Error when create Storage with network property

[baoduy]

Hi, I got the below error when creating the storage with networkRuleSet property. Seems it try to read something from storage since the storage is not really created.

The storage had been created successfully after removing this property.

However, it was fine when set the property back on the second run after the storage is created.

azure-native:storage:StorageAccount (storagename):
    error: resource partially created but read failed autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account sandboxappsstg was not found.": autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account sandboxappsstg was not found."

[mikhailshilkov]

Hi @baoduy Would it be possible to share a code snippet to reproduce this problem?

[baoduy]

Here is code that has the error

const stg = new storage.StorageAccount(name, {
    accountName: name,
    ...group,

    kind: storage.Kind.StorageV2,
    sku: {
      name:
        !enableStaticWebsite && isPrd
          ? storage.SkuName.Standard_ZRS
          : storage.SkuName.Standard_LRS,
    },
    accessTier: "Hot",

    isHnsEnabled: true,
    enableHttpsTrafficOnly: true,
    allowBlobPublicAccess: false,
    allowSharedKeyAccess: allowSharedKeyAccess,

    identity: { type: "SystemAssigned" },
    minimumTlsVersion: "TLS1_2",

    //1 Year Months
    keyPolicy: { keyExpirationPeriodInDays: 365 },

    customDomain:
      customDomain && !enableStaticWebsite
        ? { name: customDomain, useSubDomainName: true }
        : undefined,



    networkRuleSet: {
          bypass: "Logging, Metrics",
          defaultAction: "Allow",

          virtualNetworkRules: subnetId
            ? [{ virtualNetworkResourceId:subnetId }]
            : undefined,

          ipRules: ipAddresses
            ? ipAddresses.map((i) => ({
                iPAddressOrRange: i,
                action: "Allow",
              }))
            : undefined,
        }

    tags: defaultTags,
  });

And here is code that working fine

const stg = new storage.StorageAccount(name, {
    accountName: name,
    ...group,

    kind: storage.Kind.StorageV2,
    sku: {
      name:
        !enableStaticWebsite && isPrd
          ? storage.SkuName.Standard_ZRS
          : storage.SkuName.Standard_LRS,
    },
    accessTier: "Hot",

    isHnsEnabled: true,
    enableHttpsTrafficOnly: true,
    allowBlobPublicAccess: false,
    allowSharedKeyAccess:allowSharedKeyAccess,

    identity: { type: "SystemAssigned" },
    minimumTlsVersion: "TLS1_2",

    //1 Year Months
    keyPolicy: { keyExpirationPeriodInDays: 365 },

    customDomain:
      customDomain && !enableStaticWebsite
        ? { name: customDomain, useSubDomainName: true }
        : undefined,



    networkRuleSet: { defaultAction: "Allow" },

    tags: defaultTags,
  });

[mikhailshilkov]

I logged the debug messages and got the following actual error (while getting the same message as you do):

Validation of network acls failure: SubnetsHaveNoServiceEndpointsConfigured:Subnets default of virtual network /subscriptions/sub/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/server-networkf do not have ServiceEndpoints for Microsoft.Storage resources configured. Add Microsoft.Storage to subnet's ServiceEndpoints collection before trying to ACL Microsoft.Storage resources to these subnets.."

I'll take a look why we hinder the error message.