ghost
commented
2 years ago Hello @xgithubtriage! It looks like there is a schemas issue that needs your attention. Please investigate and confirm it is on your end. Thanks :smile:
Issue Details
Validating an ipRules after adding to an existing storage account, fails (I'm using Azure DevOps for CI/CD; also tried hard coding the IP directly instead of using a parameter):   Reporting as text for search engines: ``` ##[error]The template deployment ... is not valid according to the validation procedure. The tracking id is .... See inner errors for details. ##[error]Details: ##[error]PreflightValidationCheckFailed: Preflight validation failed. Please refer to the details for the specific errors. [{"code":"InvalidValuesForRequestParameters","target":"...","message":"Values for request parameters are invalid: networkAcls.ipRule[*].value. For more information, see - https://aka.ms/storagenetworkruleset"}] ##[error]Check out the troubleshooting guide to see if your issue is addressed: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting ##[error]Task failed while creating or updating the template deployment. ``` However, if I comment the ARM's validation task away and deploy my template, it deploys just fine. It also works if I add the IP rule manually to the Storage Account's Firewall in Azure Portal (the IP is a simple public IP, **not** in a CIDR format). To avoid questions, this is my Storage Account ARM code: ``` { "type": "Microsoft.Storage/storageAccounts", "name": "[variables('storageAccountName')]", "apiVersion": "2021-06-01", "location": "[parameters('location')]", "tags": { "LastDeployed": "[parameters('utcShort')]" }, "sku": { "name": "[parameters('storageAccountSku')]" }, "kind": "StorageV2", "properties": { "allowBlobPublicAccess": false, "allowSharedKeyAccess": true, "networkAcls": { "bypass": "AzureServices", "defaultAction": "Deny", "ipRules": [ { "value": "[parameters('InternalAdminTool')]", "action": "Allow" } ] }, "minimumTlsVersion": "TLS1_2", "supportsHttpsTrafficOnly": true, "encryption": { "services": { "blob": { "enabled": true } }, "keySource": "Microsoft.Storage" }, "accessTier": "Hot" }, "resources": [ { "type": "blobServices", "name": "default", "apiVersion": "2021-06-01", "dependsOn": [ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]" ], "properties": { "cors": { "corsRules": [ { "allowedHeaders": [ "*" ], "allowedMethods": [ "GET" ], "allowedOrigins": [ "[parameters('WorkURL')]" ], "exposedHeaders": [ "*" ], "maxAgeInSeconds": 10000 } ] }, "deleteRetentionPolicy": { "enabled": false } } } ] }, ```
| Author: | oviliz |
|---|---|
| Assignees: | - |
| Labels: | `RP:Storage` |
| Milestone: | - |
Validating an ipRules after adding to an existing storage account, fails (I'm using Azure DevOps for CI/CD; also tried hard coding the IP directly instead of using a parameter):
Reporting as text for search engines:
However, if I comment the ARM's validation task away and deploy my template, it deploys just fine. It also works if I add the IP rule manually to the Storage Account's Firewall in Azure Portal (the IP is a simple public IP, not in a CIDR format).
To avoid questions, this is my Storage Account ARM code: