Azure-cli: az lock create does not allow to set resource locks for VNet subnets

Created on 19 Feb 2020  路  11Comments  路  Source: Azure/azure-cli

az feedback auto-generates most of the information requested below, as of CLI version

2.0.81

Describe the bug
az lock create does not allow to set resource locks for VNet subnets. The following error is shown:

validation error: Parameter 'resource_provider_namespace' can not be None.

To Reproduce
See this screenshot below - basically setting a resource lock on a VNet works, but setting a resource lock in one of it's VNet subnets results in an error:
Bug

Expected behavior
Locking a VNet subnet should be supported.

Environment summary
Azure Cloud Shell (Bash) with Azure CLI 2.0.81 installed

Additional context
Not sure if resource locking a VNet subnet is supported by Azure in general.

ARM Network - Virtual Network Service Attention
Source
picture fawohlsc

All 11 comments

add to S167.

yonzhan picture yonzhan on 22 Feb 2020
👍1

@yonzhan Many thanks. I assume S167 is sprint 167. What are your spring lengths and what is the current sprint? Many thanks :-)

fawohlsc picture fawohlsc on 25 Feb 2020

https://github.com/Azure/azure-cli/milestones three weeks cadence.

yonzhan picture yonzhan on 25 Feb 2020

@fawohlsc Hi, if you want to lock subnets, the service needs to know which virtualNetworks the subnets belong to.
There are two correct command formats:

  1. az lock create --name {lock-name} --lock-type ReadOnly --resource-group {resource-group} --resource-type Microsoft.Network/virtualNetworks --resource {virtualNetwork-name}/subnets/{subnet-name}
  2. az lock create --name {lock-name} --lock-type ReadOnly --resource-group {resource-group} --resource-type Microsoft.Network/subnets --parent virtualNetworks/{virtualNetwork-name} --resource {subnet-name} (more recommended)
zhoxing-ms picture zhoxing-ms on 9 Mar 2020
👍1

@fawohlsc However, I found that there is no entry on portal to support locking subnets granular resources, please help to confirm whether this function is reasonable and needed?
If so, please contact members of the portal team to add the ability to lock subnets granular resources. And I will supplement this example in the CLI help documentation.

zhoxing-ms picture zhoxing-ms on 9 Mar 2020
👍1

@zhoxing-ms first of all many thanks for your insightful response and proactivity to add this to the documentation. Great job! 馃

Many customers want to empower their developers to create or change VNet subnets, i.e. all auto-scalable resources in Azure usually require a dedicated subnet (i.e. VMSS, AAG, APIM, ...). But some of the subnets contain shared resources or resources managed by central IT (i.e. AAG with PIP requires delete lock) - here we require a lock for the subnets. Following I think we should add this feature to the portal as well. Can you point me to their repository? Was not able to find it... Many thanks in advance!

fawohlsc picture fawohlsc on 18 Mar 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @armleads-azure.

msftbot[bot] picture msftbot[bot] on 18 Mar 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

msftbot[bot] picture msftbot[bot] on 18 Mar 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

msftbot[bot] picture msftbot[bot] on 18 Mar 2020

If this issue concerns only Portal side I will untag SDN

allegradomel picture allegradomel on 18 Mar 2020

@allegradomel issue works in Azure CLI but not documented. @zhoxing-ms opened a pull request to enhance documentation. Feature is unfortunately not available in Azure Portal.

fawohlsc picture fawohlsc on 18 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

williexu picture williexu  路  3Comments
amarzavery picture amarzavery  路  3Comments
ambakshi picture ambakshi  路  3Comments
troydai picture troydai  路  3Comments
williexu picture williexu  路  3Comments