fix: Remove Finalizer from resource if create returns error

The reason marking a resource as managed (putting the finalizer)
before attempting a create is a general practice in kubernetes. The main reason we
do it is to protect against deletion protection.
If we don't put the finalizer, there is no deletion protection against the resource.

The current adoption logic expects the resource to not be managed
(no finalizer) to trigger an adoption.
If the initial creation attempt of a resource fails due to any AWS
error, any subsequent reconciliations attempting to adopt an existing
resource will not succeed.

These changes set the resource as unmanaged if for any reason there is
an error during the create call, which will allow the adoption logic to
run in subsequent reconciliations.

Author: michaelhtm

pkg/runtime/reconciler.go

@@ -638,6 +638,16 @@ func (r *resourceReconciler) createResource(
 	latest, err = rm.Create(ctx, desired)
 	rlog.Exit("rm.Create", err)
 	if err != nil {
+		// Here we're deciding to set a resource as unmanaged
+		// if the error is an AWS API Error. This will ensure
+		// that we're only managing (put finalizer) the resources
+		// that actually exist in AWS.
+		if _, ok := ackerr.AWSError(err); ok {
+			mErr := r.setResourceUnmanaged(ctx, rm, desired)
+			if mErr != nil {
+				return latest, err
+			}
+		}
 		return latest, err
 	}