Adding RequestDisallowedByPolicy cloud error (#2963)

* Adding RequestDisallowedByPolicy cloud error * Removing test content
Azure · Jun 21, 2023 · 87f1e43 · 87f1e43
1 parent bcd60e8
commit 87f1e43
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/pkg/api/error.go b/pkg/api/error.go
@@ -101,6 +101,7 @@ const (
 	CloudErrorCodeCannotDeleteLoadBalancerByID       = "CannotDeleteLoadBalancerWithPrivateLinkService"
 	CloudErrorCodeInUseSubnetCannotBeDeleted         = "InUseSubnetCannotBeDeleted"
 	CloudErrorCodeScopeLocked                        = "ScopeLocked"
+	CloudErrorCodeRequestDisallowedByPolicy          = "RequestDisallowedByPolicy"
 )
 
 // NewCloudError returns a new CloudError

diff --git a/pkg/cluster/deploybaseresources.go b/pkg/cluster/deploybaseresources.go
@@ -227,7 +227,8 @@ func (m *manager) attachNSGs(ctx context.Context) error {
 
 func (m *manager) setMasterSubnetPolicies(ctx context.Context) error {
 	// TODO: there is probably an undesirable race condition here - check if etags can help.
-	s, err := m.subnet.Get(ctx, m.doc.OpenShiftCluster.Properties.MasterProfile.SubnetID)
+	subnetId := m.doc.OpenShiftCluster.Properties.MasterProfile.SubnetID
+	s, err := m.subnet.Get(ctx, subnetId)
 	if err != nil {
 		return err
 	}
@@ -241,7 +242,31 @@ func (m *manager) setMasterSubnetPolicies(ctx context.Context) error {
 	}
 	s.SubnetPropertiesFormat.PrivateLinkServiceNetworkPolicies = to.StringPtr("Disabled")
 
-	return m.subnet.CreateOrUpdate(ctx, m.doc.OpenShiftCluster.Properties.MasterProfile.SubnetID, s)
+	err = m.subnet.CreateOrUpdate(ctx, subnetId, s)
+
+	if detailedErr, ok := err.(autorest.DetailedError); ok {
+		if strings.Contains(detailedErr.Original.Error(), "RequestDisallowedByPolicy") {
+			return &api.CloudError{
+				StatusCode: http.StatusBadRequest,
+				CloudErrorBody: &api.CloudErrorBody{
+					Code: api.CloudErrorCodeRequestDisallowedByPolicy,
+					Message: fmt.Sprintf("Resource %s was disallowed by policy.",
+						subnetId[strings.LastIndex(subnetId, "/")+1:],
+					),
+					Details: []api.CloudErrorBody{
+						{
+							Code: api.CloudErrorCodeRequestDisallowedByPolicy,
+							Message: fmt.Sprintf("Policy definition : %s\nPolicy Assignment : %s",
+								regexp.MustCompile(`policyDefinitionName":"([^"]+)"`).FindStringSubmatch(detailedErr.Original.Error())[1],
+								regexp.MustCompile(`policyAssignmentName":"([^"]+)"`).FindStringSubmatch(detailedErr.Original.Error())[1],
+							),
+						},
+					},
+				},
+			}
+		}
+	}
+	return err
 }
 
 // generateInfraID take base and returns a ID that