/// <summary> /// Specifies that access to the storage account should be allowed only from selected networks. /// </summary> /// <returns>StorageNetworkRulesHelper</returns> internal StorageNetworkRulesHelper WithAccessFromSelectedNetworks() { NetworkRuleSet networkRuleSet = this.GetNetworkRuleSetConfig(true); networkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny); return(this); }
/// <summary> /// The NetworkRuleSet#defaultAction is a required property. /// During create mode, this method sets the default action to DENY if it is already not set by the user /// and user specifies at least one network rule or choose at least one exception. /// /// When in update mode, this method set action to DENY only if there is no existing network rules and exception /// hence this is the first time user is adding a network rule or exception and action is not explicitly set by user. /// If there is any existing rules or exception, we honor currently configured action. /// </summary> internal void SetDefaultActionIfRequired() { if (isInCreateMode) { if (createParameters.NetworkRuleSet != null) { bool hasAtLeastOneRule = false; if (createParameters.NetworkRuleSet.VirtualNetworkRules != null && createParameters.NetworkRuleSet.VirtualNetworkRules.Count() > 0) { hasAtLeastOneRule = true; } else if (createParameters.NetworkRuleSet.IpRules != null && createParameters.NetworkRuleSet.IpRules.Count() > 0) { hasAtLeastOneRule = true; } bool anyException = createParameters.NetworkRuleSet.Bypass != null; if ((hasAtLeastOneRule || anyException) && createParameters.NetworkRuleSet.DefaultAction == null) { // If user specified at least one network rule or selected any exception // and didn't choose the default access action then "DENY" access from // unknown networks. // createParameters.NetworkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny); if (!anyException) { // If user didn't select any by-pass explicitly then disable "all bypass" // if this is not specified then by default service allows access from // "azure-services". // createParameters.NetworkRuleSet.Bypass = Bypass.None; } } } } else { var currentRuleSet = this.inner.NetworkRuleSet; bool hasNoExistingException = currentRuleSet != null && currentRuleSet.Bypass == null; bool hasExistingRules = false; if (currentRuleSet != null) { if (currentRuleSet.VirtualNetworkRules != null && currentRuleSet.VirtualNetworkRules.Count() > 0) { hasExistingRules = true; } else if (currentRuleSet.IpRules != null && currentRuleSet.IpRules.Count() > 0) { hasExistingRules = true; } } if (!hasExistingRules) { if (updateParameters.NetworkRuleSet != null) { bool anyRulesAddedFirstTime = false; if (updateParameters.NetworkRuleSet.VirtualNetworkRules != null && updateParameters.NetworkRuleSet.VirtualNetworkRules.Count() > 0) { anyRulesAddedFirstTime = true; } else if (updateParameters.NetworkRuleSet.IpRules != null && updateParameters.NetworkRuleSet.IpRules.Count() > 0) { anyRulesAddedFirstTime = true; } bool anyExceptionAddedFirstTime = !hasNoExistingException && updateParameters.NetworkRuleSet.Bypass != null; if ((anyRulesAddedFirstTime || anyExceptionAddedFirstTime) && updateParameters.NetworkRuleSet.DefaultAction == null) { // If there was no existing rules & exceptions and if user specified at least one // network rule or exception and didn't choose the default access action for // unknown networks then DENY access from unknown networks. // updateParameters.NetworkRuleSet.DefaultAction = DefaultActionEnumExtension.ToSerializedValue(DefaultAction.Deny); if (!anyExceptionAddedFirstTime) { // If user didn't select any by-pass explicitly then disable "all bypass" // if this is not specified then by default service allows access from // "azure-services". // createParameters.NetworkRuleSet.Bypass = Bypass.None; } } } } } }