Fix AWS Security Group leakage at creation when an error occures (aws-controllers-k8s#174)

fix aws-controllers-k8s/community#1990

Description of changes: 
Change the hook `security_group/sdk_create_post_set_output.go.tpl` to always return the resource even if an error occurred. At this point the Security Group exists and we should keep track of it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: vflaux

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2024-01-15T16:33:37Z"
-  build_hash: 3753ca3f6610172e9e652d6e5e62e0a05f2e639c
-  go_version: go1.21.5
-  version: v0.28.0-11-g3753ca3
+  build_date: "2024-01-18T10:01:49Z"
+  build_hash: 7fd3f40fa2160580297ee82914ccdde32312312b
+  go_version: go1.21.6
+  version: v0.28.0-17-g7fd3f40
 api_directory_checksum: 8b27f9e65dbad1f5f825c84d1dbe8fd333baf2a5
 api_version: v1alpha1
 aws_sdk_go_version: v1.44.93

helm/crds/services.k8s.aws_adoptedresources.yaml

@@ -161,10 +161,10 @@ spec:
                               description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                               type: string
                             name:
-                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
                               type: string
                             uid:
-                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
                               type: string
                           required:
                           - apiVersion

helm/templates/role-writer.yaml

@@ -10,35 +10,20 @@ rules:
   - ec2.services.k8s.aws
   resources:
   - dhcpoptions
-
   - elasticipaddresses
-
   - flowlogs
-
   - instances
-
   - internetgateways
-
   - natgateways
-
   - networkacls
-
   - routetables
-
   - securitygroups
-
   - subnets
-
   - transitgateways
-
   - vpcs
-
   - vpcendpoints
-
   - vpcendpointserviceconfigurations
-
   - vpcpeeringconnections
-
   verbs:
   - create
   - delete

pkg/resource/security_group/sdk.go

@@ -5,18 +5,18 @@
 
 	// Delete the default egress rule
 	if err = rm.deleteDefaultSecurityGroupRule(ctx, &resource{ko}); err != nil {
-		return nil, err
+		return &resource{ko}, err
 	}
 
 	if err = rm.syncSGRules(ctx, &resource{ko}, nil); err != nil {
-		return nil, err
+		return &resource{ko}, err
 	}
 
 	// A ReadOne call for SecurityGroup Rules (NOT SecurityGroups)
 	// is made to refresh Status.Rules with the recently-updated
 	// data from the above `sync` call
 	if rules, err := rm.getRules(ctx, &resource{ko}); err != nil {
-		return nil, err
+		return &resource{ko}, err
 	} else {
 		ko.Status.Rules = rules
 	}