Skip to content

Azure CLI for Postgress Flexible server add default VNET range on an existing VNET #31560

New issue
New issue
Open
Open
Azure CLI for Postgress Flexible server add default VNET range on an existing VNET#31560
Assignees
nachoalonsoportillo
Labels
Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botPostgreSQLSecurity-IssueService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.
@rackalex

Description

@rackalex
rackalex
opened on May 27, 2025

Describe the bug

When running an ''az postgres flexible-server replica create" with specificing the snet as an resource Id we have experience, that the command itself has updated an existing VNET with the Default prefix, specified in the default value (see: https://github.com/Azure/azure-cli/blob/main/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_virtual_network.py) . This behavoir (as you can imagine) can create a big impact on the overall network infrastructure in an enterprise Azure environment. We would like to the feedback:

  • why this behavior occurred?
  • what can we do to prevent 'az postgres flexible-server replica create' to add the default range of 10.0.0.0/16 to an exisitng VNET?

Related command

Command executed:

az postgres flexible-server replica create --resource-group some-rg --replica-name some-name --source-server somename --private-dns-zone postgress-zone-id --subnet subnet-resource-id --yes

WARNING: You have supplied a Subnet ID. Verifying its existence...
WARNING: Using existing Vnet "VNET-SOME-NAME" in resource group "RSG-SOME-NAME"
WARNING: The address prefix does not exist in the Vnet. Adding address prefix 10.0.0.0/16 to Vnet VNET-SOME-NAME.
WARNING: Using existing Subnet "SNET-SOME-NAME" in resource group "RSG-SOME-NAME"
WARNING: Using the existing private dns zone privatelink.postgres.database.azure.com in resource group "RSG-SOME-NAME"

Errors

The existing VNET was modified and the address prefix 10.0.0.0/16 was added and created routing issue for the complete network topologie

Issue script & Debug output

Command executed:

az postgres flexible-server replica create --resource-group some-rg --replica-name some-name --source-server somename --private-dns-zone postgress-zone-id --subnet subnet-resource-id --yes

WARNING: You have supplied a Subnet ID. Verifying its existence...
WARNING: Using existing Vnet "VNET-SOME-NAME" in resource group "RSG-SOME-NAME"
WARNING: The address prefix does not exist in the Vnet. Adding address prefix 10.0.0.0/16 to Vnet VNET-SOME-NAME.
WARNING: Using existing Subnet "SNET-SOME-NAME" in resource group "RSG-SOME-NAME"
WARNING: Using the existing private dns zone privatelink.postgres.database.azure.com in resource group "RSG-SOME-NAME"

Expected behavior

If the VNET exists, it should not add the default vnet range to it.

Environment Summary

azure-cli 2.51.0 *

core 2.51.0 *
telemetry 1.1.0

Dependencies:
msal 1.24.0b1
azure-mgmt-resource 23.1.0b2

Additional context

No response

Metadata

Metadata

Assignees

Labels

Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botPostgreSQLSecurity-IssueService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions