Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set-AzResource is not working at all to set ipSecurityRestrictions #8784

Closed
JohannesHoppe opened this issue Mar 15, 2019 · 7 comments
Closed

Set-AzResource is not working at all to set ipSecurityRestrictions #8784

JohannesHoppe opened this issue Mar 15, 2019 · 7 comments
Assignees
@JohannesHoppe
Labels
More Info 🏷️
Milestone
2019-04-09

Comments

@JohannesHoppe
Copy link

Description

I updated the Az module, in the hope that my bug #8240 was fixed.
Nope, i still can't set any firewall rules.

Steps to reproduce

brew cask install powershell
Install-Module -Name Az
Get-InstalledModule -Name Az
--> 1.5.0

All right, let's try to set up a firewall rule. There are already four rule existing. I want to add a 5th one.

// Login-AzAccount, Get-AzSubscription, Select-AzSubscription

$resourceGroupName = "XXX"
$resourceName = "MY_WEB_SERVER/web"
$myip = "1.1.1.1"

$p1 = @{
    ResourceGroupName = $resourceGroupName
    ResourceType = "Microsoft.Web/sites/config"
    ResourceName = $resourceName
    ApiVersion = "2018-02-01"
}
$WebAppConfig = Get-AzResource @p1
$IpSecurityRestrictions = $WebAppConfig.Properties.ipSecurityRestrictions

$restriction = @{}
$restriction.Add("ipAddress", $myip + "/32")
$restriction.Add("action", "Allow")
$restriction.Add("tag", "Default")
$restriction.Add("priority", 100)
$restriction.Add("name", "Allow a new IP")
$restriction.Add("description", "just a test")
$IpSecurityRestrictions+= $restriction

$WebAppConfig.Properties.ipSecurityRestrictions = $IpSecurityRestrictions
Set-AzResource -resourceid $WebAppConfig.ResourceId -Properties $WebAppConfig -ApiVersion 2018-02-01 -Force

This gives no error message but also absolutely nothing happens.
Same issue reported here and here.

Environment data

Name                           Value
----                           -----
PSVersion                      6.1.2
PSEdition                      Core
GitCommitId                    6.1.2
OS                             Darwin 17.4.0 Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/...
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    Name                                PSEdition ExportedCommands
---------- -------    ----                                --------- ----------------
Script     1.4.0      Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enab...
Script     1.3.0      Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enab...
Script     1.2.1      Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enab...
Script     1.0.1      Az.Aks                              Core,Desk {Get-AzAks, New-AzAks, Remove-AzAks, Import-AzAksCredentia...
Script     1.0.2      Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServic...
Script     1.0.1      Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServic...
Script     1.0.0      Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServic...
Script     1.0.0      Az.ApiManagement                    Core,Desk {Add-AzApiManagementRegion, Get-AzApiManagementSsoToken, N...
Script     1.0.0      Az.ApplicationInsights              Core,Desk {Get-AzApplicationInsights, New-AzApplicationInsights, Rem...
Script     1.1.2      Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHyb...
Script     1.1.0      Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHyb...
Script     1.0.0      Az.Batch                            Core,Desk {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAcc...
Script     1.0.0      Az.Billing                          Core,Desk {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollme...
Script     1.1.0      Az.Cdn                              Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfil...
Script     1.0.1      Az.Cdn                              Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfil...
Script     1.0.1      Az.CognitiveServices                Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAc...
Script     1.0.0      Az.CognitiveServices                Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAc...
Script     1.5.0      Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv...
Script     1.3.0      Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv...
Script     1.2.0      Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv...
Script     1.0.0      Az.ContainerInstance                Core,Desk {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzCont...
Script     1.0.1      Az.ContainerRegistry                Core,Desk {New-AzContainerRegistry, Get-AzContainerRegistry, Update-...
Script     1.0.2      Az.DataFactory                      Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFa...
Script     1.0.1      Az.DataFactory                      Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFa...
Script     1.0.0      Az.DataLakeAnalytics                Core,Desk {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalytic...
Script     1.1.0      Az.DataLakeStore                    Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeSt...
Script     1.0.2      Az.DataLakeStore                    Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeSt...
Script     1.0.0      Az.DevTestLabs                      Core,Desk {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolic...
Script     1.0.0      Az.Dns                              Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRe...
Script     1.1.0      Az.EventGrid                        Core,Desk {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGr...
Script     1.0.1      Az.EventHub                         Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzE...
Script     1.0.0      Az.EventHub                         Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzE...
Script     1.0.0      Az.HDInsight                        Core,Desk {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wa...
Script     1.0.2      Az.IotHub                           Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-A...
Script     1.0.2      Az.KeyVault                         Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, ...
Script     1.0.1      Az.KeyVault                         Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, ...
Script     1.2.1      Az.LogicApp                         Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccou...
Script     1.1.0      Az.LogicApp                         Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccou...
Script     1.0.0      Az.MachineLearning                  Core,Desk {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssocia...
Script     1.0.0      Az.MarketplaceOrdering              Core,Desk {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.0.0      Az.Media                            Core,Desk {Sync-AzMediaServiceStorageKeys, Set-AzMediaServiceKey, Ge...
Script     1.0.1      Az.Monitor                          Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile...
Script     1.0.0      Az.Monitor                          Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile...
Script     1.3.0      Az.Network                          Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-Az...
Script     1.1.0      Az.Network                          Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-Az...
Script     1.0.0      Az.NotificationHubs                 Core,Desk {Get-AzNotificationHub, Get-AzNotificationHubAuthorization...
Script     1.1.0      Az.OperationalInsights              Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-...
Script     1.0.0      Az.OperationalInsights              Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-...
Script     1.0.0      Az.PolicyInsights                   Core,Desk {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSu...
Script     1.0.0      Az.PowerBIEmbedded                  Core,Desk {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspa...
Script     1.1.0      Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi...
Script     1.0.1      Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi...
Script     1.0.0      Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi...
Script     1.0.0      Az.RedisCache                       Core,Desk {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheSchedul...
Script     1.0.0      Az.Relay                            Core,Desk {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNa...
Script     1.2.0      Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR...
Script     1.1.2      Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR...
Script     1.1.1      Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR...
Script     1.0.0      Az.ServiceBus                       Core,Desk {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set...
Script     1.0.1      Az.ServiceFabric                    Core,Desk {Add-AzServiceFabricApplicationCertificate, Add-AzServiceF...
Script     1.0.2      Az.SignalR                          Core,Desk {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSig...
Script     1.5.0      Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData...
Script     1.2.0      Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData...
Script     1.1.0      Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData...
Script     1.0.3      Az.Storage                          Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStor...
Script     1.0.2      Az.Storage                          Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStor...
Script     1.0.0      Az.StreamAnalytics                  Core,Desk {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefau...
Script     1.0.1      Az.TrafficManager                   Core,Desk {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTraf...
Script     1.1.1      Az.Websites                         Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServ...
Script     1.1.0      Az.Websites                         Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServ...

Debug output

Ok, I'm not exposing sensitive information here, but the data which is send to the server is wrong.

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
ETag                          : "1D4DB32E535A6D5"
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : ea972771-4e60-4652-b114-6df6f0324fd3
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id   : 66bc198e-9b9f-473b-ac6e-a91fdc3731c2
x-ms-routing-request-id       : FRANCESOUTH:20190315T133018Z:66bc198e-9b9f-473b-ac6e-a91fdc3731c2
X-Content-Type-Options        : nosniff
Date                          : Fri, 15 Mar 2019 13:30:17 GMT

Body:
{
// a lot of other stuff

"ipSecurityRestrictions": [
      {
        1. rule (already there)
      },
      {
        2. rule (already there)
      },
      {
        3. rule (already there)
      },
      {
        4. rule  (already there)
      }
    ],
    "scmIpSecurityRestrictions": null,
    "scmIpSecurityRestrictionsUseMain": false,
    "http20Enabled": false,
    "minTlsVersion": "1.0",
    "ftpsState": "AllAllowed",
    "reservedInstanceCount": 0
  }
}

I can clearly see, that the added rule is never included in the request. This explains why nothing happens!

Error output

No error output. It fails by doing nothing.
@JohannesHoppe JohannesHoppe mentioned this issue Mar 15, 2019
Closed
@JohannesHoppe
Copy link
Author

By the way, we have a similar Set-AzureRmResource against API 2018-02-01 on a windows machine, that works! So it's definitely related to the AZ. It's completely broken here.

Just for fun.
Now trying this with ApiVersion = "2018-11-01".

"ipSecurityRestrictions": [
      {
        Rule 1
      },
      {
        Rule 2
      },
      {
       Rule 4
      },
      {
        Rule 4
      },
      {
        "ipAddress": "Any",
        "action": "Deny",
        "priority": 2147483647,
        "name": "Deny all",
        "description": "Deny all access"
      }
    ],
    "scmIpSecurityRestrictions": [
      {
        "ipAddress": "Any",
        "action": "Allow",
        "priority": 1,
        "name": "Allow all",
        "description": "Allow all access"
      }
    ],
    "scmIpSecurityRestrictionsUseMain": false,
    "http20Enabled": false,
    "minTlsVersion": "1.0",
    "ftpsState": "AllAllowed",
    "reservedInstanceCount": 0
  }

That Deny-Rule in the HTTP-Request is new with that API-Version, but the effect is the same. Nothing happens. I am frustrated...

@cormacpayne cormacpayne self-assigned this Mar 15, 2019
@cormacpayne cormacpayne added this to the 2019-03-26 milestone Mar 15, 2019
@markcowl markcowl modified the milestones: 2019-03-26, 2019-04-09 Mar 25, 2019
@cormacpayne
Copy link
Member

@panchagnula Hey Sisira, would you know why the ipSecurityRestrictions property isn't being updated on the server? I'm able to reproduce this locally:

HTTP Request:

Click to expand request 

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/f21249a2-8c83-4229-a791-deecc16c5ba5/resourceGroups/corm-test-webapp/providers/Microsoft.Web/sites/corm-test-webapp/config/web?api-version=2018-02-01

Headers:
User-Agent                    : PSVersion/v6.2.0,AzurePowershell/v1.0.0
ParameterSetName              : ByResourceId
CommandName                   : Set-AzResource

Body:
{
  "properties": {
    "ResourceId": "/subscriptions/f21249a2-8c83-4229-a791-deecc16c5ba5/resourceGroups/corm-test-webapp/providers/Microsoft.Web/sites/corm-test-webapp/config/web",
    "Id": "/subscriptions/f21249a2-8c83-4229-a791-deecc16c5ba5/resourceGroups/corm-test-webapp/providers/Microsoft.Web/sites/corm-test-webapp/config/web",
    "Identity": null,
    "Kind": null,
    "Location": "Central US",
    "ManagedBy": null,
    "ResourceName": "corm-test-webapp",
    "Name": "corm-test-webapp",
    "ExtensionResourceName": null,
    "ParentResource": null,
    "Plan": null,
    "Properties": {
      "numberOfWorkers": 1,
      "defaultDocuments": [
        "Default.htm",
        "Default.html",
        "Default.asp",
        "index.htm",
        "index.html",
        "iisstart.htm",
        "default.aspx",
        "index.php",
        "hostingstart.html"
      ],
      "netFrameworkVersion": "v4.0",
      "phpVersion": "5.6",
      "pythonVersion": "",
      "nodeVersion": "",
      "linuxFxVersion": "",
      "windowsFxVersion": null,
      "requestTracingEnabled": false,
      "remoteDebuggingEnabled": false,
      "remoteDebuggingVersion": null,
      "httpLoggingEnabled": false,
      "logsDirectorySizeLimit": 35,
      "detailedErrorLoggingEnabled": false,
      "publishingUsername": "$corm-test-webapp",
      "publishingPassword": null,
      "appSettings": null,
      "azureStorageAccounts": null,
      "metadata": null,
      "connectionStrings": null,
      "machineKey": null,
      "handlerMappings": null,
      "documentRoot": null,
      "scmType": "None",
      "use32BitWorkerProcess": false,
      "webSocketsEnabled": false,
      "alwaysOn": false,
      "javaVersion": null,
      "javaContainer": null,
      "javaContainerVersion": null,
      "appCommandLine": "",
      "managedPipelineMode": "Integrated",
      "virtualApplications": [
        {
          "virtualPath": "/",
          "physicalPath": "site\\wwwroot",
          "preloadEnabled": false,
          "virtualDirectories": null
        }
      ],
      "winAuthAdminState": 0,
      "winAuthTenantState": 0,
      "customAppPoolIdentityAdminState": false,
      "customAppPoolIdentityTenantState": false,
      "runtimeADUser": null,
      "runtimeADUserPassword": null,
      "loadBalancing": "LeastRequests",
      "routingRules": [],
      "experiments": {
        "rampUpRules": []
      },
      "limits": null,
      "autoHealEnabled": false,
      "autoHealRules": null,
      "tracingOptions": null,
      "vnetName": "",
      "siteAuthEnabled": false,
      "siteAuthSettings": {
        "enabled": null,
        "unauthenticatedClientAction": null,
        "tokenStoreEnabled": null,
        "allowedExternalRedirectUrls": null,
        "defaultProvider": null,
        "clientId": null,
        "clientSecret": null,
        "clientSecretCertificateThumbprint": null,
        "issuer": null,
        "allowedAudiences": null,
        "additionalLoginParams": null,
        "isAadAutoProvisioned": false,
        "googleClientId": null,
        "googleClientSecret": null,
        "googleOAuthScopes": null,
        "facebookAppId": null,
        "facebookAppSecret": null,
        "facebookOAuthScopes": null,
        "twitterConsumerKey": null,
        "twitterConsumerSecret": null,
        "microsoftAccountClientId": null,
        "microsoftAccountClientSecret": null,
        "microsoftAccountOAuthScopes": null
      },
      "cors": null,
      "push": null,
      "apiDefinition": null,
      "autoSwapSlotName": null,
      "localMySqlEnabled": false,
      "managedServiceIdentityId": null,
      "xManagedServiceIdentityId": null,
      "ipSecurityRestrictions": [
        {
          "name": "Allow a new IP",
          "priority": 100,
          "action": "Allow",
          "tag": "Default",
          "description": "Just a test",
          "ipAddress": "1.1.1.1/32"
        }
      ],
      "scmIpSecurityRestrictions": null,
      "scmIpSecurityRestrictionsUseMain": false,
      "http20Enabled": false,
      "minTlsVersion": "1.2",
      "ftpsState": "AllAllowed",
      "reservedInstanceCount": 0
    },
    "ResourceGroupName": "corm-test-webapp",
    "Type": "Microsoft.Web/sites/config",
    "ResourceType": "Microsoft.Web/sites/config",
    "ExtensionResourceType": null,
    "Sku": null,
    "Tags": null,
    "SubscriptionId": "f21249a2-8c83-4229-a791-deecc16c5ba5",
    "CreatedTime": null,
    "ChangedTime": null,
    "ETag": null
  },
  "location": "Central US"
}

HTTP Response:

Click to expand response 

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
ETag                          : "1D4E57D57744F60"
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 29cbf510-f7e4-4ac3-8af2-e01ecf0602f0
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-correlation-request-id   : 8f0d176b-ae34-4ffc-bcf6-0014698b4512
x-ms-routing-request-id       : WESTUS2:20190328T170646Z:8f0d176b-ae34-4ffc-bcf6-0014698b4512
X-Content-Type-Options        : nosniff
Date                          : Thu, 28 Mar 2019 17:06:46 GMT

Body:
{
  "id": "/subscriptions/f21249a2-8c83-4229-a791-deecc16c5ba5/resourceGroups/corm-test-webapp/providers/Microsoft.Web/sites/corm-test-webapp",
  "name": "corm-test-webapp",
  "type": "Microsoft.Web/sites",
  "location": "Central US",
  "properties": {
    "numberOfWorkers": 1,
    "defaultDocuments": [
      "Default.htm",
      "Default.html",
      "Default.asp",
      "index.htm",
      "index.html",
      "iisstart.htm",
      "default.aspx",
      "index.php",
      "hostingstart.html"
    ],
    "netFrameworkVersion": "v4.0",
    "phpVersion": "5.6",
    "pythonVersion": "",
    "nodeVersion": "",
    "linuxFxVersion": "",
    "windowsFxVersion": null,
    "requestTracingEnabled": false,
    "remoteDebuggingEnabled": false,
    "remoteDebuggingVersion": null,
    "httpLoggingEnabled": false,
    "logsDirectorySizeLimit": 35,
    "detailedErrorLoggingEnabled": false,
    "publishingUsername": "$corm-test-webapp",
    "publishingPassword": null,
    "appSettings": null,
    "azureStorageAccounts": null,
    "metadata": null,
    "connectionStrings": null,
    "machineKey": null,
    "handlerMappings": null,
    "documentRoot": null,
    "scmType": "None",
    "use32BitWorkerProcess": false,
    "webSocketsEnabled": false,
    "alwaysOn": false,
    "javaVersion": null,
    "javaContainer": null,
    "javaContainerVersion": null,
    "appCommandLine": "",
    "managedPipelineMode": "Integrated",
    "virtualApplications": [
      {
        "virtualPath": "/",
        "physicalPath": "site\\wwwroot",
        "preloadEnabled": false,
        "virtualDirectories": null
      }
    ],
    "winAuthAdminState": 0,
    "winAuthTenantState": 0,
    "customAppPoolIdentityAdminState": false,
    "customAppPoolIdentityTenantState": false,
    "runtimeADUser": null,
    "runtimeADUserPassword": null,
    "loadBalancing": "LeastRequests",
    "routingRules": [],
    "experiments": {
      "rampUpRules": []
    },
    "limits": null,
    "autoHealEnabled": false,
    "autoHealRules": null,
    "tracingOptions": null,
    "vnetName": "",
    "siteAuthEnabled": false,
    "siteAuthSettings": {
      "enabled": null,
      "unauthenticatedClientAction": null,
      "tokenStoreEnabled": null,
      "allowedExternalRedirectUrls": null,
      "defaultProvider": null,
      "clientId": null,
      "clientSecret": null,
      "clientSecretCertificateThumbprint": null,
      "issuer": null,
      "allowedAudiences": null,
      "additionalLoginParams": null,
      "isAadAutoProvisioned": false,
      "googleClientId": null,
      "googleClientSecret": null,
      "googleOAuthScopes": null,
      "facebookAppId": null,
      "facebookAppSecret": null,
      "facebookOAuthScopes": null,
      "twitterConsumerKey": null,
      "twitterConsumerSecret": null,
      "microsoftAccountClientId": null,
      "microsoftAccountClientSecret": null,
      "microsoftAccountOAuthScopes": null
    },
    "cors": null,
    "push": null,
    "apiDefinition": null,
    "autoSwapSlotName": null,
    "localMySqlEnabled": false,
    "managedServiceIdentityId": null,
    "xManagedServiceIdentityId": null,
    "ipSecurityRestrictions": null,
    "scmIpSecurityRestrictions": null,
    "scmIpSecurityRestrictionsUseMain": false,
    "http20Enabled": false,
    "minTlsVersion": "1.2",
    "ftpsState": "AllAllowed",
    "reservedInstanceCount": 0
  }
}

In the request, you can see that the ipSecurityRestrictions property is populated, but in the response, it's set to null.

@panchagnula
Copy link
Contributor

@cormacpayne this is new - I am not aware any backend issues on our end, let me investigate futher.

@panchagnula
Copy link
Contributor

Looking at our Kusto logs @cormacpayne we are receiving null for IPRestrictions property, so looks like PowerShell issue
"RequestContent": "<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/\">f21249a2-8c83-4229-a791-deecc16c5ba5<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/\">corm-test-webapp<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/\">corm-test-webapp<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/\">Central US<SiteConfig xmlns="http://schemas.microsoft.com/windowsazure\" xmlns:i="http://www.w3.org/2001/XMLSchema-instance\"><AlwaysOn i:nil="true"/><ApiDefinition i:nil="true"/><AppCommandLine i:nil="true"/><AppSettings i:nil="true"/><AutoHealEnabled i:nil="true"/><AutoHealRules i:nil="true"/><AutoSwapSlotName i:nil="true"/><AzureStorageAccounts i:nil="true" xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays\"/><ConnectionStrings i:nil="true"/><Cors i:nil="true"/><CustomAppPoolIdentityAdminState i:nil="true"/><CustomAppPoolIdentityTenantState i:nil="true"/><DefaultDocuments i:nil="true" xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays\"/><DetailedErrorLoggingEnabled i:nil="true"/><DocumentRoot i:nil="true"/><Experiments i:nil="true"/><FtpsState i:nil="true"/><HandlerMappings i:nil="true"/><Http20Enabled i:nil="true"/><HttpLoggingEnabled i:nil="true"/><IpSecurityRestrictions i:nil="true"/><JavaContainer i:nil="true"/><JavaContainerVersion i:nil="true"/><JavaVersion i:nil="true"/><Limits i:nil="true"/><LinuxFxVersion i:nil="true"/><LoadBalancing i:nil="true"/><LocalMySqlEnabled i:nil="true"/><LogsDirectorySizeLimit i:nil="true"/><MachineKey i:nil="true"/><ManagedPipelineMode i:nil="true"/><ManagedServiceIdentityId i:nil="true"/><Metadata i:nil="true"/><MinTlsVersion i:nil="true"/><NetFrameworkVersion i:nil="true"/><NodeVersion i:nil="true"/><NumberOfWorkers i:nil="true"/><PhpVersion i:nil="true"/><PublishingPassword i:nil="true"/><PublishingUsername i:nil="true"/><Push i:nil="true"/><PythonVersion i:nil="true"/><RemoteDebuggingEnabled i:nil="true"/><RemoteDebuggingVersion i:nil="true"/><RequestTracingEnabled i:nil="true"/><ReservedInstanceCount i:nil="true"/><RoutingRules i:nil="true"/><RuntimeADUser i:nil="true"/><RuntimeADUserPassword i:nil="true"/><ScmIpSecurityRestrictions i:nil="true"/><ScmIpSecurityRestrictionsUseMain i:nil="true"/><ScmType i:nil="true"/><TracingOptions i:nil="true"/><Use32BitWorkerProcess i:nil="true"/><VirtualApplications i:nil="true"/><VnetName i:nil="true"/><WebSocketsEnabled i:nil="true"/><WinAuthAdminState i:nil="true"/><WinAuthTenantState i:nil="true"/><WindowsFxVersion i:nil="true"/><XManagedServiceIdentityId i:nil="true"/>",

@cormacpayne
Copy link
Member

@panchagnula Great, thanks for taking a look and verifying 😁

@cormacpayne
Copy link
Member

@JohannesHoppe Hey Johannes, one thing I just noticed when looking at your script again is that you're providing $WebAppConfig to the -Properties parameter rather than $WebAppConfig.Properties. I've verified this scenario now works with either of the below commands:

# Using piping
$WebAppConfig | Set-AzResource -ApiVersion 2018-02-01 -Force

# Using -ResourceId and -Properties parameters
Set-AzResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion 2018-02-01 -Force

Please let me know if either of these commands works for you!

@maddieclayton maddieclayton modified the milestone: 2019-04-09 Apr 2, 2019
@maddieclayton
Copy link
Contributor

Closing as fixed - @JohannesHoppe Please let us know if you are continuing to see an issue and we will reopen this. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JohannesHoppe JohannesHoppe

Labels
More Info 🏷️
Projects
None yet
Milestone
2019-04-09
Development

No branches or pull requests
5 participants
@JohannesHoppe @markcowl @cormacpayne @maddieclayton @panchagnula