From 9dfa46aa07ee3a13cfcf0fc816041cfde60057f8 Mon Sep 17 00:00:00 2001
From: Wes Haggard <weshaggard@users.noreply.github.com>
Date: Fri, 23 Feb 2024 13:07:22 -0800
Subject: [PATCH] Handle DevOps PAT creation error (#7702)

---
 .../ServiceAccountPersonalAccessTokenStore.cs                 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/secret-management/Azure.Sdk.Tools.SecretRotation.Stores.AzureDevOps/ServiceAccountPersonalAccessTokenStore.cs b/tools/secret-management/Azure.Sdk.Tools.SecretRotation.Stores.AzureDevOps/ServiceAccountPersonalAccessTokenStore.cs
index 80005e34497..ca5f0f49023 100644
--- a/tools/secret-management/Azure.Sdk.Tools.SecretRotation.Stores.AzureDevOps/ServiceAccountPersonalAccessTokenStore.cs
+++ b/tools/secret-management/Azure.Sdk.Tools.SecretRotation.Stores.AzureDevOps/ServiceAccountPersonalAccessTokenStore.cs
@@ -131,6 +131,10 @@ public override async Task<SecretValue> OriginateValueAsync(SecretState currentS
 
         PatTokenResult result = await client.CreatePatAsync(new PatTokenCreateRequest { AllOrgs = false, DisplayName = this.patDisplayName, Scope = this.scopes, ValidTo = expirationDate.UtcDateTime });
 
+        if (result.PatTokenError != SessionTokenError.None) {
+            throw new RotationException($"Unable to create PAT: {result.PatTokenError}");
+        }
+
         string authorizationId = result.PatToken.AuthorizationId.ToString();
 
         this.logger.LogInformation("Azure DevOps responded with authorization id '{AuthorizationId}'", authorizationId);