我正在编写 terraform 代码,其中还必须添加 XML。我还想向 xml 添加条件以使用基本路径进行过滤。我的子字符串将是基本路径。我像下面的代码一样添加它
resource "azurerm_api_management_api_policy" "auth-policy" {
for_each = azurerm_api_management_api.api
xml_content = <<XML
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-methods>
<method>*</method>
</allowed-methods>
</cors>
<base />
<set-header name="ApiKey" exists-action="skip">
<value>Default</value>
</set-header>
<choose>
<when condition='@(context.Request.Headers.ContainsKey("X-Forwarded-Host"))'>
<set-header name="X-Forwarded-Host" exists-action="override">
<value>@(context.Request.OriginalUrl.ToUri().Host)</value>
</set-header>
</when>
</choose>
<choose>
<when condition="@contains(${each.value.name}, 'substring')">
<rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</when>
<otherwise>
<rate-limit-by-key calls="100000" renewal-period="60" counter-key="@(context.Subscription.Id)" />
</otherwise>
</choose>
<validate-jwt header-name="Authorization" require-scheme="Bearer"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://*******************" />
<audiences>
...........
</audiences>
<issuers>
...............
</issuers>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
XML
}
但它会抛出错误
Code="ValidationError" Message="一个或多个字段包含不正确的值:" 详细信息=[{"code":"ValidationError","message":"第 28 行第 10 列元素“选择”中的错误: ' “condition”属性无效 - 值“@contains(string, 'sunstring')”不在允许的值范围内。”
我的条件是否正确,或者我们是否通过请求获得基本路径,我可以直接使用它而不是
each.value.nametemplatefileapi_policy.xml.tftpltftpl<policies>
<inbound>
<cors allow-credentials="true">
<allowed-methods>
<method>*</method>
</allowed-methods>
</cors>
<base />
<set-header name="ApiKey" exists-action="skip">
<value>Default</value>
</set-header>
<choose>
<when condition='@(context.Request.Headers.ContainsKey("X-Forwarded-Host"))'>
<set-header name="X-Forwarded-Host" exists-action="override">
<value>@(context.Request.OriginalUrl.ToUri().Host)</value>
</set-header>
</when>
</choose>
<choose>
<when condition="@contains(${api_name}, 'substring')">
<rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</when>
<otherwise>
<rate-limit-by-key calls="100000" renewal-period="60" counter-key="@(context.Subscription.Id)" />
</otherwise>
</choose>
<validate-jwt header-name="Authorization" require-scheme="Bearer"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://*******************" />
<audiences>
...........
</audiences>
<issuers>
...............
</issuers>
</validate-jwt>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
请注意,
conditionwhen condition="@contains(${api_name}, 'substring')"
${api_name}templatefileresource "azurerm_api_management_api_policy" "auth-policy" {
for_each = azurerm_api_management_api.api
xml_content = templatefile("${path.root}/api_policy.xml.tftpl", {
api_name = each.value.name
})
}