-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creating a API Management policy for an API gives an ValidationError #3918
Comments
Any update on this? Anything that I can already do to further debug this? |
hey @tverhoeven Thanks for opening this issue - sorry for the delayed response here. Taking a look into this the Azure API requires that this XML is submitted within the HTTP Request, which is a JSON API - which I believe is why this is being encoded in this fashion. From the HTTP Response being returned:
it appears that this doesn't like this line:
as such I'm wondering if you can confirm if this Policy works when set in the Portal? Thanks! |
I can confirm that the policy itself works fine. For testing I first setup everything manually, including the policy. Then I made my Terraform code. The policy is copied from the policy editor in the portal into the XML file referenced in the Terraform code. |
Hi, I have encountered a similar issue where policies that validate correctly when applied in the portal gives an error when applied through terraform. Here's the minimal policy I tested with:
And here's the error returned by the API to terraform:
This is what terraform read from the file:
As with @tverhoeven I've tried inline the policy and setting the encoding to UTF-8 explicitly. This is a slightly different error to the original issue but it still seems like it could be related to an incorrectly encoded '"' character. |
I have looked into this a bit more and may have found a fix, when I make a request like this to the management API directly (this is what the provider is trying to do at the moment):
I get the same error as in terraform: However when changing the Hope this helps. |
You can test this with the az cli. Assuming you have a resource group called test and an apim called testing-1234 with the Echo API in it. This doesn't work:
Changing to the
It seems to be something with the quoting and escaping because a more simple example works fine with the
Trying to embed the command in a local-exec causes more problems as there is an extra level of escaping required. However, you can put the command in a shell script and call that as a workaround. e.g.
|
Found another workaround, you can use 'character entities' for quotes, slashes, and angle brackets. The xml file I now pass to <inbound>
<!-- Authenticate APIM with Blob Storage -->
<set-header name="x-ms-version" exists-action="override">
<value>2019-02-02</value>
</set-header>
<authentication-managed-identity resource="https://storage.azure.com/" />
<!-- Set Block Blob as blob type -->
<set-header name="x-ms-blob-type" exists-action="append">
<value>BlockBlob</value>
</set-header>
<set-variable name="Base64EncodedSnapshot" value="@{
JObject requestBody = context.Request.Body.As<JObject>(preserveContent: true);
JToken imageNameJtoken = requestBody.GetValue("Base64EncodedSnapshot");
return imageNameJtoken.ToString();
}" />
<rewrite-uri template="@{
JObject requestBody = context.Request.Body.As<JObject>(preserveContent: true);
string SourceIp = requestBody.GetValue("SourceIp").ToString();
string Id = requestBody.GetValue("Id").ToString();
string ImageName = requestBody.GetValue("ImageName").ToString();
string fullyQualifiedPath = SourceIp + "/" + Id + "." + "jpeg";
return "images/" + fullyQualifiedPath;
}"
/>
<set-body>@{
return Convert.FromBase64String((string)context.Variables["Base64EncodedSnapshot"]);
}</set-body>
<base />
</inbound> |
Holy cow, you saved me with this!
and the following expression started to work with "azurerm_api_management_api_policy"
By the way, alternatively you can use a small Powershell script to do this. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm_api_management_api_policy
Terraform Configuration Files
The XML file referenced is available in this gist: https://gist.github.com/tverhoeven/abf1054ff868ee9f602b4308fe606449
Debug Output
https://gist.github.com/tverhoeven/abf1054ff868ee9f602b4308fe606449
Panic Output
Expected Behavior
The policy is created without throwing an error.
Actual Behavior
Terraform report a error, status 400, ValidationError coming from the AzureRM:
Error: Error creating or updating API Policy (Resource Group "poc-test-rg" / API Management Service "poc-test-apim" / API "poc-test-api-example"): apimanagement.APIPolicyClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ValidationError" Message="One or more fields contain incorrect values:" Details=[{"code":"ValidationError","message":"'\u003c', hexadecimal value 0x3C, is an invalid attribute character. Line 10, position 63.","target":"representation"}]
Steps to Reproduce
terraform apply
Important Factoids
I've tried this with both inline XML in the terraform, or with external files containing the XML. I've also tried with the external file formatted as ASCII or UTF-8 (checked with the file command). I always get the same error.
To me it looks like there is an UTF-8 encoding to many happening. See this snippet from the debug output: "\u003cinbound\u003e\n".
I also get this both with Terraform running on macOS and Ubuntu Linux. So it is not OS specific.
References
The text was updated successfully, but these errors were encountered: