Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AVM Module Issue]: Cannot create a storage account with public network access #1346

Closed
1 task done
sebassem opened this issue Mar 20, 2024 · 4 comments · Fixed by #1987
Closed
1 task done

[AVM Module Issue]: Cannot create a storage account with public network access #1346

sebassem opened this issue Mar 20, 2024 · 4 comments · Fixed by #1987
Assignees
@fblix
Labels
Class: Resource Module 📦 This is a resource module Needs: Attention 👋 Reply has been added to issue, maintainer to review Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working

Comments

@sebassem
Copy link
Contributor

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/storage/storage-account

(Optional) Module Name if not listed above

No response

(Optional) Module Version

0.8.0

Description

I'm trying the below code where I expect a storage account with public access but I always get it configured as "Enabled from selected virtual networks and IP addresses"

module storageAccount 'br/public:avm/res/storage/storage-account:0.8.0' = { name: 'storageAccount' params: { name: 'stgsbfinops9823' location:'eastus' publicNetworkAccess: 'Enabled' allowBlobPublicAccess: false } }

(Optional) Correlation Id

No response
@sebassem sebassem added Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue labels Mar 20, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Reply has been added to issue, maintainer to review Type: Bug 🐛 Something isn't working labels Mar 20, 2024
@github-actions GitHub Actions
Copy link
Contributor

@sebassem, thanks for submitting this issue for the avm/res/storage/storage-account module!

A member of the @azure/avm-res-storage-storageaccount-module-owners-bicep or @azure/avm-res-storage-storageaccount-module-contributors-bicep team will review it soon!

@github-actions github-actions bot added the Class: Resource Module 📦 This is a resource module label Mar 20, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

Note

This message was posted as per ITA01BCP.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Status: Response Overdue 🚩 When an issue/PR has not been responded to for X amount of days label Mar 26, 2024
@AlexanderSehr
Copy link
Contributor

AlexanderSehr commented Mar 26, 2024
edited

Hey @sebassem,
if I'm not mistaken this comes down to the 'secure' default for the firewall settings:

bicep-registry-modules/avm/res/storage/storage-account/main.bicep

Lines 72 to 75 in e91b62b

param networkAcls networkAclsType = {
bypass: 'AzureServices'
defaultAction: 'Deny'
}

To not have it setup the firewall you'd need to overwrite the default e.g. via

networkAcls: {
  defaultAction: 'Allow'
  bypass: 'AzureServices'
}

Then again, it is a bit cumbersome. It would be better if it is enough to just specify

networkAcls: {}

Hey @fblix, what would you think about making the 2 required parameters of the networkAclsType optional? Unless the RP really doesn't like an empty object this should disable the firewall.

@matebarabas
Copy link
Contributor

Please note that @fblix is OOF until April 2nd. I've pinged him internally and asked him to pick this up when he's back.

@matebarabas matebarabas removed Needs: Triage 🔍 Maintainers need to triage still Status: Response Overdue 🚩 When an issue/PR has not been responded to for X amount of days labels Mar 28, 2024
@fblix fblix mentioned this issue Apr 2, 2024
Closed
10 tasks
@ChrisSidebotham ChrisSidebotham mentioned this issue May 21, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fblix fblix

Labels
Class: Resource Module 📦 This is a resource module Needs: Attention 👋 Reply has been added to issue, maintainer to review Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working
Projects
AVM - Module Issues
Status: Done
Milestone
No milestone
4 participants
@AlexanderSehr @fblix @matebarabas @sebassem