public async Task RemoveStorageAccountFromVNet(string resourceGroupForStorageAccount, string storageAccountName, string resourceGroupForVnet, string vNetName, CancellationToken cancellation)
{
try
{
var storageAccount = await GetResourceAsync(resourceGroupForStorageAccount, storageAccountName, cancellationToken : cancellation);
var network = await _azure.Networks.GetByResourceGroupAsync(resourceGroupForVnet, vNetName, cancellation);
if (network == null)
{
throw NotFoundException.CreateForAzureResource(vNetName, resourceGroupForVnet);
}
var sandboxSubnet = AzureVNetUtil.GetSandboxSubnetOrThrow(network);
var networkRuleSet = GetNetworkRuleSetForUpdate(storageAccount, true);
if (GetRuleForSubnet(networkRuleSet, sandboxSubnet.Inner.Id, Microsoft.Azure.Management.Storage.Fluent.Models.Action.Allow, out VirtualNetworkRule existingRule))
{
networkRuleSet = RemoveVNetFromRuleSet(networkRuleSet, sandboxSubnet.Inner.Id);
var updateParameters = new StorageAccountUpdateParameters()
{
NetworkRuleSet = networkRuleSet
};
await _azure.StorageAccounts.Inner.UpdateAsync(resourceGroupForStorageAccount, storageAccountName, updateParameters, cancellation);
}
}
catch (Exception ex)
{
throw new Exception($"Could not add Storage Account {storageAccountName} to VNet {vNetName}", ex);
}
}
public async Task EnsureSandboxSubnetHasServiceEndpointForStorage(string resourceGroupName, string networkName)
{
var network = await _azure.Networks.GetByResourceGroupAsync(resourceGroupName, networkName);
//Ensure resource is is managed by this instance
EnsureResourceIsManagedByThisIEnvironmentThrowIfNot(resourceGroupName, network.Tags);
var sandboxSubnet = AzureVNetUtil.GetSandboxSubnetOrThrow(network);
await network.Update()
.UpdateSubnet(sandboxSubnet.Name)
.WithAccessFromService(ServiceEndpointType.MicrosoftStorage)
.Parent()
.ApplyAsync();
}