I need to add the Outbound IPs of Azure Function-App to Azure KeyVault Firewall Rule to be whitelisted, using powershell, to be executed on a pipeline. My script is :

param(
    [Parameter()]
    [String]$resourcegrp,
    [String]$funcname,
    [String]$kv
)
$functionApp = Get-AzFunctionApp -ResourceGroupName $resourcegrp -Name $funcname


Add-AzKeyVaultNetworkRule -VaultName $kv -ResourceGroupName $resourcegrp `
    -IpAddressRange ($functionApp.PossibleOutboundIPAddress).Trim()

Update-AzKeyVaultNetworkRuleSet -VaultName $kv -ResourceGroupName $resourcegrp `
    -DefaultAction Deny -Bypass AzureServices `
    -IpAddressRange ($functionApp.PossibleOutboundIPAddress).Trim()

The above is giving below error: where as if I do the same on powershell prompt like below, it works fine.

Can someone suggest what's wrong in my PS1 file, or what can be a better way to achieve the same with a PowerShell script.

CodePudding user response：

This is because the property $functionApp.PossibleOutboundIPAddress is a single string

$functions[0].PossibleOutboundIPAddress | gm

   TypeName: System.String

But Add-AzKeyVaultNetworkRule expects a string array

Get-Help Add-AzKeyVaultNetworkRule -Parameter ipaddressrange

-IpAddressRange <System.String[]>
    Specifies allowed network IP address range of network rule.

You should be able to make this work by splitting the value from the functionApp on the , delimiter

$addAzKeyVaultNetworkRuleSplat = @{
    VaultName         = $kv
    ResourceGroupName = $resourcegrp
    IpAddressRange    = $functionApp.PossibleOutboundIPAddress -split ','
}

Add-AzKeyVaultNetworkRule @addAzKeyVaultNetworkRuleSplat