From 6b7f74c600d97728b0a8e609964a8c5959917760 Mon Sep 17 00:00:00 2001
From: bennerv <10840174+bennerv@users.noreply.github.com>
Date: Tue, 16 May 2023 16:09:02 -0400
Subject: [PATCH] Update timeout on check permissions to 5 minutes

---
 pkg/api/validate/dynamic/dynamic.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/pkg/api/validate/dynamic/dynamic.go b/pkg/api/validate/dynamic/dynamic.go
index 39afa9264bf..3248302c0a5 100644
--- a/pkg/api/validate/dynamic/dynamic.go
+++ b/pkg/api/validate/dynamic/dynamic.go
@@ -367,18 +367,17 @@ func (dv *dynamic) validateNatGatewayPermissions(ctx context.Context, s Subnet)
 }
 
 func (dv *dynamic) validateActions(ctx context.Context, r *azure.Resource, actions []string) error {
+	// ARM has a 5 minute cache around role assignment creation, so wait one minute longer
+	timeoutCtx, cancel := context.WithTimeout(ctx, 6*time.Minute)
+	defer cancel()
+
 	c := closure{dv: dv, ctx: ctx, resource: r, actions: actions}
 	conditionalFunc := c.usingListPermissions
-	timeout := 20 * time.Second
 	if dv.pdpClient != nil {
 		conditionalFunc = c.usingCheckAccessV2
-		timeout = 65 * time.Second // checkAccess refreshes data every min. This allows ~3 retries.
 	}
 
-	timeoutCtx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-
-	return wait.PollImmediateUntil(timeout, conditionalFunc, timeoutCtx.Done())
+	return wait.PollImmediateUntil(30*time.Second, conditionalFunc, timeoutCtx.Done())
 }
 
 // closure is the closure used in PollImmediateUntil's ConditionalFunc