Adds support for Certificate resources (#2)

Initial support for Certificate resources. Items to note:

We hardcode `ValidationMethod` to "DNS" because the "EMAIL" validation method means cert renewal is not automateable. See https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html

We have some custom validation of the number of domain validation options. When requesting a public certificate with DNS validation, you can only submit a max of 5 subdomains/CNAME records for use in DNS validation, and since we hardcode DNS validation method, we need to check for this and put the Certificate into a Terminal state if there are more than 5 CNAME records listed in the DomainValidationOptions field.

Finally, we add a simple sleep of 5 seconds after successful creation since
https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html warns us that DescribeCertificate calls will not succeed for several seconds after a RequestCertificate call has returned the CertificateArn...

Issue aws-controllers-k8s/community#482

Signed-off-by: Jay Pipes <jaypipes@gmail.com>

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: jaypipes

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2023-01-11T16:22:56Z"
-  build_hash: e661ce95afc39b380653ca655503daebf1e1831b
+  build_date: "2023-01-11T19:39:12Z"
+  build_hash: cfce82dfeed4e658da394699720394b1f7d23ff6
   go_version: go1.19.4
-  version: v0.21.0-5-ge661ce9
-api_directory_checksum: fa2a0bb3ebeac0ca69a199dff2946d06133f2ac6
+  version: v0.22.0-1-gcfce82d
+api_directory_checksum: 090c67b92b4d0ddb4b58db94aa4b07b8c69dd530
 api_version: v1alpha1
 aws_sdk_go_version: v1.44.177
 generator_config_info:
-  file_checksum: 3911a939c7b2b7678e6ae86ff6e59678d19ab019
+  file_checksum: aa72a600b2490b566fcd54554ee64e386a001799
   original_file_name: generator.yaml
 last_modification:
   reason: API generation

apis/v1alpha1/certificate.go

@@ -1,2 +1,33 @@
 ignore:
-  resource_names:
+  field_paths:
+    - "RequestCertificateInput.IdempotencyToken"
+operations:
+  RequestCertificate:
+    resource_name: Certificate
+    operation_type: CREATE
+    override_values:
+      # NOTE(jaypipes): We only support DNS-based validation, because
+      # certificate renewal is not really automatable when email verification
+      # is used.
+      #
+      # See discussion here:
+      # https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
+      ValidationMethod: DNS
+  # NOTE(jaypipes): There is a GetCertificate API call, but that returns the
+  # actual cert bytes, not the attributes of the certificate request
+  DescribeCertificate:
+    resource_name: Certificate
+    operation_type: READ_ONE
+  UpdateCertificateOptions:
+    resource_name: Certificate
+    operation_type: UPDATE
+resources:
+  Certificate:
+    hooks:
+      sdk_create_pre_build_request:
+        template_path: hooks/certificate/sdk_create_pre_build_request.go.tpl
+      sdk_create_post_set_output:
+        template_path: hooks/certificate/sdk_create_post_set_output.go.tpl
+    fields:
+      KeyAlgorithm:
+        late_initialize: {}