Open JoshuaPHolden opened 4 years ago
@captainhook No, I switched to PowerShell module. ☹️
Thanks. I am still struggling with this since I am using az cli in Azure DevOps and need it to work there.
@AndrewBates666 @seanksullivan, I'm guessing you didn't manage to resolve this either?
@KedarJoshi any update from MSFT end? The REST method works but it's not handling escapes properly - see above examples. Please advise. This is extremely debilitating to our work.
I didn't manage to get the quotes working so I just switched into using file.
function Set-OperationScopedPolicies() {
param(
[Parameter(Mandatory)][PSCustomObject]$OperationsOutput,
[Parameter(Mandatory)][Hashtable]$OperationScopes
)
$bodyFileName = 'body.json'
$policyTemplate = Get-Content $PSScriptRoot/templates/filter-policy-template.xml -Raw
$policyTemplate.Replace("{{OpenIdConfigUrl}}", "My secret values")
$policyTemplate.Replace("{{Audience}}", "My secret values")
$policy = $policyTemplate.Replace("{{SCOPE_NAMES}}", "My secret values")
Set-Content -Path $bodyFileName -Value $policy
$url = "https://management.azure.com/" + $operationid + "/policies/policy?api-version=2021-08-01"
restResponse = az rest --method PUT --uri $url --body "@$bodyFileName" --output-file response.xml
Remove-Item $bodyFileName
}
filter-policy-template.xml (This is in one line):
{"properties":{"method":"PUT","value":"<policies>\r\n <inbound>\r\n <validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized. Access token is missing or invalid.\">\r\n <openid-config url=\"{{OpenIdConfigUrl}}\" \/>\r\n <audiences>\r\n <audience>{{Audience}}<\/audience>\r\n <\/audiences>\r\n <required-claims>\r\n <claim name=\"groups\" match=\"any\">\r\n {{SCOPE_NAMES}} <\/claim>\r\n <\/required-claims>\r\n <\/validate-jwt>\r\n <base \/>\r\n <\/inbound>\r\n <backend>\r\n <base \/>\r\n <\/backend>\r\n <outbound>\r\n <base \/>\r\n <\/outbound>\r\n <on-error>\r\n <base \/>\r\n <\/on-error>\r\n<\/policies>","format":"rawxml"}}
Managed to make this work on our side. Doesn't look to nasty I think.
Key thing was to set format
to rawxml
and escaping everything properly.
#!/bin/bash
SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
SUBSCRIPTION_ID="YOUR_SUBSCRIPTION"
RESOURCE_GROUP_NAME="YOUR_RG"
APIM_SERVICE_NAME="YOUR_SERVICE"
API_NAME="YOUR_API"
# Load the policy from the XML file
POLICY_FILE="$SCRIPT_DIR/../policies/proxy.xml"
POLICY_CONTENT=$(cat "$POLICY_FILE")
# Escape special characters in the XML content
ESCAPED_POLICY=$(echo "$POLICY_CONTENT" | sed 's/"/\\"/g' | awk '{gsub(/\n/, "\\n"); print}')
# Construct the body with the loaded policy
BODY="{\"properties\":{\"format\":\"rawxml\",\"value\":\"$ESCAPED_POLICY\"}}"
RG_URL="https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP_NAME"
SERVICE_URL="$RG_URL/providers/Microsoft.ApiManagement/service/$APIM_SERVICE_NAME"
API_URL="$SERVICE_URL/apis/$API_NAME"
POLICY_URL="$API_URL/policies/policy?api-version=2022-09-01-preview"
az rest --method PUT --uri "$POLICY_URL" --body "$BODY" --headers "Content-Type=application/json"
Is there a way to update the policy for a given API through the CLI? Everytime I update an API the policy gets wiped out and has to be manually added back.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.