Azure API Management Policy: Unable to add condition to check it the string is empty
I'm adding policy for APIs, I have many APIs onboarded and want to add API specific policies. I am adding rate limit as per the API owner request sent in a config file, Some APIs provide rate limit and some not. At the same time APIs use different authontication too(JWT ot subscription_id). I want to add condition in policy that if rate limit is given by API owner and API is validated by jwt/subscription_id then add given rate limit if not then dont do anything. I tried below code
<policies>
<inbound>
<set-variable name="isjwt" value="@(context.Request.Headers.GetValueOrDefault('Authorization', '').AsJwt()?.Subject)" />
<set-variable name="isSubId" value="@(context.Subscription.Id)" />
<choose>
<when condition="(${var.api.rate_limit} != "" and (context.Variables["isjwt"] != null or context.Variables["isSubId"] != null))">
<rate-limit-by-key calls=${var.api.rate_limit} renewal-period="60" counter-key="@(context.Variables["isjwt"] ?? context.Variables["isSubId"])" />
</when>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
variable "api" {
type = object({
name = string
rate_limit = string
})
}
The terraform plan looks like this
+ <set-variable name="isAuthenticated" value="@(context.Request.Headers.GetValueOrDefault('Authorization', '').AsJwt()?.Subject)" />
+ <set-variable name="hasSubscriptionId" value="@(context.Subscription.Id)" />
+
+ <choose>
+ <when condition="( != "" and (context.Variables["isjwt"] != null or context.Variables["isSubId"] != null))">
+ <rate-limit-by-key calls="" renewal-period="60" counter-key="@(context.Variables["isjwt"] ?? context.Variables["isSubId"])" />
+ </when>
+ </choose>
I get error at condition var.api.rate_limit != "" I tried adding single quates it doesn't help,
Error: creating/updating Api Policy: (Policy Name "xml" / Api Name "APINAME" / Service Name "SERVICENAME" / Resource Group "RGNAME"): apimanagement.APIPolicyClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ValidationError" Message="One or more fields contain incorrect values:" Details=[{"code":"ValidationError","message":"Name cannot begin with the '"' character, hexadecimal value 0x22. Line 36, position 52.","target":"representation"}]
Azure API Management Policy: Unable to add condition to check it the string is empty: -
Use below modified policy to resolve your conflict on quotes(").
resource "azurerm_api_management_api_operation_policy" "example" {
api_name = azurerm_api_management_api_operation.example.api_name
api_management_name = azurerm_api_management_api_operation.example.api_management_name
resource_group_name = azurerm_api_management_api_operation.example.resource_group_name
operation_id = azurerm_api_management_api_operation.example.operation_id
xml_content = <<XML
<policies>
<inbound>
<set-variable name="isjwt" value="@(context.Request.Headers.GetValueOrDefault('Authorization', '').AsJwt()?.Subject)" />
<set-variable name="isSubId" value="@(context.Subscription.Id)" />
<choose>
<when condition='(${var.api.rate_limit} != "" and (context.Variables["isjwt"] != null or context.Variables["isSubId"] != null))'>
<rate-limit-by-key calls="${var.api.rate_limit}" renewal-period="60" counter-key="@(context.Variables["isjwt"] ?? context.Variables["isSubId"])" />
</when>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
XML
}
Referring to the template of azurerm_api_management_api_operation_policy from terraform registry, I tried deploying your requirement by adding the above policy and it worked successfully as shown below.
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs