Parameters in API policies

[mindaugasnakrosis]

Please describe the feature.

I have an API that has validation-jwt policy:

Is it possible to publish the same API with different policy values parametrized for different environments?

[waelkdouh]

Did you consider using namedvalues? Please search some closed issues which touched on the same topic.

[mindaugasnakrosis]

Did you consider using namedvalues? Please search some closed issues which touched on the same topic.

I did. However, I am not sure how to transfer namedValues parameters when generating the XML or how to directly access those in publish pipeline when publishing this XML. I searched through closed issues but did not manage to find what I need. Maybe I am missing something though.

[waelkdouh]

You would use the same namedvalues names across on environments. Then you would simply override these values using the configuration file.

Here's an example of a configuration file

[mindaugasnakrosis]

I am using the configuration file approach. How can I use configuration file to change api policy? I did not find policy examples of apis in configurational yml file examples or API documentation. Could you point me towards the right direction?

[waelkdouh]

Did you see this issue #281?

[mindaugasnakrosis]

I tried this approach:

And it failed with this error:

Putting policy policy in api 639d68513766e5a6c70ce2e4... crit: Publisher[0] System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/cult-fo-dev-rg/providers/Microsoft.ApiManagement/service/cw-fo-dev-apim/apis/639d68260b7375621862a605/policies/policy?api-version=2022-04-01-preview&format=rawxml failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"representation","message":"'{' is an unexpected token. The expected token is '\"' or '''. Line 31, position 23."}]}}'.

iI doesn't expect opening bracket "{".

I think I am missing something.

[mindaugasnakrosis]

This approach:

<openid-config url="{{openIdConfigUrl}}"/>

also produces an error:

[{"code":"ValidationError","target":"openid-config","message":"Error in element 'openid-config' on line 31, column 5: Cannot find a property 'openIdConfigUrl'"},{"code":"ValidationError","target":"audience","message":"Error in element 'audience' on line 33, column 6: Cannot find a property 'audience'"},{"code":"ValidationError","target":"issuer","message":"Error in element 'issuer' on line 36, column 6: Cannot find a property 'issuer'"}]}}'.

[waelkdouh]

I have a quick question. I noticed that you are naming your configuration file configuration.dev.yml. Whereas there is nothing wrong with that I am just curious why you are doing that. Usually you would use the default values in the development environment and then you would start overriding in the QA, prod, etc.. Or in your case do you start with some sort of sandbox environment after which you promote it to dev? If that is the case then what you are doing above will be fine.

Now coming back to the error you have above, can you please remove the [ ] from the apimServiceName property? It should look like this:

apimServiceName: cw-fo-dev-apim

[mindaugasnakrosis]

Seemed intuitive to have conf file per env. Will adjust that to your suggestion. Altered apimServiceName, same error still.

[waelkdouh]

Try to put "" around the namedvalue. Try this

[mindaugasnakrosis]

I tried putting "" around the namedValue as per comment above like this:

< openid-config url="{{openIdConfigUrl}}" / >

`That produced a different error as described above. Or do you mean to alter the configuration file somehow?

[waelkdouh]

Your configuration file looks fine. @guythetechie any thoughts on this?

[mindaugasnakrosis]

I noticed that my artifacts folder does not have named values folder as per example in ApiOps repo:https://github.com/Azure/apiops/blob/main/SampleArtifacts/named%20values/mysecretvalue/namedValueInformation.json

How are these files generated? I'd reckon somehow automatically? Also where are they referenced? @waelkdouh

[waelkdouh]

The namedvalues folder generally gets created automatically by the extractor. Of course you can create it yourself if you want to and the publisher will be more than happy to publish it for you either way. Remember that using the extractor is optional. Typically you would use the extractor if you are starting from the portal. But if you are someone who prefers to start with code you can skip the extractor all together. We always recommend starting with the extractor as it helps you with the default structure that the publisher expects.

Not sure I understand what you mean by "where are they referenced"? If the publisher finds the namedvalues folder it will publish it to your apim instance and it would go into this section:

[mindaugasnakrosis]

Okay, my bad. I completely forgot to add those to APIM resource and extract as a starting point. My pipeline can find the parameters now. Confirming everything else is working and will close the issue. Thank you for your endless patience!