diff --git a/src/azure-cli/azure/cli/command_modules/appservice/access_restrictions.py b/src/azure-cli/azure/cli/command_modules/appservice/access_restrictions.py index 24e24e393ae..888a24fda91 100644 --- a/src/azure-cli/azure/cli/command_modules/appservice/access_restrictions.py +++ b/src/azure-cli/azure/cli/command_modules/appservice/access_restrictions.py @@ -58,7 +58,11 @@ def add_webapp_access_restriction( subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, vnet_rg) if not ignore_missing_vnet_service_endpoint: _ensure_subnet_service_endpoint(cmd.cli_ctx, subnet_id) - + # check for duplicates + for rule in list(access_rules): + if rule.vnet_subnet_resource_id and rule.vnet_subnet_resource_id.lower() == subnet_id.lower(): + raise ArgumentUsageError('Service endpoint rule for: ' + subnet_id + ' already exists. ' + 'Cannot add duplicate service endpoint rules.') rule_instance = IpSecurityRestriction( name=rule_name, vnet_subnet_resource_id=subnet_id, priority=priority, action=action, tag='Default', description=description) @@ -113,7 +117,7 @@ def remove_webapp_access_restriction(cmd, resource_group_name, name, rule_name=N break elif subnet: subnet_id = _validate_subnet(cmd.cli_ctx, subnet, vnet_name, resource_group_name) - if rule.vnet_subnet_resource_id == subnet_id and rule.action == action: + if rule.vnet_subnet_resource_id.lower() == subnet_id.lower() and rule.action == action: if rule_name and (not rule.name or (rule.name and rule.name.lower() != rule_name.lower())): continue rule_instance = rule