我正在编写 terraform 代码,其中还必须添加 XML。我还想向 xml 添加条件以使用基本路径进行过滤。我的子字符串将是基本路径。我像下面的代码一样添加它
resource "azurerm_api_management_api_policy" "auth-policy" {
for_each = azurerm_api_management_api.api
xml_content = <<XML
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-methods>
<method>*</method>
</allowed-methods>
</cors>
<base />
<set-header name="ApiKey" exists-action="skip">
<value>Default</value>
</set-header>
<choose>
<when condition='@(context.Request.Headers.ContainsKey("X-Forwarded-Host"))'>
<set-header name="X-Forwarded-Host" exists-action="override">
<value>@(context.Request.OriginalUrl.ToUri().Host)</value>
</set-header>
</when>
</choose>
<choose>
<when condition="@contains(${each.value.name}, 'substring')">
<rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</when>
<otherwise>
<rate-limit-by-key calls="100000" renewal-period="60" counter-key="@(context.Subscription.Id)" />
</otherwise>
</choose>
<validate-jwt header-name="Authorization" require-scheme="Bearer"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://*******************" />
<audiences>
...........
</audiences>
<issuers>
...............
</issuers>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
XML
}
但它会抛出错误
Code="ValidationError" Message="一个或多个字段包含不正确的值:" 详细信息=[{"code":"ValidationError","message":"第 28 行第 10 列元素“选择”中的错误: ' “condition”属性无效 - 值“@contains(string, 'sunstring')”不在允许的值范围内。”
我的条件是否正确,或者我们是否通过请求获得基本路径,我可以直接使用它而不是
each.value.name
(我得到API的名称)?
我是 xml 和 APIM 的新手,提前致谢!
templatefile
函数。这样,您不必内联指定 XML 文件,而是将其指定为带有一些占位符变量名称的文件。例如,您可以在同一目录中创建一个名为 api_policy.xml.tftpl
的文件。 tftpl
后缀只是一个标志,它是一个 terraform 模板文件。文件的内容将是:
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-methods>
<method>*</method>
</allowed-methods>
</cors>
<base />
<set-header name="ApiKey" exists-action="skip">
<value>Default</value>
</set-header>
<choose>
<when condition='@(context.Request.Headers.ContainsKey("X-Forwarded-Host"))'>
<set-header name="X-Forwarded-Host" exists-action="override">
<value>@(context.Request.OriginalUrl.ToUri().Host)</value>
</set-header>
</when>
</choose>
<choose>
<when condition="@contains(${api_name}, 'substring')">
<rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</when>
<otherwise>
<rate-limit-by-key calls="100000" renewal-period="60" counter-key="@(context.Subscription.Id)" />
</otherwise>
</choose>
<validate-jwt header-name="Authorization" require-scheme="Bearer"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://*******************" />
<audiences>
...........
</audiences>
<issuers>
...............
</issuers>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
请注意,
condition
行现在有:
when condition="@contains(${api_name}, 'substring')"
${api_name}
语法告诉terraform查找分配给与调用templatefile
函数时提供的同名变量的值:
resource "azurerm_api_management_api_policy" "auth-policy" {
for_each = azurerm_api_management_api.api
xml_content = templatefile("${path.root}/api_policy.xml.tftpl", {
api_name = each.value.name
})
}