Update-AzKeyVault documentation is ambiguous about PublicNetworkAccess "Allow" behavior

Question

Update-AzKeyVault documentation is ambiguous about PublicNetworkAccess "Allow" behavior

chitturs opened this issue 7 months ago · 2 comments

Prerequisites

Existing Issue: Search the existing issues for this repository. If there is an issue that fits your needs do not file a new one. Subscribe, react, or comment on that issue instead.
Descriptive Title: Write the title for this issue as a short synopsis. If possible, provide context. For example, "Typo in Get-Foo cmdlet" instead of "Typo."
Verify Version: If there is a mismatch between documentation and the behavior on your system, ensure that the version you are using is the same as the documentation. Check this box if they match or the issue you are reporting is not version specific.

Links

https://learn.microsoft.com/en-us/powershell/module/az.keyvault/update-azkeyvault?view=azps-11.2.0&viewFallbackFrom=azps-11.0.0.

Summary

https://learn.microsoft.com/en-us/powershell/module/az.keyvault/update-azkeyvault?view=azps-11.2.0&viewFallbackFrom=azps-11.0.0 has this blurb for PublicNetworkAccess.

-PublicNetworkAccess
Specifies whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

It is not clear how it interacts with firewall rules if we set this to "Allow". My testing shows that "Allow" does not allow public network access if firewall rules are present.

Details

No response

Suggested Fix

-PublicNetworkAccess
Specifies whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.

If set to "Allow", this will still honor any firewall rules and block traffic.

Answer 1 · 2024-01-26T05:29:13.000Z

@chitturs
Thanks for bringing this to our attention.
I'm going to assign this to the document author so they can take a look at it accordingly.

Answer 2 · 2024-01-26T15:26:57.000Z

@chitturs This issue references the autogenerated reference documentation for Update-AzKeyVault. Please log an issue in the Azure-Powershell source repo so our developers can correct the source for the autogeneration process.

Reporting issues via the links at the bottom of each documentation page automatically logs the issue in the appropriate repo:

We will proceed with closing this issue since the content in this repo is not the source, and changes will be overwritten when future versions are published.