Open baoduy opened 3 years ago
Hi @baoduy Would it be possible to share a code snippet to reproduce this problem?
Here is code that has the error
const stg = new storage.StorageAccount(name, {
accountName: name,
...group,
kind: storage.Kind.StorageV2,
sku: {
name:
!enableStaticWebsite && isPrd
? storage.SkuName.Standard_ZRS
: storage.SkuName.Standard_LRS,
},
accessTier: "Hot",
isHnsEnabled: true,
enableHttpsTrafficOnly: true,
allowBlobPublicAccess: false,
allowSharedKeyAccess: allowSharedKeyAccess,
identity: { type: "SystemAssigned" },
minimumTlsVersion: "TLS1_2",
//1 Year Months
keyPolicy: { keyExpirationPeriodInDays: 365 },
customDomain:
customDomain && !enableStaticWebsite
? { name: customDomain, useSubDomainName: true }
: undefined,
networkRuleSet: {
bypass: "Logging, Metrics",
defaultAction: "Allow",
virtualNetworkRules: subnetId
? [{ virtualNetworkResourceId:subnetId }]
: undefined,
ipRules: ipAddresses
? ipAddresses.map((i) => ({
iPAddressOrRange: i,
action: "Allow",
}))
: undefined,
}
tags: defaultTags,
});
And here is code that working fine
const stg = new storage.StorageAccount(name, {
accountName: name,
...group,
kind: storage.Kind.StorageV2,
sku: {
name:
!enableStaticWebsite && isPrd
? storage.SkuName.Standard_ZRS
: storage.SkuName.Standard_LRS,
},
accessTier: "Hot",
isHnsEnabled: true,
enableHttpsTrafficOnly: true,
allowBlobPublicAccess: false,
allowSharedKeyAccess:allowSharedKeyAccess,
identity: { type: "SystemAssigned" },
minimumTlsVersion: "TLS1_2",
//1 Year Months
keyPolicy: { keyExpirationPeriodInDays: 365 },
customDomain:
customDomain && !enableStaticWebsite
? { name: customDomain, useSubDomainName: true }
: undefined,
networkRuleSet: { defaultAction: "Allow" },
tags: defaultTags,
});
I logged the debug messages and got the following actual error (while getting the same message as you do):
Validation of network acls failure: SubnetsHaveNoServiceEndpointsConfigured:Subnets default of virtual network /subscriptions/sub/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/server-networkf do not have ServiceEndpoints for Microsoft.Storage resources configured. Add Microsoft.Storage to subnet's ServiceEndpoints collection before trying to ACL Microsoft.Storage resources to these subnets.."
I'll take a look why we hinder the error message.
Hi, I got the below error when creating the storage with networkRuleSet property. Seems it try to read something from storage since the storage is not really created.
The storage had been created successfully after removing this property.
However, it was fine when set the property back on the second run after the storage is created.