Skip to content

Command "Update-AzKeyVaultNetworkRuleSet" should accept up to 1000 IP Addresses for the "-IpAddressRange" parameter #22137

New issue
New issue
Closed
#22192
Closed
Command "Update-AzKeyVaultNetworkRuleSet" should accept up to 1000 IP Addresses for the "-IpAddressRange" parameter#22137
#22192
Assignees
BethanyZhou
Labels
Azure PS TeamKeyVaultTrackingWe will track status and follow internallybugThis issue requires a change to an existing behavior in the product in order to be resolved.
@FabianGonzalez-MSFT

Description

@FabianGonzalez-MSFT
FabianGonzalez-MSFT
opened on Jun 22, 2023

Description

According to AKV's service limits for Firewall, the # of IPv4 rules supported is 1K: https://learn.microsoft.com/en-us/azure/key-vault/general/network-security

However, when you run the "Update-AzKeyVaultNetworkRuleSet" cmdlet with more than 127 IPs for the "-IpAddressRange" parameter, you get an error like this:

Update-AzKeyVaultNetworkRuleSet : Cannot validate argument on parameter 'IpAddressRange'. The number of provided arguments, (135), exceeds the maximum number of allowed arguments (127). Provide fewer than 127 arguments, and then try the command again.

127 used to be the old/previous limit on allowed # of IPv4 rules, however, that was changed at the service level to support 1000, but it looks like PSH still makes a check for the old limit.

Issue script & Debug output

Update-AzKeyVaultNetworkRuleSet -ResourceGroupName $resourceGroupName -Name $keyVaultName -IpAddressRange $ipRanges

Environment data

Name                           Value
----                           -----
PSVersion                      5.1.22000.2003
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22000.2003
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     4.7.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateConta...

Error output

Message        : Cannot validate argument on parameter 'IpAddressRange'. The number of provided arguments, (135),
                 exceeds the maximum number of allowed arguments (127). Provide fewer than 127 arguments, and then try
                 the command again.
StackTrace     :    at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal
                 parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags)
                    at
                 System.Management.Automation.CmdletParameterBinderController.BindParameter(CommandParameterInternal
                 argument, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags)
                    at System.Management.Automation.CmdletParameterBinderController.BindParameter(UInt32
                 parameterSets, CommandParameterInternal argument, MergedCompiledCommandParameter parameter,
                 ParameterBindingFlags flags)
                    at System.Management.Automation.CmdletParameterBinderController.BindParameters(UInt32
                 parameterSets, Collection`1 arguments)
                    at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParametersNoValidati
                 on(Collection`1 arguments)
                    at
                 System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection`1
                 arguments)
                    at System.Management.Automation.CommandProcessor.BindCommandLineParameters()
                    at System.Management.Automation.CommandProcessor.Prepare(IDictionary psDefaultParameterValues)
                    at System.Management.Automation.CommandProcessorBase.DoPrepare(IDictionary
                 psDefaultParameterValues)
                    at System.Management.Automation.Internal.PipelineProcessor.Start(Boolean incomingStream)
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object
                 input)
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object
                 input)
                    at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput,
                 CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][]
                 commandRedirections, FunctionContext funcContext)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame
                 frame)
Exception      : System.Management.Automation.ParameterBindingValidationException
InvocationInfo : {Update-AzKeyVaultNetworkRuleSet}
Line           : Update-AzKeyVaultNetworkRuleSet -ResourceGroupName FabianGRG -Name adetestkv2 -IpAddressRange
                 $ipRanges -Verbose
Position       : At line:1 char:95
                 + ... roupName FabianGRG -Name adetestkv2 -IpAddressRange $ipRanges -Verbos ...
                 +                                                         ~~~~~~~~~

Metadata

Metadata

Assignees

Labels

Azure PS TeamKeyVaultTrackingWe will track status and follow internallybugThis issue requires a change to an existing behavior in the product in order to be resolved.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions