Azure SDK for Javascript : Updating NetworkRuleSet in Storage Account. Type mismatch and missing defaultAction

Question

i'am trying to update a NetworkRuleSet in a Storage Account by using a TypeScript Azure Function using the Azure SDK. I can successfully update the "kind" parameter of a Storage Account, but if i also try to update the networkRuleSet i'am getting several Errors which i don't manage to solve.

SDK Reference: https://learn.microsoft.com/en-us/javascript/api/%40azure/arm-storage/?view=azure-node-latest

This code to update the "kind" works:

import { NetworkRuleSet, StorageAccount, StorageManagementClient } from '@azure/arm-storage';
import { DefaultAzureCredential } from '@azure/identity';
import { getSubscriptionId } from './environment-vars';

const subscriptionId = getSubscriptionId();
const credentials = new DefaultAzureCredential();
const storageManagement = new StorageManagementClient(
  credentials,
  subscriptionId
);

export const updateWhiteLists = async (
  resourceGroupName: string,
  storageAccountName: string,
): Promise<StorageAccount> => {

  console.log(`updateWhiteLists`);
  const networkRuleSetParameters = {
    kind: "StorageV2",
  }

  return await storageManagement.storageAccounts.update(
    resourceGroupName,
    storageAccountName,
    networkRuleSetParameters
  );
};

This is what i actually want to achieve, but it throws an:

error TS2345: Argument of type '{ networkRuleSet: { defaultAction: string; bypass: string; ipRules: { iPAddressOrRange: string; Action: string; }[]; }; }' is not assignable to parameter of type 'StorageAccountUpdateParameters'. The types of 'networkRuleSet.defaultAction' are incompatible between these types. Type 'string' is not assignable to type 'DefaultAction'.

import { NetworkRuleSet, StorageAccount, StorageManagementClient } from '@azure/arm-storage';
import { DefaultAzureCredential } from '@azure/identity';
import { getSubscriptionId } from './environment-vars';

const subscriptionId = getSubscriptionId();
const credentials = new DefaultAzureCredential();
const storageManagement = new StorageManagementClient(
  credentials,
  subscriptionId
);

export const updateWhiteLists = async (
  resourceGroupName: string,
  storageAccountName: string,
): Promise<StorageAccount> => {

  console.log(`updateWhiteLists`);

  const networkRuleSetParameters = {
    networkRuleSet: {
      defaultAction: "Deny",
      bypass: "AzureServices",
      ipRules: [
        {
          iPAddressOrRange: "1.1.1.1/32",
          Action: "Allow"
        },
      ],
    },
  }

  return await storageManagement.storageAccounts.update(
    resourceGroupName,
    storageAccountName,
    networkRuleSetParameters
  );
};

Can someone here please help me in that?

Thank you so much!

Answer 1

Thank you so much @siddheshdesai for the solution. Currently when I use networkRuleSet, it isn't working because this property has been changed to networkAcls.

Anyway, this is working now. Thank you so much.

Answer 2

You can refer this Azure Rest API javascript code to create the NetworkRuleSet with Javascript in Azure storage account like below:-

For StorageV2 Account:-

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");


async function storageAccountCreate() {
    const subscriptionId = "sub-id";
    const resourceGroupName = "valleyrg54";
    const accountName = "stosiddesai";
  const parameters = {
    allowBlobPublicAccess: false,
    allowSharedKeyAccess: true,
    defaultToOAuthAuthentication: false,
    encryption: {
      keySource: "Microsoft.Storage",
      requireInfrastructureEncryption: false,
      services: {
        blob: { enabled: true, keyType: "Account" },
        file: { enabled: true, keyType: "Account" },
      },
    },
    isHnsEnabled: false,
    isSftpEnabled: false,
    keyPolicy: { keyExpirationPeriodInDays: 20 },
    kind: "StorageV2",
    location: "eastus",
    minimumTlsVersion: "TLS1_2",
    routingPreference: {
      publishInternetEndpoints: true,
      publishMicrosoftEndpoints: true,
      routingChoice: "MicrosoftRouting",
    },
    sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
    sku: { name: "Standard_GRS" },
    tags: { key1: "value1", key2: "value2" },
    networkRuleSet: {
        bypass: "AzureServices",
        defaultAction: "Allow",
        ipRules: [],
        virtualNetworkRules: [
          {
            virtualNetworkResourceId:
            "/subscriptions/sub-id/resourceGroups/valleyrg54/providers/Microsoft.Network/virtualNetworks/siliconvnet/subnets/subnet1",
          },
        ],
      },
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.storageAccounts.beginCreateAndWait(
    resourceGroupName,
    accountName,
    parameters
  );
  console.log(result);
}


storageAccountCreate();

Make sure you add Microsoft.Storage Service endpoint in the subnet you are trying to attach to the Storage account via NetworkRuleSet:-

Output:-

When I select Enable from selected Virtual Networks and Ip addresses above VNet is automatically added:-

NFS enabled account:-

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");


async function nfsV3AccountCreate() {
  const subscriptionId = "subid";
  const resourceGroupName = "valleyrg54";
  const accountName = "stosid4445";
  const parameters = {
    isHnsEnabled: true,
    enableNfsV3: true,
    kind: "BlockBlobStorage",
    location: "eastus",
    networkRuleSet: {
      bypass: "AzureServices",
      defaultAction: "Deny",
      ipRules: [],
      virtualNetworkRules: [
        {
          virtualNetworkResourceId:
            "/subscriptions/subid/resourceGroups/valleyrg54/providers/Microsoft.Network/virtualNetworks/siliconvnet/subnets/default",
        },
      ],
    },
    sku: { name: "Premium_LRS" },
    enableHttpsTrafficOnly: false,
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.storageAccounts.beginCreateAndWait(
    resourceGroupName,
    accountName,
    parameters
  );
  console.log(result);
}


nfsV3AccountCreate();

Output:-