in pkg/domain/authorizationPermissionMismatchErrorParser.go [37:79]
func parseAuthorizationPermissionMismatchError(authorizationFailedErrMsg string) (map[string][]string, error) {
log.Printf("Attempting to Parse AuthorizationPermissionMismatch Error: @@%s@@", authorizationFailedErrMsg)
re := regexp.MustCompile(`retrieving (queue|file|blob) properties for Storage Account \(Subscription: \"([^"]+)\"\nResource Group Name: \"([^"]+)\"\nStorage Account Name: \"([^"]+)\"\): executing request: unexpected status 403 \(403 This request is not authorized to perform this operation using this permission.\) with AuthorizationPermissionMismatch: This request is not authorized to perform this operation using this permission.`)
matches := re.FindAllStringSubmatch(authorizationFailedErrMsg, -1)
if len(matches) == 0 {
return nil, errors.New("no matches found in 'AuthorizationPermissionMismatch' error message")
}
scopePermissionsMap := make(map[string][]string)
// Iterate through the matches and populate the map
for _, match := range matches {
if len(match) == 5 {
var action string
switch match[1] {
case "queue":
action = "Microsoft.Storage/storageAccounts/queueServices/read"
case "file":
action = "Microsoft.Storage/storageAccounts/fileServices/read"
case "blob":
action = "Microsoft.Storage/storageAccounts/blobServices/read"
}
scope := fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Storage/storageAccounts/%s", match[2], match[3], match[4])
if _, ok := scopePermissionsMap[scope]; !ok {
scopePermissionsMap[scope] = make([]string, 0)
}
scopePermissionsMap[scope] = append(scopePermissionsMap[scope], action)
}
}
// if map is empty, return error
if len(scopePermissionsMap) == 0 {
return nil, errors.New("No scope/permissions found in AuthorizationPermissionMismatch error message")
}
return scopePermissionsMap, nil
}