Skip to content

Azure Web App - Not allowed to link existing Hybrid Connection if added in wrong order #30190

Description

@QuickScoP3s

Describe the bug

Not sure this is the correct place to log it, but please pass it along to the correct team!

Context

In an Azure App Service plan, based on your tier, you have a limit of how many Hybrid Connections you can add to a Web App.
In our case, we have a B2 Tier plan, so the limit is 5.
Which isn't a problem since we have exactly 5 hybrid connections.

Azure counts the limit like this:
You can define as many hybrid connections as you want on "Relay" (namespace) basis, as long as you don't actually link it to a Web App, it isn't counted.
Image

What was important for us to understand was: Let's say you have 10 Web Apps in an App Service Plan, and you have 5 Hybrid Connections defined. You can use all 5 hybrid connections over those 10 web apps, they're not counted separately.

Bug explanation

However knowing this, we ran into the following bug...

  1. Over our 10 of services, we had already used 3 of 5 hybrid connections.
  2. Now in one of these services, we needed 2 more, coming to our limit of 5.
  3. If you add these 2 new ones in the wrong order, we couldn't add all of the hybrid connections needed.

We were getting the following error:

Adding a Hybrid Connection failed because it would exceed the allowed amount of 5 connections

The start setup looks like this, where we have 3 connections already used over the other services:
Image

The final setup looks like this, where the red ones are included in those 3 that were already used and the green ones are 2 new ones that haven't been used:
Image

In the scenario where you add the green ones first, getting to the allowed limit, you can now no longer add any hybrid connections, even existing ones that wouldn't be counted against the limit:
Image

Related command

az webapp hybrid-connection add

Errors

azure.core.exceptions.ResourceExistsError: Operation returned an invalid status 'Conflict'
Content: {"Code":"Conflict","Message":"Adding a Hybrid Connection failed because it would exceed the allowed amount of 5 connections.","Target":null,"Details":[{"Message":"Adding a Hybrid Connection failed because it would exceed the allowed amount of 5 connections."},{"Code":"Conflict"},{"ErrorEntity":{"ExtendedCode":"04510","MessageTemplate":"Adding a Hybrid Connection failed because it would exceed the allowed amount of {0} connections.","Parameters":["5"],"Code":"Conflict","Message":"Adding a Hybrid Connection failed because it would exceed the allowed amount of 5 connections."}}],"Innererror":null}

Issue script & Debug output

Not really relevant, since this isn't strictly related to Azure CLI itself

Expected behavior

I should be able to add the hybrid connections in any order, as long as the final result doesn't conflict against the App Service Plan limit

Environment Summary

azure-cli 2.65.0

core 2.65.0
telemetry 1.1.0

Extensions:
arcdata 1.5.19

Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\wautw.azure\cliextensions'

Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

This bug is important, because this also matters for the order of deployments in pipelines via ARM templates

Metadata

Metadata

Assignees

Labels

Auto-AssignAuto assign by botService AttentionThis issue is responsible by Azure service team.Web Appsaz webappact-observability-squadapp-service-generalbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions