Storgae Account invalid Module

[gsuttie]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/storage/storage-account

(Optional) Module Version

latest

Description

This setting appears as invalid out of the box

@description('Required. Networks ACLs, this value contains IPs to whitelist and/or Subnet information. If in use, bypass needs to be supplied. For security reasons, it is recommended to set the DefaultAction Deny.')
param networkAcls networkAclsType = {
bypass: 'AzureServices'
defaultAction: 'Deny'
}

(Optional) Correlation Id

No response

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

Note

This label was added as per ITA06.

[microsoft-github-policy-service]

Note

The "Type: Bug 🐛" label was added as per ITA21.

[AlexanderSehr]

Hey @gsuttie,
thanks for opening the issue and you're correct. There is already a Pull Request on the way (#1508) that I just linked to this issue.

[gsuttie]

What do I need to do to be able to grab this fix in the mean time?

[AlexanderSehr]

Hey @gsuttie,
that's not an easy question to answer. Uou could temporarily overwrite the default of the parameter which you said is invalid by default. Question is if you want to enable the Firewall, or disable it. If I'm not mistaken, if you set the default action to allow the Firewall is actually disabled.
Alternativly, you can always grab a local copy of the module and e.g. implement the fix as suggested here. But that's naturally not exactly a nice experience.

[gsuttie]

Will give that a go thank you

[AlexanderSehr]

Let me know how it's going. As per my linked suggestion this should work. I tested the behavior before commenting on the PR. Fingers crossed - and sorry for the inconvenience :-/

[Agazoth]

Running the main pipeline without any changes (from the Azure source) produces this error:

Removing the custom test takes it away - obviously. It seems like PSRule has some sort of issue with the array of possilbe resources, judging by the System.String[] info - or it mighjt just not be a joined array in the log. I tried doing the complete string for Sku.name (Standard_ZRS and Standard_GRS) because there might be an issue finding an element in an array, if only part of the element was used, but that also complains.

The custom rule seems to be specific for the storage account module - after all there should not be other modules testing storage account specific rules.

[AlexanderSehr]

Running the main pipeline without any changes (from the Azure source) produces this error:

Removing the custom test takes it away - obviously. It seems like PSRule has some sort of issue with the array of possilbe resources, judging by the System.String[] info - or it mighjt just not be a joined array in the log. I tried doing the complete string for Sku.name (Standard_ZRS and Standard_GRS) because there might be an issue finding an element in an array, if only part of the element was used, but that also complains.

The custom rule seems to be specific for the storage account module - after all there should not be other modules testing storage account specific rules.

Ideally @fblix should resolve the issue in the linked PR #1508 . Reached out to him on the side and he should implement the fix shortly

[Agazoth]

Updating the sku name in the custom rule fixed the issue:

[ChrisSidebotham]

Closing this issue as completed in #1987 (Missing from Closes List)