Azure / apiops

APIOps applies the concepts of GitOps and DevOps to API deployment. By using practices from these two methodologies, APIOps can enable everyone involved in the lifecycle of API design, development, and deployment with self-service and automated tools to ensure the quality of the specifications and APIs that they’re building.
https://azure.github.io/apiops
MIT License
328 stars 193 forks source link

[Question] Dependecy resolvement when specifying custom configuration #668

Open rstelcer opened 2 months ago

rstelcer commented 2 months ago

Release version

v6.0.1.1

Question Details

Problem Description Publishing a policy fragment depending on the named value results in the following error: info: publisher[0] Putting policy policy for operation dependecycheck in API echo-api... info: publisher[0] Putting policy policy for operation retrieve-header-only in API echo-api... crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.

Environment setup The solution uses the following features from API Management:

The relationships are:

The policy content - to understand the correlation with named values: `

https://{{my_idp_hostname}}/api/v2/ https://{{my_idp_hostname}}/userinfo https://{{my_idp_hostname}}/

`

Example of configuration file per e.g. Prod: ` apimServiceName: api-prod namedValues:

`

The publishing pipeline has 3 stages:

During the publishing test, we observed the following behavior:

Observations

NB: This applies when we have a custom configuration file to amend values per stage/environment. The same behavior/outcome applies to Products; whether we use partial (publish-artifacts-in-last-commit) or full publishing (publish-all-artifacts-in-repo).

Questions

Is this by design or perhaps a bug?

Thanks in advance.

Expected behavior

Named values are replaced Named values are published API is published Policy is published API is updated

Actual behavior

Named values are replaced Named values are published (only if not available earlier) API is published Policy publishing fails with status code 400: crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.

Reproduction Steps

Prerequisites:

  1. Use Echo API (by default available when an instance of API Management is created)

Steps:

  1. Create a policy (see above)
  2. Assign the policy to Echo API; it does not matter what API endpoint.
  3. Run executor (no filter configuration attached)
  4. Run publisher (with configuration example as specified above).

Publisher fails.

PS: The same behavior is observed with Products.

github-actions[bot] commented 2 months ago
  Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
  Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
guythetechie commented 1 month ago

@rstelcer - the error message seems to point to a missing policy fragment, not to named value issues. It fails when creating a policy on operation dependecycheck in API echo-api, and the error message says it cannot find policy fragment TokenValidator.

Can you confirm that the policy fragment TokenValidator exists?