fix: handle Certificate creation conflicts

Signed-off-by: Jintao Zhang <[email protected]>

controller/konnect/ops/kongcertificate.go

@@ -12,4 +12,5 @@ type CertificatesSDK interface {
 	CreateCertificate(ctx context.Context, controlPlaneID string, certificate sdkkonnectcomp.CertificateInput, opts ...sdkkonnectops.Option) (*sdkkonnectops.CreateCertificateResponse, error)
 	UpsertCertificate(ctx context.Context, request sdkkonnectops.UpsertCertificateRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.UpsertCertificateResponse, error)
 	DeleteCertificate(ctx context.Context, controlPlaneID string, certificateID string, opts ...sdkkonnectops.Option) (*sdkkonnectops.DeleteCertificateResponse, error)
+	ListCertificate(ctx context.Context, request sdkkonnectops.ListCertificateRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.ListCertificateResponse, error)
 }

controller/konnect/ops/ops.go

@@ -126,6 +126,8 @@ func Create[
 			id, err = getKongKeyForUID(ctx, sdk.GetKeysSDK(), ent)
 		case *configurationv1alpha1.KongUpstream:
 			id, err = getKongUpstreamForUID(ctx, sdk.GetUpstreamsSDK(), ent)
+		case *configurationv1alpha1.KongCertificate:
+			id, err = getKongCertificateForUID(ctx, sdk.GetCertificatesSDK(), ent)
 			// ---------------------------------------------------------------------
 			// TODO: add other Konnect types
 		default:

controller/konnect/ops/ops_kongcertificate.go

@@ -3,6 +3,8 @@ package ops
 import (
 	"context"
 	"errors"
+	"fmt"
+	"github.com/samber/lo"
 
 	sdkkonnectcomp "github.com/Kong/sdk-konnect-go/models/components"
 	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
@@ -33,12 +35,15 @@ func createCertificate(
 	// Can't adopt it as it will cause conflicts between the controller
 	// that created that entity and already manages it, hm
 	if errWrap := wrapErrIfKonnectOpFailed(err, CreateOp, cert); errWrap != nil {
-		SetKonnectEntityProgrammedConditionFalse(cert, "FailedToCreate", errWrap.Error())
 		return errWrap
 	}
 
-	cert.Status.Konnect.SetKonnectID(*resp.Certificate.ID)
-	SetKonnectEntityProgrammedCondition(cert)
+	if resp == nil || resp.Certificate == nil || resp.Certificate.ID == nil || *resp.Certificate.ID == "" {
+		return fmt.Errorf("failed creating %s: %w", cert.GetTypeName(), ErrNilResponse)
+	}
+
+	// At this point, the Certificate has been created successfully.
+	cert.SetKonnectID(*resp.Certificate.ID)
 
 	return nil
 }
@@ -89,12 +94,9 @@ func updateCertificate(
 				}
 			}
 		}
-		SetKonnectEntityProgrammedConditionFalse(cert, "FailedToUpdate", errWrap.Error())
 		return errWrap
 	}
 
-	SetKonnectEntityProgrammedCondition(cert)
-
 	return nil
 }
 
@@ -139,3 +141,23 @@ func kongCertificateToCertificateInput(cert *configurationv1alpha1.KongCertifica
 		Tags: GenerateTagsForObject(cert, cert.Spec.Tags...),
 	}
 }
+
+func getKongCertificateForUID(
+	ctx context.Context,
+	sdk CertificatesSDK,
+	cert *configurationv1alpha1.KongCertificate,
+) (string, error) {
+	resp, err := sdk.ListCertificate(ctx, sdkkonnectops.ListCertificateRequest{
+		ControlPlaneID: cert.GetControlPlaneID(),
+		Tags:           lo.ToPtr(UIDLabelForObject(cert)),
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to list %s: %w", cert.GetTypeName(), err)
+	}
+
+	if resp == nil || resp.Object == nil {
+		return "", fmt.Errorf("failed listing %s: %w", cert.GetTypeName(), ErrNilResponse)
+	}
+
+	return getMatchingEntryFromListResponseData(sliceToEntityWithIDSlice(resp.Object.Data), cert)
+}