/// <summary>
        /// Specifies that access to the storage account should be allowed only from selected networks.
        /// </summary>
        /// <returns>StorageNetworkRulesHelper</returns>
        internal StorageNetworkRulesHelper WithAccessFromSelectedNetworks()
        {
            NetworkRuleSet networkRuleSet = this.GetNetworkRuleSetConfig(true);

            networkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny);
            return(this);
        }
        /// <summary>
        /// The NetworkRuleSet#defaultAction is a required property.
        /// During create mode, this method sets the default action to DENY if it is already not set by the user
        /// and user specifies at least one network rule or choose at least one exception.
        ///
        /// When in update mode, this method set action to DENY only if there is no existing network rules and exception
        /// hence this is the first time user is adding a network rule or exception and action is not explicitly set by user.
        /// If there is any existing rules or exception, we honor currently configured action.
        /// </summary>
        internal void SetDefaultActionIfRequired()
        {
            if (isInCreateMode)
            {
                if (createParameters.NetworkRuleSet != null)
                {
                    bool hasAtLeastOneRule = false;

                    if (createParameters.NetworkRuleSet.VirtualNetworkRules != null && createParameters.NetworkRuleSet.VirtualNetworkRules.Count() > 0)
                    {
                        hasAtLeastOneRule = true;
                    }
                    else if (createParameters.NetworkRuleSet.IpRules != null && createParameters.NetworkRuleSet.IpRules.Count() > 0)
                    {
                        hasAtLeastOneRule = true;
                    }

                    bool anyException = createParameters.NetworkRuleSet.Bypass != null;
                    if ((hasAtLeastOneRule || anyException) && createParameters.NetworkRuleSet.DefaultAction == null)
                    {
                        // If user specified at least one network rule or selected any exception
                        // and didn't choose the default access action then "DENY" access from
                        // unknown networks.
                        //
                        createParameters.NetworkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny);
                        if (!anyException)
                        {
                            // If user didn't select any by-pass explicitly then disable "all bypass"
                            // if this is not specified then by default service allows access from
                            // "azure-services".
                            //
                            createParameters.NetworkRuleSet.Bypass = Bypass.None;
                        }
                    }
                }
            }
            else
            {
                var currentRuleSet = this.inner.NetworkRuleSet;

                bool hasNoExistingException = currentRuleSet != null && currentRuleSet.Bypass == null;
                bool hasExistingRules       = false;

                if (currentRuleSet != null)
                {
                    if (currentRuleSet.VirtualNetworkRules != null && currentRuleSet.VirtualNetworkRules.Count() > 0)
                    {
                        hasExistingRules = true;
                    }
                    else if (currentRuleSet.IpRules != null && currentRuleSet.IpRules.Count() > 0)
                    {
                        hasExistingRules = true;
                    }
                }
                if (!hasExistingRules)
                {
                    if (updateParameters.NetworkRuleSet != null)
                    {
                        bool anyRulesAddedFirstTime = false;

                        if (updateParameters.NetworkRuleSet.VirtualNetworkRules != null && updateParameters.NetworkRuleSet.VirtualNetworkRules.Count() > 0)
                        {
                            anyRulesAddedFirstTime = true;
                        }
                        else if (updateParameters.NetworkRuleSet.IpRules != null && updateParameters.NetworkRuleSet.IpRules.Count() > 0)
                        {
                            anyRulesAddedFirstTime = true;
                        }
                        bool anyExceptionAddedFirstTime = !hasNoExistingException && updateParameters.NetworkRuleSet.Bypass != null;
                        if ((anyRulesAddedFirstTime || anyExceptionAddedFirstTime) && updateParameters.NetworkRuleSet.DefaultAction == null)
                        {
                            // If there was no existing rules & exceptions and if user specified at least one
                            // network rule or exception and didn't choose the default access action for
                            // unknown networks then DENY access from unknown networks.
                            //
                            updateParameters.NetworkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny);
                            if (!anyExceptionAddedFirstTime)
                            {
                                // If user didn't select any by-pass explicitly then disable "all bypass"
                                // if this is not specified then by default service allows access from
                                // "azure-services".
                                //
                                createParameters.NetworkRuleSet.Bypass = Bypass.None;
                            }
                        }
                    }
                }
            }
        }