Skip to content

Policies through arm not applied correctly #36

Open
Open
Policies through arm not applied correctly#36
@lazowmich

Description

@lazowmich
lazowmich
opened on Jul 14, 2020

I am deploying an arm template for an existing APIM service and modifying the inbound policies for one of the apis to include a conditional :

 <policies>
          <inbound>
              <choose>
                <when condition=\"@(context.Request.Url.Path.Contains(&quot;ABC&quot;))\">
                    <validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized. Access token is missing or invalid.\">
                        <openid-config url=\"https://login.microsoftonline.com/common/.well-known/openid-configuration\" />
                        <required-claims>
                            <claim name=\"aud\">
                                <value>',
                                  parameters('audience'),
                                '</value> 
                            </claim>
                            <claim name=\"roles\" match=\"all\">
                                <value>Read</value>
                                <value>Write</value>
                            </claim>
                        </required-claims>
                    </validate-jwt>
                </when>
                <otherwise>
                    <validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized. Access token is missing or invalid.\">
                        <openid-config url=\"https://login.microsoftonline.com/common/.well-known/openid-configuration\" />
                        <required-claims>
                            <claim name=\"aud\">
                              <value>',
                                parameters('audience'),
                            ' </value>
                            </claim>
                            <claim name=\"roles\" match=\"any\">
                                <value>Read</value>
                            </claim>
                        </required-claims>
                    </validate-jwt>
                </otherwise>
            </choose>
            <base />
          </inbound>
            <backend>
                <base />
            </backend>
            <outbound>
              <base />
            </outbound>
            <on-error>
                <base />
              </on-error>
        </policies>

Validation for the first condition works after deployment but the second one does not.
Ex:
test.com/abc -validation works
test.com/xyz -validation always fails with a valid access token error

After I go in through the web portal I see the policy is there just as in the arm template. All I do is re-save the policy and it works as expected again.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions