in pkg/domain/authorizationErrorParser.go [151:191]
func parseLinkedAuthorizationFailedErrors(authorizationFailedErrMsg string) (map[string][]string, error) {
// Regular expression to extract resource information
// re := regexp.MustCompile(`Authorization failed for template resource '([^']+)' of type '([^']+)'\. The client '([^']+)' with object id '([^']+)' does not have permission to perform action '([^']+)' at scope '([^']+)'\.`)
// Find regular expressions to pull action and scope from error message "does not have permission to perform action(s) 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '/subscriptions/SSSSSSSS-SSSS-SSSS-SSSS-SSSSSSSSSSSS/resourceGroups/az-mpf-tf-test-rg/providers/Microsoft.Network/virtualNetworks/vnet-32a70ccbb3247e2b/subnets/subnet-32a70ccbb3247e2b' (respectively) or the linked scope(s) are invalid".
re := regexp.MustCompile(`does not have permission to perform action\(s\) '([^']+)' on the linked scope\(s\) '([^']+)' \(respectively\) or the linked scope\(s\) are invalid`)
// Find all matches in the error message
matches := re.FindAllStringSubmatch(authorizationFailedErrMsg, -1)
// If No Matches found return error
if len(matches) == 0 {
return nil, errors.New("No matches found in 'Authorization failed' error message")
}
// Create a map to store scope/permissions
scopePermissionsMap := make(map[string][]string)
// Iterate through the matches and populate the map
for _, match := range matches {
if len(match) == 3 {
// resourceType := match[1]
action := match[1]
scope := match[2]
if _, ok := scopePermissionsMap[scope]; !ok {
scopePermissionsMap[scope] = make([]string, 0)
}
scopePermissionsMap[scope] = append(scopePermissionsMap[scope], action)
}
}
// if map is empty, return error
if len(scopePermissionsMap) == 0 {
return nil, errors.New("No scope/permissions found in Multi error message")
}
return scopePermissionsMap, nil
}