Giters

gardener / gardener-extension-provider-azure

Gardener extension controller for the Azure cloud provider (https://azure.microsoft.com).

Home Page:https://gardener.cloud

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Improve error code matching

ialidzhikov opened this issue · comments

commented

How to categorize this issue?

/area quality
/kind enhancement
/platform azure

What would you like to be added:
I noticed a Shoot failing to be deleted with the following error:

task "Waiting until shoot infrastructure has been deleted" failed: Failed to delete Infrastructure shoot--foo--bar/bar: Error deleting Infrastructure: resources.GroupsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<some-uid>' with object id '<some-uid>' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/<some-uid>/resourcegroups/shoot--foo--bar' or the scope is invalid. If access was recently granted, please refresh your credentials."

This error should be properly categorized by provider-azure and the Infrastructure has to be properly flagged with the appropriate error code.

Why is this needed:
Less effort for ops people to manually triage such issues

commented

@acumino , I see that the errors in provider-azure should match AuthorizationFailed (from the error above)

gardener-extension-provider-azure/pkg/apis/azure/helper/error_codes.go

Line 25 in 5277ad3

unauthorizedRegexp = regexp.MustCompile(`(?i)(Unauthorized|SignatureDoesNotMatch|AuthorizationFailed|invalid_grant|Authorization Profile was not found|no active subscriptions|not authorized|AccessDenied|OperationNotAllowed)`)

But I see that the Infrastructure resource does not have any error codes assigned.