fix incorrect error handling in route53 dns provider

[Peac36]

Pull Request Motivation

Fixes: #8166

/bug

NONE

CyberArk tracker: VC-46126

[cert-manager-prow]

Hi @Peac36. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[erikgb]

/ok-to-test

[Copilot]

Pull Request Overview

This PR fixes incorrect error handling in the Route53 DNS provider by refactoring the error redaction mechanism to properly preserve error chains while removing sensitive request IDs from AWS error messages.

• Replaced the problematic removeReqID function with a new RedactedError wrapper type
• Updated error formatting to use %w verb instead of %s to maintain error wrapping
• Renamed test function to reflect the new error handling approach

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
pkg/issuer/acme/dns/route53/route53.go	Replaced removeReqID function with RedactedError type and updated error formatting
pkg/issuer/acme/dns/route53/route53_test.go	Updated test function name and call to use new error handling function

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign munnerz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The Error() method modifies the original ResponseError by setting RequestID to '', which could affect other parts of the code that reference the same error. This is a side effect that violates the principle that Error() should be a read-only operation. Consider creating a copy of the ResponseError before modifying it.

[Copilot]

The RedactedError struct should validate that Err is not nil to prevent potential panics in the Error() and Unwrap() methods. Consider adding validation in a constructor function or checking for nil in the methods.

[erikgb]

/cc @wallrj

I think you have been in route53-land before. 😅

[mladen-rusev-cyberark]

/cybr

[Peac36]

@wallrj-cyberark - did you have a chance to review the changes?

[wallrj-cyberark]

@Peac36 I've been trying out a slightly different approach in #8221

• Fix unregulated retries with the DigitalOcean, Azure DNS, and AWS Route53 DNS-01 solver #8221

I moved the redaction / stabilization code nearer to where it is required and use it only where it is required (for the Reason field), so that the full detailed errors are once again included in the Kubernetes Events which are attached to the Challenge resources.

[Peac36]

Closing in favor of #8221