Apps plugin output is incorrect when a user does not have permission to create workloads / Cartographer is not installed

[atmandhol]

Please fill out the issue checklist below and provide ALL the requested information.

• I reviewed open and closed Github issues that may be related to my problem.
• I am reporting a bug that others will be able to reproduce.

Describe the bug

While testing Apps plugin behavior with users having different RBAC permissions, I found out that when a user who does not have permission to create a workload tries to run tanzu apps workload create command, apps plugin responds with an incorrect message.

Running $ tanzu apps workload create petc --local-path . on a Kind cluster with no Cartographer/TAP/AppToolkit installed.

API Error name:tanzu apps  error:no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: workload "default/petc" already exists
Error: exit status 1

✖  exit status 1

Expected behavior

Error: You don't have Cartographer/TAP/AppToolkit installed on your cluster. Please proceed to install it before using this plugin.
Error: exit status 1

✖  exit status 1

Running $ tanzu apps workload create petc-adhol --local-path . on a TAP installed cluster with Pinniped installed where user does not have the permission to create workloads.

API Error name:tanzu apps  error:workloads.carto.run "petc-adhol" is forbidden: User "rlee+app-viewer@pivotal.io" cannot get resource "workloads" in API group "carto.run" in the namespace "default": decision made by impersonation-proxy.concierge.pinniped.dev
Error: workload "default/petc-adhol" already exists
Error: exit status 1

✖  exit status 1

Expected behavior

Error: workloads.carto.run "petc-adhol" is forbidden: User "rlee+app-viewer@pivotal.io" cannot get resource "workloads" in API group "carto.run" in the namespace "default": decision made by impersonation-proxy.concierge.pinniped.dev
Error: exit status 1

✖  exit status 1

Version (Apps plugin version, Version of K8s running on cluster)

Apps Plugin version 0.5.1

[atmandhol]

@danfein can use your design input on the error messaging.

[warango4]

@atmandhol what is the output when you try...?

$ tanzu apps workload apply petc --local-path .

[atmandhol]

tanzu apps workload apply and tanzu apps workload update both return the following output

API Error name:tanzu apps  error:no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: exit status 1

✖  exit status 1

[danfein]

Paired with Atman yesterday for a bit and we are unsure if we can differentiate between cartographer not present and cartographer not responding because of permissions limitations. If we can, we would like to use different messages for each case.

As a first step we should remove the catch-all condition that incorrectly reports workload <name> already exists which is showing up under both no-permission and no-cartographer-present states.