Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id
See original GitHub issueDescribe the bug
Command Name
az deployment group create
Errors:
InvalidTemplateDeployment - The template deployment 'api-deployment' is not valid according to the validation procedure. The tracking id is 'f1c7b947-7f69-4a85-910a-a182fc481255'. See inner errors for details.
PreflightValidationCheckFailed - Preflight validation failed. Please refer to the details for the specific errors.
InvalidValuesForRequestParameters - Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id. For more information, see - https://aka.ms/storagenetworkruleset
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
az deployment group create --name "api-deployment" --resource-group "api" --template-file "api.json" --parameters "api.parameters.json"
Expected Behavior
deploy template to resource group “api”
Environment Summary
Windows-10-10.0.18362-SP0
Python 3.6.6
Installer: MSI
azure-cli 2.9.1
Additional Context
I have three ARM templates: “network”, “database” and “api”. In the first step, I create a virtual network (VNET) with a subnet with the “network” template. Then I create a cosmosdb database with the “database” template with VNET integration and it works fine. In the third step I want to run the “api” template, but I get this error.
Here are some excerpts:
- network:
...
"outputs": {
...
"subnet1ResourceId": {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnet1Name'))]"
}
}
- database: (works fine)
...
"variables": {
"networkDeploymentResourceId": "[resourceId(parameters('networkGroupName'), 'Microsoft.Resources/deployments', parameters('networkDeploymentName'))]",
...
},
...
"resources":{
"type": "Microsoft.DocumentDB/databaseAccounts",
...
"properties": {
"isVirtualNetworkFilterEnabled": true,
"virtualNetworkRules": [
{
"id": "[reference(variables('networkDeploymentResourceId'), '2020-06-01').outputs.subnet1ResourceId.value]"
}
],
...
}
...
}
- api
...
"variables": {
"networkDeploymentResourceId": "[resourceId(parameters('networkGroupName'), 'Microsoft.Resources/deployments', parameters('networkDeploymentName'))]",
...
},
...
"resources":{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
...
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"virtualNetworkRules": [
{
"id": "[reference(variables('networkDeploymentResourceId'), '2020-06-01').outputs.subnet1ResourceId.value]",
"action": "Allow"
}
]
},
"supportsHttpsTrafficOnly": true
}
...
}
And here’s the strange thing: If I use the reference statement somewhere else, it works.
"[reference(variables('networkDeploymentResourceId'), '2020-06-01').outputs.subnet1ResourceId.value]"
And if I pass the resourceId directly, it also works:
"virtualNetworkRules": [
{
"id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/virtualNetworks/.../subnets/...",
"action": "Allow"
}
]
Edit: I think it’s a problem with the CLI because it worked well with an older version of the CLI. But I don’t remember which version.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:12 (4 by maintainers)
Top GitHub Comments
Just started running into the same error using
[concat(parameters('vnetId'), parameters('subnetId'))]
for the storage accountnetworkAcls.virtualNetworkRules.id
.Seems like the field does not accept any functions and needs a hardcoded value. Is there an update on this?
I too was hitting “invalid: networkAcls.virtualNetworkRules” error when run from the bash terminal in VScode. What fixed it for me was [https://stackoverflow.com/questions/7250130/how-to-stop-mingw-and-msys-from-mangling-path-names-given-at-the-command-line#34386471] i.e. ensure MSYS_NO_PATHCONV=1 is one of the environment variables.
The link was provided by Microsoft support when I raised the issue. Other tips to pass on;