'Add-AzKeyVaultNetworkRule on Powershell script throwing error
I need to add the Outbound IPs of Azure Function-App to Azure KeyVault Firewall Rule to be whitelisted, using powershell, to be executed on a pipeline. My script is :
param(
[Parameter()]
[String]$resourcegrp,
[String]$funcname,
[String]$kv
)
$functionApp = Get-AzFunctionApp -ResourceGroupName $resourcegrp -Name $funcname
Add-AzKeyVaultNetworkRule -VaultName $kv -ResourceGroupName $resourcegrp `
-IpAddressRange ($functionApp.PossibleOutboundIPAddress).Trim()
Update-AzKeyVaultNetworkRuleSet -VaultName $kv -ResourceGroupName $resourcegrp `
-DefaultAction Deny -Bypass AzureServices `
-IpAddressRange ($functionApp.PossibleOutboundIPAddress).Trim()
The above is giving below error:
where as if I do the same on powershell prompt like below, it works fine.
Can someone suggest what's wrong in my PS1 file, or what can be a better way to achieve the same with a PowerShell script.
Solution 1:[1]
This is because the property $functionApp.PossibleOutboundIPAddress is a single string
$functions[0].PossibleOutboundIPAddress | gm
TypeName: System.String
But Add-AzKeyVaultNetworkRule expects a string array
Get-Help Add-AzKeyVaultNetworkRule -Parameter ipaddressrange
-IpAddressRange <System.String[]>
Specifies allowed network IP address range of network rule.
You should be able to make this work by splitting the value from the functionApp on the , delimiter
$addAzKeyVaultNetworkRuleSplat = @{
VaultName = $kv
ResourceGroupName = $resourcegrp
IpAddressRange = $functionApp.PossibleOutboundIPAddress -split ','
}
Add-AzKeyVaultNetworkRule @addAzKeyVaultNetworkRuleSplat
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | BrettMiller |