search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

`az storage account network-rule add` clobbers ipRules with concurrent operations #29800

Open saarivirtajCGI opened 2 weeks ago

saarivirtajCGI commented 2 weeks ago

Describe the bug

It seems that running two or more commands of az storage account network-rule add -n mystorage --ip-address x.x.x.x concurrently will overwrite each other's changes - i.e. it's not actually safely adding to whatever is there. It should probably be using ETags, or at least providing the possibility to use them by providing some sort of --if-match argument.

My Storage Account access logs show that there were two changes 2 seconds apart, the first one added an IP address and the second one immediately overwrote the lastly added IP address with another one.

My use case is running Azure DevOps pipelines, where multiple runs are triggered at the same time and they each run on different agents, needing access to the same Storage Account.

Related command

az storage account network-rule add -n mystorage --ip-address x.x.x.x

Errors

image image

Issue script & Debug output

-

Expected behavior

Adding IP addresses to Storage Account IP Rules should always add, never replace existing ones.

Environment Summary

azure-cli 2.63.0

core 2.63.0 telemetry 1.1.0

Dependencies: msal 1.30.0 azure-mgmt-resource 23.1.1

Python location '/opt/az/bin/python3' Extensions directory '/home//.azure/cliextensions'

Python (Linux) 3.11.8 (main, Jul 31 2024, 03:39:39) [GCC 11.4.0]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

-

yonzhan commented 2 weeks ago

Thank you for opening this issue, we will look into it.