Following the instructions for the Azure CLI "quickstart" on creating a blob.
It looks like something in the default storage account is blocking the ability to create new containers; yet, the "defaultAction" is Allow:
The following Azure CLI:
az storage container create --account-name meaningfulname --name nancy --auth-mode login
... results in the error explaining the network rules of the Storage Account might be the cause:
The request may be blocked by network rules of storage account. Please check network rule set using 'az storage account show -n accountname --query networkRuleSet'.
If you want to change the default action to apply when no rule matches, please use 'az storage account update'.
Using the suggestion from the above message, the "show" command on the account-name gives:
> az storage account show -n meaningfulname --query networkRuleSet
{
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
}
I would think that the Azure CLI would be among the "services" that could bypass and do operations. And, the default action would seem to me to be quite permissive.
I've done to searching around by the error messages and commands (and variations). There does not appear to be much on what I don't know the quirks of the Azure CLI, so maybe this is so obvious that people haven't written anything up. I don't think I'm duplicating
