From 3d29396889b699562b08b4b1c774bdf2f76e21bb Mon Sep 17 00:00:00 2001
From: Patrick Dillon <padillon@redhat.com>
Date: Mon, 5 Jan 2026 12:43:31 -0500
Subject: [PATCH] OCPBUGS-69735: handle SSH rule deletion for Azure private

In private clusters, no inbound nat rule is created for SSH; this
commit handles that scenario gracefully.
---
 pkg/infrastructure/azure/azure.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/infrastructure/azure/azure.go b/pkg/infrastructure/azure/azure.go
index 47bb7b82ac..12afe71bf9 100644
--- a/pkg/infrastructure/azure/azure.go
+++ b/pkg/infrastructure/azure/azure.go
@@ -641,7 +641,15 @@ func (p *Provider) PostDestroy(ctx context.Context, in clusterapi.PostDestroyerI
 		if err != nil {
 			return fmt.Errorf("failed to delete security rule: %w", err)
 		}
-
+	}
+	_, err = networkClientFactory.NewInboundNatRulesClient().Get(
+		ctx,
+		resourceGroupName,
+		in.Metadata.InfraID,
+		sshRuleName,
+		nil,
+	)
+	if err == nil {
 		err = deleteInboundNatRule(ctx, &inboundNatRuleInput{
 			resourceGroupName:    resourceGroupName,
 			loadBalancerName:     in.Metadata.InfraID,
@@ -652,7 +660,6 @@ func (p *Provider) PostDestroy(ctx context.Context, in clusterapi.PostDestroyerI
 			return fmt.Errorf("failed to delete inbound nat rule: %w", err)
 		}
 	}
-
 	return nil
 }