		case *configurationv1alpha1.KongCACertificate:
+			id, err = getKongCaCertificateForUID(ctx, sdk.GetCACertificatesSDK(), ent)
 			// ---------------------------------------------------------------------
 			// TODO: add other Konnect types
 		default:

controller/konnect/ops/ops_kongcacertificate.go

@@ -2,6 +2,8 @@ package ops
 
 import (
 	"context"
+	"fmt"
+	"github.com/samber/lo"
 
 	sdkkonnectcomp "github.com/Kong/sdk-konnect-go/models/components"
 	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
@@ -32,12 +34,15 @@ func createCACertificate(
 	// Can't adopt it as it will cause conflicts between the controller
 	// that created that entity and already manages it, hm
 	if errWrap := wrapErrIfKonnectOpFailed(err, CreateOp, cert); errWrap != nil {
-		SetKonnectEntityProgrammedConditionFalse(cert, "FailedToCreate", errWrap.Error())
 		return errWrap
 	}
 
-	cert.Status.Konnect.SetKonnectID(*resp.CACertificate.ID)
-	SetKonnectEntityProgrammedCondition(cert)
+	if resp == nil || resp.CACertificate == nil || resp.CACertificate.ID == nil || *resp.CACertificate.ID == "" {
+		return fmt.Errorf("failed creating %s: %w", cert.GetTypeName(), ErrNilResponse)
+	}
+
+	// At this point, the CACertificate has been created successfully.
+	cert.SetKonnectID(*resp.CACertificate.ID)
 
 	return nil
 }
@@ -100,3 +105,23 @@ func kongCACertificateToCACertificateInput(cert *configurationv1alpha1.KongCACer
 		Tags: GenerateTagsForObject(cert, cert.Spec.Tags...),
 	}
 }
+
+func getKongCaCertificateForUID(
+	ctx context.Context,
+	sdk sdkops.CACertificatesSDK,
+	cert *configurationv1alpha1.KongCACertificate,
+) (string, error) {
+	resp, err := sdk.ListCaCertificate(ctx, sdkkonnectops.ListCaCertificateRequest{
+		ControlPlaneID: cert.GetControlPlaneID(),
+		Tags:           lo.ToPtr(UIDLabelForObject(cert)),
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to list %s: %w", cert.GetTypeName(), err)
+	}
+
+	if resp == nil || resp.Object == nil {
+		return "", fmt.Errorf("failed listing %s: %w", cert.GetTypeName(), ErrNilResponse)
+	}
+
+	return getMatchingEntryFromListResponseData(sliceToEntityWithIDSlice(resp.Object.Data), cert)
+}

controller/konnect/ops/sdk/kongcacertificate.go

@@ -12,4 +12,5 @@ type CACertificatesSDK interface {
 	CreateCaCertificate(ctx context.Context, controlPlaneID string, caCertificate sdkkonnectcomp.CACertificateInput, opts ...sdkkonnectops.Option) (*sdkkonnectops.CreateCaCertificateResponse, error)
 	UpsertCaCertificate(ctx context.Context, request sdkkonnectops.UpsertCaCertificateRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.UpsertCaCertificateResponse, error)
 	DeleteCaCertificate(ctx context.Context, controlPlaneID string, caCertificateID string, opts ...sdkkonnectops.Option) (*sdkkonnectops.DeleteCaCertificateResponse, error)
+	ListCaCertificate(ctx context.Context, request sdkkonnectops.ListCaCertificateRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.ListCaCertificateResponse, error)
 }