Giter Site home page Giter Site logo

bicep error "Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id" for resource `Microsoft.Storage/storageAccounts` about bicep-types-az HOT 5 OPEN

wilson0x4d avatar wilson0x4d commented on July 29, 2024 2
bicep error "Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id" for resource `Microsoft.Storage/storageAccounts`

from bicep-types-az.

Comments (5)

maskati avatar maskati commented on July 29, 2024 2

There is something strange with the way the Storage RP is handling virtualNetworkRules. Assume we have in Bicep resource vnet 'Microsoft.Network/virtualNetworks@2022-01-01' existing, then the following succeeds:

Bicep:
virtualNetworkRules: map([vnet.properties.subnets[0].id], subnetId => {id: subnetId})
Corresponding ARM:
"virtualNetworkRules": "[map(createArray(reference(resourceId('Microsoft.Network/virtualNetworks', 'vnet'), '2022-01-01').subnets[0].id), lambda('subnetId', createObject('id', lambdaVariables('subnetId'))))]"

And the following fails with Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id:

Bicep:
virtualNetworkRules: [{id: vnet.properties.subnets[0].id}]
Corresponding ARM:
"virtualNetworkRules": [{"id":"[reference(resourceId('Microsoft.Network/virtualNetworks', 'vnet'), '2022-01-01').subnets[0].id]"}]

These expressions resolve to the same array containing a single (first) subnet of vnet. The difference is only that the succeeding version is wrapped in a map function with createObject. It seems the Storage RP validation is broken.

from bicep-types-az.

Ruud2000 avatar Ruud2000 commented on July 29, 2024 1

Just wasted half a day on this to issue before finding this GitHub issue. Any estimate on when this issue will be resolved?

@maskati thanks for sharing the workaround using the map function! I just needed to ensure I retrieved the existing vnet resource within the same bicep module. I couldn't get it to work when I used the map function with output from another bicep module.

from bicep-types-az.

alex-frankel avatar alex-frankel commented on July 29, 2024

It does look like something is wrong on the Storage Accounts Resource Provider side - especially with the InternalServerError. Are you able to open a support ticket for this so this can be routed to the storage team?

from bicep-types-az.

avatar commented on July 29, 2024

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage. Please see https://aka.ms/biceptypesinfo for troubleshooting help.

Issue Details

Bicep version
Bicep CLI version 0.16.2 (de7fdd2b33)

Describe the bug
When creating resource Microsoft.Storage/storageAccounts the parameter id is rejecting a valid virtual network subnet identifier, same parameter and approach works for keyvault resources but fails for storageaccount resources.

To Reproduce
create a vnet with a single subnet in its own resource group, reference the existing subnet from another bicep template as follows, the names used here are not relevant to the issue and can be substituted:

resource myVnetExample 'Microsoft.Network/virtualNetworks@2022-07-01' existing = {
  scope: resourceGroup('rg-example')
  name: 'vnet-example'
}

resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  // other parameters omitted for brevity, considered irrelevant
  name: 'saexample'
  kind: 'StorageV2'
  properties: {
    networkAcls: {
      bypass: 'AzureServices'
      defaultAction: 'Deny'
      virtualNetworkRules: [
        {
          action: 'Allow'
          id: myVnetExample.properties.subnets[0].id
        }
      ]
    }
  }
}

upon attempting deployment, observe error:

Inner Errors: {"code": "InvalidValuesForRequestParameters", "target": "saexample", "message": "Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id. For more information, see - https://aka.ms/storagenetworkruleset"}

Additional context

  1. this experience is counter to the documentation and observed bicep functionality of other resources, for example the same approach works for keyvault resources.

  2. leveraging resourceId(...) results in the same error.

  3. passing in a 'hardcoded' id using a parameter causes an InternalServerError status for the deployment when viewed in Portal, parameter was in the format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{snetName}'

The error logged for the deployment in this scenario was:

{
    "status": "Failed",
    "error": {
        "code": "ResourceDeploymentFailure",
        "target": "/subscriptions/123/resourceGroups/rg-example/providers/Microsoft.Storage/storageAccounts/saexample",
        "message": "The response for resource had empty or invalid content."
    }
}

it would seem Microsoft.Storage/storageAccounts creation improperly implements this parameter?

Please advise.

Author: wilson0x4d
Assignees: -
Labels:

Needs: Triage :mag:, Service Attention, Storage
Milestone: -

from bicep-types-az.

lsuarez5280 avatar lsuarez5280 commented on July 29, 2024

Just to add more context if someone reads this while patching the service provider, it's the action: 'Allow' in the ACL definition that causes a 500 error on deployment of a new resource. Removing it allows for an initial deploy, but if the deploy is rerun, this is when preflight validation fails with the message:

{
  "code": "InvalidValuesForRequestParameters",
  "target": "mystorage",
  "message": "Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id. For more information, see - https://aka.ms/storagenetworkruleset"
}

from bicep-types-az.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.