Update org policy violation check

dannawang0221 · dannawang0221 · commit 0fb50d20d2e3 · 2025-07-15T22:24:39.000Z
diff --git a/pkg/gce-cloud-provider/compute/gce.go b/pkg/gce-cloud-provider/compute/gce.go
@@ -79,8 +79,9 @@ const (
 )
 
 var (
-	ssAlreadyExistsRegex = regexp.MustCompile("The resource [^']+ already exists")
-	gcpViolationRegex    = regexp.MustCompile("violates constraint constraints/gcp.")
+	ssAlreadyExistsRegex          = regexp.MustCompile("The resource [^']+ already exists")
+	gcpErrorCodeRegex             = regexp.MustCompile(`Error (\d+)`)
+	orgPolicyConstraintErrorCodes = []string{"400", "412"}
 )
 
 // ResourceType indicates the type of a compute resource.
@@ -455,5 +456,13 @@ func IsSnapshotAlreadyExistsError(err error) bool {
 
 // IsGCPOrgViolationError checks if the error is a GCP organization policy violation error.
 func IsGCPOrgViolationError(err error) bool {
-	return gcpViolationRegex.MatchString(err.Error())
+	matches := gcpErrorCodeRegex.FindStringSubmatch(err.Error())
+	if len(matches) > 1 {
+		errorCode := matches[1]
+		if slices.Contains(orgPolicyConstraintErrorCodes, errorCode) {
+			return true
+		}
+	}
+
+	return false
 }
diff --git a/pkg/gce-cloud-provider/compute/gce_test.go b/pkg/gce-cloud-provider/compute/gce_test.go
@@ -108,10 +108,20 @@ func TestErrorIsGCPViolationRegex(t *testing.T) {
 		expectedResult bool
 	}{
 		{
-			name:           "is gcp org violation error",
-			inputErr:       errors.New("Your api request violates constraint constraints/gcp.resourceLocations"),
+			name:           "is gcp org violation error, error code 400",
+			inputErr:       errors.New("Failed to scale up: googleapi: Error 400: 'us-central1' violates constraint '`constraints/gcp.resourceLocations`' on the resource 'projects/test-project/locations/us-central1/clusters/test-cluster/nodePools/test-node-pool'"),
 			expectedResult: true,
 		},
+		{
+			name:           "is gcp org violation error, error code 412",
+			inputErr:       errors.New("createSnapshot for content [snapcontent-xyz]: error occurred in createSnapshotWrapper: failed to take snapshot of the volume projects/test-project/regions/europe-west3/disks/pvc-test: \"rpc error: code = Internal desc = Failed to create snapshot: googleapi: Error 412: Location EU violates constraint constraints/gcp.resourceLocations on the resource projects/test-project/global/snapshots/snapshot-xyz., conditionNotMet\""),
+			expectedResult: true,
+		},
+		{
+			name:           "is not gcp org violation, error doesn't match",
+			inputErr:       errors.New("createSnapshot for content [snapcontent-xyz]: error occurred in createSnapshotWrapper: failed to take snapshot of the volume projects/test-project/regions/europe-west3/disks/pvc-test: \"rpc error: code = Internal desc = Failed to create snapshot: googleapi: Error 500: Location EU violates constraint constraints/gcp.resourceLocations on the resource projects/test-project/global/snapshots/snapshot-xyz., conditionNotMet\""),
+			expectedResult: false,
+		},
 		{
 			name:           "is not gcp org violation error",
 			inputErr:       errors.New("Some incorrect error message"),
@@ -135,12 +145,12 @@ func TestErrorIsSnapshotExistsError(t *testing.T) {
 		expectedResult bool
 	}{
 		{
-			name:           "is ss error",
-			inputErr:       errors.New("The resource projects/dcme-pre-opt-mdp-rmp-00/global/snapshots/snapshot-3c208602-d815-40ae-a61e-3259e3bd29ca already exists, alreadyExists"),
+			name:           "is snapshot already exists error",
+			inputErr:       errors.New("The resource projects/test-project/global/snapshots/snapshot-xyz already exists, alreadyExists"),
 			expectedResult: true,
 		},
 		{
-			name:           "is not ss already exists error",
+			name:           "is not snapshot already exists error",
 			inputErr:       errors.New("Some incorrect error message"),
 			expectedResult: false,
 		},
