Unable to use variable to submit multiple IP Addresses to az keyvault network-rule add --ip-address #30988
Description
Describe the bug
From the Command line I can successfully submit the command az keyvault network-rule add --ip-address 1.2.3.4/32 2.3.4.5/24 7.8.9.10 (Space separated and mix of CIDR and IpV4 Addresses), without a problem as a list. Replace example ips above with any real public IPv4 addresses and the command will happily add all of the IP addresses in the list using a single command call. However, if I set a variable (Lets Call it $AllowedIps) with the same values, I get an error. Specific Error text is "Invalid value found at properties.networkAcls.ipRules[150].value: Value does not respect CIDR notation: my list of IPs in the variable $AllowedIps. I have confirmed that the variable is a System.String variable and the contents of the variable is most definitely a space separated list of CIDR notation IP addresses. I have attempted to try this with a comma separated list with no joy as well.
It makes no sense that I can submit multiple IP addresses from the command line as space separated, but am unable to assign a variable with the same values and use that.
Where this would be REALLY helpful is in cases where there are large #'s of Azure Service Ips that need to be allowed access to a keyvault that has IP restrictions enabled. I can easily get the IPs for a given service from the ginormous Azure Service IPs list into a variable that I would then like to pass on to the network-rule add option in az keyvault command.
Ideally I'd like this fixed so that either a space or comma delimited list of IPs could be submitted to the az keyvault network-rule add command.
Thanks.
Related command
az keyvault network-rule add --ip-address 1.2.3.4 2.3.4.5/24 5.6.7.8/27 -n {keyvault_name} Works like a champ
$AllowedIps = "1.2.3.4 2.3.4.5/24 5.6.7.8/27"
az keyvault network-rule add --ip-address $AllowedIps -n {keyvault_name} fails with "Invalid value found at properties.networkAcls.ipRules[150].value: Value does not respect CIDR notation: {My list of Allowed IPs IN CIDR notation}
Where the example IPs above are replaced with actual public IPs or Ranges & {keyvault_name} is replaced with an actual keyvault name.
Errors
"Invalid value found at properties.networkAcls.ipRules[150].value: Value does not respect CIDR notation: {My list of Allowed IPs IN CIDR notation}
Issue script & Debug output
$AllowedIps="1.2.3.4 2.3.4.5/24 3.4.5.6/27"
az keyvault network-rule add --ip-address $AllowedIps -n {keyvault_name}
Expected behavior
One should be able to set a variable using proper CIDR notation and submit that variable in place of an actual list of CIDR notated IPs to the az keyvault network-rule add --ip-address command.
Environment Summary
azure-cli 2.70.0
core 2.70.0
telemetry 1.1.0
Extensions:
account 0.2.5
ad 0.1.0
ai-examples 0.2.5
Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Config directory 'C:\Users\lil_b.azure'
Extensions directory 'C:\Users\lil_b.azure\cliextensions'
Python (Windows) 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:30:04) [MSC v.1942 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
What else would you like to know?