How can I test for when an Azure Storage Account network rule has actually taken effect

I have a pipeline that will whitelist the agents current IP to a storage account's network rules with:

az storage account network-rule add

It then immediately moves to the next task which requires access within one of the storage account's containers. Because there is a 5-30 second period where the network rule is taking effect, the task needs retry logic because it almost always returns:

autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation

After enough time and retries have passed, then task will then happily continue. I was wondering if there was a recommended method for writing a loop that tests access to the container and only exits the loop when the firewall rule has actually been applied.

I tried in my environment and got the below results:

> How can I test for when an Azure Storage Account network rule has actually taken effect

You can use the below powershell command to tests access to the container after network rule applied.

Command:

$storageAccountName = ""
$resourceGroupName = ""
$containerName = ""
$currentIP = ""
$storageAccountKey=""
 # Add the current IP to the network rule
az storage account network-rule add --resource-group $resourceGroupName --account-name $storageAccountName --ip-address $currentIP

Start-Sleep -Seconds 30

 # Wait for the network rule to take effect
while ($true)
{
    # Test access to the container
    try {
        Get-AzStorageBlob -Container $containerName -Context (New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey)
# If the access is successful, exit the loop
       break
    }
    catch {
        # Wait for 10 seconds before trying again
        Start-Sleep -Seconds 5
    }
}

Output:

Portal: