func()

in pkg/azure/client.go [134:201]

• 58 lines of code
• 9 McCabe index (conditional complexity)

func (az *azClient) WaitForGetAccessOnGateway(maxRetryCount int) (err error) {
	klog.V(3).Info("Getting Application Gateway configuration.")
	err = utils.Retry(maxRetryCount, retryPause,
		func() (utils.Retriable, error) {
			response, err := az.appGatewaysClient.Get(az.ctx, string(az.resourceGroupName), string(az.appGwName))
			if err == nil {
				return utils.Retriable(true), nil
			}

			e := controllererrors.NewErrorWithInnerErrorf(
				controllererrors.ErrorGetApplicationGatewayError,
				err,
				"Failed fetching configuration for Application Gateway. Will retry in %v.", retryPause,
			)

			if response.Response.Response != nil {
				e = controllererrors.NewErrorWithInnerErrorf(
					controllererrors.ErrorApplicationGatewayUnexpectedStatusCode,
					err,
					"Unexpected status code '%d' while performing a GET on Application Gateway.", response.Response.StatusCode,
				)

				if response.Response.StatusCode == 404 {
					e.Code = controllererrors.ErrorApplicationGatewayNotFound
				}

				if response.Response.StatusCode == 403 {
					e.Code = controllererrors.ErrorApplicationGatewayForbidden

					clientID := "<agic-client-id>"
					if az.clientID != "" {
						clientID = az.clientID
					}

					groupID := ResourceGroupID(az.subscriptionID, az.resourceGroupName)
					applicationGatewayID := ApplicationGatewayID(az.subscriptionID, az.resourceGroupName, az.appGwName)
					roleAssignmentCmd := fmt.Sprintf("az role assignment create --role Reader --scope %s --assignee %s;"+
						" az role assignment create --role Contributor --scope %s --assignee %s",
						groupID,
						clientID,
						applicationGatewayID,
						clientID,
					)

					e.Message += fmt.Sprintf(" You can use '%s' to assign permissions."+
						" AGIC Identity needs at least 'Contributor' access to Application Gateway '%s' and 'Reader' access to Application Gateway's Resource Group '%s'.",
						roleAssignmentCmd,
						string(az.appGwName),
						string(az.resourceGroupName),
					)
				}
				if response.Response.StatusCode == 400 || response.Response.StatusCode == 401 {
					klog.Errorf("configuration error (bad request) or unauthorized error while performing a GET using the authorizer")
					klog.Errorf("stopping GET retries")
					return utils.Retriable(false), e
				}
			}

			klog.Errorf(e.Error())
			if controllererrors.IsErrorCode(e, controllererrors.ErrorApplicationGatewayNotFound) {
				return utils.Retriable(false), e
			}

			return utils.Retriable(true), e
		})

	return
}