Error when API Management policy C# expression contains double quotes

[knutwannheden]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/azurerm v1.43.0

Affected Resource(s)

• azurerm_api_management

Terraform Configuration Files

terraform {
  backend "azurerm" {}
}

provider "azurerm" {
  version         = "~> 1.43.0"
}

resource "azurerm_api_management" "example" {
    location                  = "westeurope"
    name                      = "iis-sandbox-apimgmt"
    policy                    {
            xml_content = file("sandbox-policy.cshtml")
        }
    # ....
}

The referenced sandbox-policy.cshtml looks something like this:

<policies>
        <inbound>
                <set-variable name="token" value="@(context.Request.Headers.GetValueOrDefault("field"))" />
        </inbound>
        <backend />
        <outbound />
        <on-error />
</policies>

Debug Output

https://gist.github.com/knutwannheden/380ed0fc78f0fc023cd831b2c9c789d6

Panic Output

Expected Behavior

It should be possible to use the same pseudo-XML content with Terraform as with the online Azure Portal editor.

Actual Behavior

Currently terraform apply appears to choke whenever a policy has an XML attribute value quoted using " which itself also contains double quotes, but without encoding them using XML entities. So this does not work:

<set-variable name="token" value="@(context.Request.Headers.GetValueOrDefault("field"))" />

It reports an error like the following:

Error: Error setting Policies for API Management Service "iis-sandbox-apimgmt" (Resource Group "iis-apimgmt-sandbox-rg"): apimanagement.PolicyClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ValidationError" Message="One or more fields contain incorrect values:" Details=[{"code":"ValidationError","message":"'field' is an unexpected token. Expecting white space. Line 3, position 96.","target":"representation"}]

Steps to Reproduce

1. Create files as given
2. terraform apply

Important Factoids

According to issue #3918 and the associated PR #4140 (see e.g. #4140 (comment)) I got the impression that the Terraform provider should be able to handle "XML" where the attribute values and content where XML characters like <, >, and " are not encoded using XML entities, just like also the editor in Azure Portal accepts it.

To be honest I don't really understands how the Azure Portal does its parsing (well it isn't legal XML anyway), but it seems to work somehow and for the user experience I think it would be great it the same policy content could be provided via Terraform (i.e. without having to use XML entities).

As a workaround I was able to use single quotes to enclose the attribute value. But note that the Azure Portal online editor automatically converts them back to double quotes, so if that is copied back to the file used by Terraform it will break again.

References

• Creating a API Management policy for an API gives an ValidationError #3918

[knutwannheden]

Please also note that the Azure API Management Extension in VSCode has the same behavior with regards to attribute values: When saving and updating a policy any single quote delimited attribute values will automatically be replaced with double quote delimited values.

AFAICT using XML entities is at the moment the only feasible workaround.

[knutwannheden]

Looking at #4140 I get the impression that there is tests to make sure that policies containing "XML" like <set-variable name="token" value="@(context.Request.Headers.GetValueOrDefault("field"))" /> should indeed work. So I am confused why I still get the error about ... unexpected token. Expecting white space.. Does anyone understand what is going on here?

[knutwannheden]

If I am not mistaken the problem is that the provider is transferring the data in xml rather than in rawxml. I will try to dig out what happened to changes in #4140 and if possible also supply a new PR changing to rawxml in all the appropriate places.

[knutwannheden]

If I am not mistaken the problem is that the provider is transferring the data in xml rather than in rawxml. I will try to dig out what happened to changes in #4140 and if possible also supply a new PR changing to rawxml in all the appropriate places.

The problem with #4140 is that it doesn't apply to the global API policy. The PR #9296 should fix that.

[ghost]

This has been released in version 2.37.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.37.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!