Switching networking from private to public if there is a policy preventing public IP causes unrecoverable failure #7
Description
Not sure if this is the correct place to report issues, but it's the only place I could find.
When switching Synapse to public networking, you would expect the API Call to fail with a policy violation if public IPs are not allowed. Instead, Synapse accepts the change, goes to a failed provisioning state, and then all further updates to Synapse fail due to
The workspace is in a nonterminal state Failed and cannot be updated (Code: WorkspaceInNonTerminalState)
This is quite dangerous as it means any person with Contribute access to the subscription can irreparably break Synapse forcing us to reprovision the entire thing, update private endpoints, etc. I have seen a support issue where someone contacts MS support to fix the failed provision state, but ideally this would not require a support call.
Any chance this issue can be addressed?