You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem Description
Publishing a policy fragment depending on the named value results in the following error: info: publisher[0] Putting policy policy for operation dependecycheck in API echo-api... info: publisher[0] Putting policy policy for operation retrieve-header-only in API echo-api... crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.
Environment setup
The solution uses the following features from API Management:
APIs
Named Values
Policy Fragments
The relationships are:
named values contain properties
policy depends on the name value
the policy is attached to the API
The policy content - to understand the correlation with named values: <fragment> <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="User not authenticated" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true" output-token-variable-name="token_customer_info"> <openid-config url="https://{{my_idp_hostname}}/.well-known/openid-configuration" /> <audiences> <audience>https://{{my_idp_hostname}}/api/v2/</audience> <audience>https://{{my_idp_hostname}}/userinfo</audience> </audiences> <issuers> <issuer>https://{{my_idp_hostname}}/</issuer> </issuers> <required-claims> <claim name="{{my_namespace}}/customer_id" match="all" /> </required-claims> </validate-jwt> </fragment>
Example of configuration file per e.g. Prod:
`
apimServiceName: api-prod
namedValues:
uat, we read what we have in git, make amendments to named values (see above), and publish it
prod, we read what we have in git, make amendments to named values (see above), and publish it
During the publishing test, we observed the following behavior:
API is published
Policy publishing fails
Observations
The policy is published when the configuration file is not specified.
Named values are replaced, but only if they are not available.
NB: This applies when we have a custom configuration file to amend values per stage/environment. The same behavior/outcome applies to Products; whether we use partial (publish-artifacts-in-last-commit) or full publishing (publish-all-artifacts-in-repo).
Questions
Named Value: why can we not replace/amend the value if previously available?
Dependencies: why does a replacement of NamedValue work if not previously available, but the policy referencing it, fails?
Is this by design or perhaps a bug?
Thanks in advance.
Expected behavior
Named values are replaced
Named values are published
API is published
Policy is published
API is updated
Actual behavior
Named values are replaced
Named values are published (only if not available earlier)
API is published
Policy publishing fails with status code 400: crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.
Reproduction Steps
Prerequisites:
Use Echo API (by default available when an instance of API Management is created)
Steps:
Create a policy (see above)
Assign the policy to Echo API; it does not matter what API endpoint.
Run executor (no filter configuration attached)
Run publisher (with configuration example as specified above).
Publisher fails.
PS: The same behavior is observed with Products.
The text was updated successfully, but these errors were encountered:
Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
@rstelcer - the error message seems to point to a missing policy fragment, not to named value issues. It fails when creating a policy on operation dependecycheck in API echo-api, and the error message says it cannot find policy fragment TokenValidator.
Can you confirm that the policy fragment TokenValidator exists?
Release version
v6.0.1.1
Question Details
Problem Description
Publishing a policy fragment depending on the named value results in the following error:
info: publisher[0] Putting policy policy for operation dependecycheck in API echo-api... info: publisher[0] Putting policy policy for operation retrieve-header-only in API echo-api... crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.
Environment setup
The solution uses the following features from API Management:
The relationships are:
The policy content - to understand the correlation with named values:
<fragment> <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="User not authenticated" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true" output-token-variable-name="token_customer_info"> <openid-config url="https://{{my_idp_hostname}}/.well-known/openid-configuration" /> <audiences> <audience>https://{{my_idp_hostname}}/api/v2/</audience> <audience>https://{{my_idp_hostname}}/userinfo</audience> </audiences> <issuers> <issuer>https://{{my_idp_hostname}}/</issuer> </issuers> <required-claims> <claim name="{{my_namespace}}/customer_id" match="all" /> </required-claims> </validate-jwt> </fragment>
Example of configuration file per e.g. Prod:
`
apimServiceName: api-prod
namedValues:
properties:
displayName: my_idp_hostname
value: "<enter_your_prod_idp>"
`
The publishing pipeline has 3 stages:
During the publishing test, we observed the following behavior:
Observations
NB: This applies when we have a custom configuration file to amend values per stage/environment. The same behavior/outcome applies to Products; whether we use partial (publish-artifacts-in-last-commit) or full publishing (publish-all-artifacts-in-repo).
Questions
Is this by design or perhaps a bug?
Thanks in advance.
Expected behavior
Named values are replaced
Named values are published
API is published
Policy is published
API is updated
Actual behavior
Named values are replaced
Named values are published (only if not available earlier)
API is published
Policy publishing fails with status code 400:
crit: publisher[0] Application failed. System.Net.Http.HttpRequestException: HTTP request to URI https://management.azure.com/subscriptions/***/resourceGroups/app-grp/providers/Microsoft.ApiManagement/service/api-grp-apim-3/apis/echo-api/operations/dependecycheck/policies/policy?api-version=2023-09-01-preview failed with status code 400. Content is '{"error":{"code":"ValidationError","message":"One or more fields contain incorrect values:","details":[{"code":"ValidationError","target":"include-fragment","message":"Error in element 'include-fragment' on line 11, column 4: Policy fragment with id 'TokenValidator' could not be found."}]}}'.
Reproduction Steps
Prerequisites:
Steps:
Publisher fails.
PS: The same behavior is observed with Products.
The text was updated successfully, but these errors were encountered: