azure-powershell icon indicating copy to clipboard operation
azure-powershell copied to clipboard

Published 20 hours ago verified publisher icon Azure

Update-AzKeyVault documentation is ambiguous about PublicNetworkAccess "Allow" behavior

Open chitturs opened this issue 1 year ago • 3 comments

Type of issue

Missing information

Feedback

https://learn.microsoft.com/en-us/powershell/module/az.keyvault/update-azkeyvault?view=azps-11.2.0&viewFallbackFrom=azps-11.0.0 has this blurb for PublicNetworkAccess.

-PublicNetworkAccess Specifies whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

It is not clear how it interacts with firewall rules if we set this to "Allow". My testing shows that "Allow" does not allow public network access if firewall rules are present.

Page URL

https://learn.microsoft.com/en-us/powershell/module/az.keyvault/update-azkeyvault?view=azps-11.2.0

Content source URL

https://github.com/Azure/azure-powershell/blob/main/src/KeyVault/KeyVault/help/Update-AzKeyVault.md

Author

@mikefrobbins

Document Id

63b9732d-554f-bb4b-4daf-163a7b25dfbf

chitturs avatar Jan 29 '24 17:01 chitturs

@chitturs thanks for the feedback. @jlichwa hey Jack, is there any official doc explaining how keyvault's PublicNetworkAccess property works together with firewall rules? We could reference it in the cmdlet help docs. Thanks.

isra-fel avatar Jan 31 '24 17:01 isra-fel

This settings applies to Public IP address, if disabled , Public IP is blocked completely and access can be done only over established Private IP address. If Allow public IP is open, but can be restricted by firewall rules.

It is nothing specific to Key Vault per say, this is common behavior across entire Azure resources, driven by network team.

jlichwa avatar Jan 31 '24 18:01 jlichwa

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

microsoft-github-policy-service[bot] avatar Feb 08 '24 09:02 microsoft-github-policy-service[bot]