您好,我有一个要求,我需要在我的 apim 策略中验证 hmac。为此,hmac 机密将存储在 azure key Vault 中。以下是我在政策中将遵循的步骤
以下是我尝试过的 apim 策略
<policies>
<inbound>
<base />
<!-- Fetch HMAC key from Key Vault -->
<set-variable name="keyVaultSecretUri" value="KV_URL/secrets/SECRET_NAME" />
<set-variable name="keyVaultClientId" value="KV_CLIENT />
<set-variable name="keyVaultClientSecret" value="KV_SECRET" />
<set-variable name="request" value="@{
var keyVaultSecretUri = context.Variables["keyVaultSecretUri"];
var keyVaultClientId = context.Variables["keyVaultClientId"];
var keyVaultClientSecret = context.Variables["keyVaultClientSecret"];
return new {
method = "GET",
url = keyVaultSecretUri,
headers = new {
Authorization = "Bearer " + FetchAccessToken(keyVaultClientId, keyVaultClientSecret)
}
};
}" />
<send-request mode="new" response-variable-name="keyVaultResponse" timeout="20" ignore-error="false">
<set-url>@(context.Variables["request"].url)</set-url>
<set-method>@(context.Variables["request"].method)</set-method>
<set-header name="Authorization" exists-action="override">
<value>@(context.Variables["request"].headers.Authorization)</value>
</set-header>
</send-request>
<!-- Log Key Vault Response -->
<trace source="keyVault" severity="information">
<message>@(context.Variables["keyVaultResponse"].Body?.ToString())</message>
</trace>
</inbound>
</policies>
以下是我遇到的错误
One or more fields contain incorrect values:
Error in element 'set-variable' on line 22, column 10: The name 'FetchAccessToken' does not exist in the current context
Error in element 'send-request' on line 36, column 10: 'object' does not contain a definition for 'url' and no extension method 'url' accepting a first argument of type 'object' could be found (are you missing a using directive or an assembly reference?)
Error in element 'trace' on line 45, column 10: 'object' does not contain a definition for 'Body' and no extension method 'Body' accepting a first argument of type 'object' could be found (are you missing a using directive or an assembly reference?)
基本上在上述策略中我只是想读取秘密并显示。我无法实现这一点。我按照以下链接作为参考https://www.svenmalvik.com/azure-apim-key-vault/。请指导如何进一步进行
我只是想读取秘密并显示
要从 Key Vault 获取密钥值,您需要执行以下设置。
创建命名值后,您可以使用以下策略来获取密钥并显示该值。
<policies>
<inbound>
<base />
<set-variable name="KeyVaultSecret" value="{{Named value name}}" />
<return-response>
<set-body>@("Key Vault Secret is: "+(context.Variables["KeyVaultSecret"])+"")</set-body>
</return-response>
</inbound>
</policy>
我能够获取 Key Vault 秘密值。
您需要使用如下
<send-request>
政策-
<send-request mode="new" response-variable-name="keyVaultResponse" timeout="60" ignore-error="true">
<set-url>@("pass_the_url")</set-url>
<set-method>GET</set-method>
<set-header name="Authorization" exists-action="override">
<value>@(context.Request.Headers.GetValueOrDefault("Authorization", ""))</value>
</set-header>
</send-request>
您也可以参考我在这个SO-Thread中的回答。