如何以自动方式修改与 Azure APIM API 或具有附加策略的操作相关的策略

问题描述 投票:0回答:1

我正在尝试采用一种自动化的方式来修改或应用有关 Azure APIM 的 API 或操作范围的附加策略,并且在我的脚本中,我能够根据用户输入读取变量 $inbound 或 $outbound 或 $backend 或 $onerror。现在我正在尝试将这个新给定的策略应用到 API 或操作,其中一些全局策略/现有策略已经应用。如果策略已经存在,如何将这些新添加的策略添加或修改到 API 或操作的正确会话,而不重复它们?

for f in $policy_ ; do
  if [[ $(eval echo \$${f}_name) == "ipfilter" ]]; then
    echo " given policy name is ipfilter "

    if [[ $(eval echo \$${f}_scope) == "api" ]]; then
      echo "decided the scope of Ipfilter policy as api "
    fi

    if [[ "$(eval echo \$${f}_apiname)" ]]; then
       echo "export the policy for the api $(eval echo \$${f}_apiname)"
       curl -H "Content-Type: application/json" -H "Authorization: Bearer $accessToken" "https://management.azure.com/subscriptions/xxxxx/resourceGroups/xx-rg/providers/Microsoft.ApiManagement/service/xxx-apim/apis/myapi/policies/policy?effective=true&format=xml&api-version=2022-08-01" > effectivepolicy.xml
    fi

    if [ -z "$(eval echo \$${f}_inboundsession)" ]; then
        echo 'the inbound session is not present'
    fi
    if [[ "$(eval echo \$${f}_inboundsession)" ]]; then
      echo 'the inbound session is present and append the policy settings to inbound'
      inbound=$(printf "$(eval echo \$${f}_inboundsession)")
       echo "$inbound"
       Add the $inbound to the inbound session of policy.xml if its not existing and apply back 
    fi

例如这里$inbound变量值为

<ip-filter action="allow">
 <address-range from="xxxxx" to="yyy" />
</ip-filter>

以下是从api范围中提取的有效策略示例,需要修改并应用与上述新添加的策略相同的api,不得重复。

<policies>
    <inbound>
            <!--base: Begin Global scope-->
            <cors xxxxxxxxxx="true">
            ****************************
            ****************************
            ****************************
            </cors>
            <!--base: End Global scope-->
    </inbound>
    <backend>
            <!--base: Begin Global scope-->
             ****************************
             ****************************
             ****************************
            <!--base: End Global scope-->
    </backend>
    <outbound>
            <!--base: Begin Global scope-->
            ****************************
            ****************************
            ****************************
            ****************************
            <!--base: End Global scope-->
    </outbound>
    <on-error>
            <!--base: Begin Global scope-->
            ****************************
            ****************************
            ****************************
            <!--base: End Global scope-->
    </on-error>

尝试 @khtesam Afrin 尝试过的解决方案后自定义策略文件的输出

<policies>^M
        <inbound>^M
                <!--base: Begin Global scope-->^M
                <cors axxxxxxx="true">^M
                        <xxxxxxx>^M
                                <origin>aaaaaaaaaaa</origin>^M
                                <origin>bbbbbbbbbbb</origin>^M
                                <origin>cccccccccccc</origin>^M
                        </xxxxxxx>^M
                </cors>^M
                <!--base: End Global scope-->^M
<ip-filter action="allow">
 <address-range from="xxxx" to="yyyy" />
 </ip-filter>
        </inbound>^M
        <backend>^M
                <!--base: Begin Global scope-->^M
                <forward-request />^M
                <!--base: End Global scope-->^M
xml azure-api-management xmlstarlet azure-rest-api
1个回答
0
投票

在添加策略之前,我使用以下脚本检查有效策略中的策略是否重复。

#!/bin/bash

# Set variables
accessToken="eyJ0eXAi******qaoJinw"
subscriptionId="{subscriptionId}"
resourceGroupName="{resourceGroupName}"
apimServiceName="{apimServiceName}"
apiName="echo-api"
inboundPolicy='<set-header name="Test" exists-action="override">
            <value>Hi, Ikhtesam</value>
        </set-header>'

# Fetch existing effective policy XML
curl -H "Authorization: Bearer $accessToken" \
     "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ApiManagement/service/$apimServiceName/apis/$apiName/policies/policy?effective=true&format=xml&api-version=2022-08-01" \
     > policy.xml

if grep -qF "$inboundPolicy" policy.xml; then
    echo "Policy already exists in the inbound session."
else
    # Insert the new policy into the existing policy XML
    awk -v policy="$inboundPolicy" '/<\/inbound>/ && !p {print policy; p=1} 1' policy.xml > temp.xml
    mv temp.xml policy.xml

    # Update the API's policy with the modified XML
    curl -X PUT \
  "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ApiManagement/service/$apimServiceName/apis/$apiName/policies/policy?api-version=2022-08-01" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $accessToken" \
  -d '{
    "properties": {
      "format": "xml",
      "value": "'"$(sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' policy.xml)"'"
    }
  }'
    echo "Policy added to the inbound session."
fi

通过执行此脚本,我能够成功添加 

set-header
策略。

enter image description here

当我再次运行 

set-header
策略的脚本时,我得到了以下输出。

enter image description here

这样您就可以添加策略,而不会重复。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.