AWS Route 53 dns provider error handling is inconsistent

[Peac36]

Describe the bug:
While working on #7234 I came across several issues with how the errors are processed in route53 dns provder

cert-manager/pkg/issuer/acme/dns/route53/route53.go

Lines 380 to 389 in 2f3c692

	func removeReqID(err error) error {
	var responseError *awshttp.ResponseError
	if errors.As(err, &responseError) {
	before := responseError.Error()
	// remove the request id from the error message
	responseError.RequestID = "<REDACTED>"
	after := responseError.Error()
	return errors.New(strings.Replace(err.Error(), before, after, 1))
	}
	return err

The function removeReqID completely overwrites the error chain which makes using of errors.As and errors.Is impossible.

Seconds, the errors returned by aws-sdk are not correctly wrapped. The wrong verbs are used - %s, %v

cert-manager/pkg/issuer/acme/dns/route53/route53.go

Line 157 in 2f3c692

return aws.Config{}, fmt.Errorf("unable to assume role: %s", removeReqID(err))

cert-manager/pkg/issuer/acme/dns/route53/route53.go

Line 177 in 2f3c692

return aws.Config{}, fmt.Errorf("unable to assume role with web identity: %s", removeReqID(err))

cert-manager/pkg/issuer/acme/dns/route53/route53.go

Line 296 in 2f3c692

return fmt.Errorf("failed to change Route 53 record set: %v", removeReqID(err))

cert-manager/pkg/issuer/acme/dns/route53/route53.go

Line 308 in 2f3c692

return false, fmt.Errorf("failed to query Route 53 change status: %v", removeReqID(err))

Expected behaviour:

Steps to reproduce the bug:

Anything else we need to know?:

Environment details:

• Kubernetes version:
• Cloud-provider/provisioner:
• cert-manager version:
• Install method: e.g., helm/static manifests

/kind bug

[wallrj-cyberark]

📢 A new pre-release is available which contains this fix or feature:

• https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-alpha.0

Please test and report back.