Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Microsoft.ApiManagement Error: unexpected segment "policies/policy" in 3.71.0 version #23095

Closed
1 task done
abbasbaman opened this issue Aug 28, 2023 · 8 comments · Fixed by #23128
Closed
1 task done

Comments

@abbasbaman
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.0.2

AzureRM Provider Version

3.71.0

Affected Resource(s)/Data Source(s)

azurerm_api_management_api_policy

Terraform Configuration Files

resource "azurerm_api_management_api_policy" "api_policies" {
  count               = length(var.apis_arguments)
  api_name            = var.apis_arguments[count.index].name
  resource_group_name = data.azurerm_api_management.apim.resource_group_name
  api_management_name = data.azurerm_api_management.apim.name

  xml_content = file(abspath(var.apis_arguments[count.index].policy_content))

 depends_on = [
    azurerm_api_management_api.apis,
    azurerm_api_management_named_value.named_values
  ]
}

Debug Output/Panic Output

Initializing provider plugins...

Finding hashicorp/azurerm versions matching ">= 2.66.0"...
Installing hashicorp/azurerm v3.71.0...
Installed hashicorp/azurerm v3.71.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

╷
│ Error: parsing "/subscriptions/xxxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.ApiManagement/service/xxxxxxxxx/apis/xxxxxx/policies/policy": unexpected segment "policies/policy" present at the end of the URI (input "/subscriptions/xxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.ApiManagement/service/xxxxxxxx/apis/xxxxx/policies/policy")
│
│ with module.api.azurerm_api_management_api_policy.api_policies[0],
│ on .terraform/modules/api/api-template/api-resources.tf line 30, in resource "azurerm_api_management_api_policy" "api_policies":
│ 30: resource "azurerm_api_management_api_policy" "api_policies" {
│
╵

Expected Behaviour

module.api-global-policy[0].azurerm_api_management_policy.this[0]: Refreshing state... [id=/subscriptions//resourceGroups/rg-ag-qa01-api-s-01/providers/Microsoft.ApiManagement/service/apim-ag-qa01-api-s-01/policies/policy]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Actual Behaviour


│ Error: parsing "/subscriptions/xxxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.ApiManagement/service/xxxxxxxxx/apis/xxxxxx/policies/policy": unexpected segment "policies/policy" present at the end of the URI (input "/subscriptions/xxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.ApiManagement/service/xxxxxxxx/apis/xxxxx/policies/policy")

│ with module.api.azurerm_api_management_api_policy.api_policies[0],
│ on .terraform/modules/api/api-template/api-resources.tf line 30, in resource "azurerm_api_management_api_policy" "api_policies":
│ 30: resource "azurerm_api_management_api_policy" "api_policies" {

Steps to Reproduce

terraform init - which will use latest version 3.71.0

Important Factoids

No response

References

No response

@abbasbaman abbasbaman changed the title Microsoft.ApiManagement Error: unexpected segment "policies/policy" Microsoft.ApiManagement Error: unexpected segment "policies/policy" in 3.71.0 version Aug 28, 2023
@sinbai
Copy link
Contributor

sinbai commented Aug 28, 2023

Hi @abbasbaman thanks for opening this issue. Unfortunately, I could not reproduce this issue by the following tf configuration and repro steps. Could you reproduce with it? Also , is it possible to provide the detailed reproduce steps and tf configuration to help reproduce/troubleshoot?

Step1: Create azurerm_api_management_api_policy with the following tf config.(the version of Terraform Provider is 3.69.0).

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
	  version = "3.69.0"
    }
  }
}

provider "azurerm" {
  features {} 
}
resource "azurerm_resource_group" "test" {
  name     = "acctestRG-0828"
  location = "eastus"
}

resource "azurerm_api_management" "test" {
  name                = "acctestAM-0828"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  publisher_name      = "pub1"
  publisher_email     = "[email protected]"
  sku_name            = "Consumption_0"
}

resource "azurerm_api_management_api" "test" {
  name                = "acctestapi-0828"
  resource_group_name = azurerm_resource_group.test.name
  api_management_name = azurerm_api_management.test.name
  display_name        = "api1"
  path                = "api1"
  protocols           = ["https"]
  revision            = "1"
}

resource "azurerm_api_management_api_policy" "test" {
  api_name            = azurerm_api_management_api.test.name
  api_management_name = azurerm_api_management.test.name
  resource_group_name = azurerm_resource_group.test.name
  xml_link            = "https://gist.githubusercontent.com/riordanp/ca22f8113afae0eb38cc12d718fd048d/raw/d6ac89a2f35a6881a7729f8cb4883179dc88eea1/example.xml"
}
Note: After the resource is created, the resource id of `azurerm_api_management_api_policy` in state file is:

image

Step2: Update the version of Terraform Provider to 3.71.0.

Step3: Run "terraform init -upgrade" => No error

Step4: Run "terraform plan" => No error.

Note: At this time, the resource id of azurerm_api_management_api_policy in state file is:
image

@o-otte
Copy link

o-otte commented Aug 28, 2023

Hello, I have encountered a similar issue but in another APIM Policy Resource:

│ Error: parsing "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.ApiManagement/service/xx/apis/fhapi-v1/operations/xxx/policies/policy": unexpected segment "policies/policy" present at the end of the URI (input "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.ApiManagement/service/xxx/apis/xxx/operations/xxx/policies/policy")
│ 
│   with azurerm_api_management_api_operation_policy.xxxx,
│   on xxx.tf line 117, in resource "azurerm_api_management_api_operation_policy" "xxxx":
│  117: resource "azurerm_api_management_api_operation_policy" "xxxx" {

using:

  • Terraform 1.5.6
  • AzureRM Provider 3.71.0 trying to upgrade from 3.69.0

Affects: azurerm_api_management_api_operation_policy

@abbasbaman
Copy link
Author

Hi @sinbai I believe it's functioning correctly for certain APIs, but there are instances where it's failing. Could you please attempt it with different APIs?

@sinbai
Copy link
Contributor

sinbai commented Aug 30, 2023

For azurerm_api_management_api_operation_policy , the result is the same as azurerm_api_management_api_policy . See below for details. I assume where the ID "/subscriptions/xxxxxxxxxx/resourceGroups/xxxxxxxx/providers/Microsoft.ApiManagement/service/xxxxxxxxx/apis/xxxxxx/policies/policy" is coming from is the crux of the issue. Because in v3.71.0, the ID no longer contains "policies/policy", and in v3.69.0 the ID ends with "policies/xml" in state file. So could anyone provide the complete reproduce steps to help reproduce/troubleshoot?

Step1: Create azurerm_api_management_api_operation_policy with the following tf config.(the version of Terraform Provider is 3.69.0).

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
	  version = "3.69.0"
    }
  }
}

provider "azurerm" {
  features {} 
}
resource "azurerm_resource_group" "test" {
  name     = "acctestRG-0830"
  location = "eastus"
}

resource "azurerm_api_management" "test" {
  name                = "acctestAM-0830"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  publisher_name      = "pub1"
  publisher_email     = "[email protected]"
  sku_name            = "Consumption_0"
}

resource "azurerm_api_management_api" "test" {
  name                = "acctestapi-0830"
  resource_group_name = azurerm_resource_group.test.name
  api_management_name = azurerm_api_management.test.name
  display_name        = "Butter Parser"
  path                = "butter-parser"
  protocols           = ["https", "http"]
  revision            = "3"
  description         = "What is my purpose? You parse butter."
  service_url         = "https://example.com/foo/bar"

  subscription_key_parameter_names {
    header = "X-Butter-Robot-API-Key"
    query  = "location"
  }
}

resource "azurerm_api_management_api_operation" "test" {
  operation_id        = "acctest-operation"
  api_name            = azurerm_api_management_api.test.name
  api_management_name = azurerm_api_management.test.name
  resource_group_name = azurerm_resource_group.test.name
  display_name        = "DELETE Resource"
  method              = "DELETE"
  url_template        = "/resource"
}

resource "azurerm_api_management_api_operation_policy" "test" {
  api_name            = azurerm_api_management_api.test.name
  api_management_name = azurerm_api_management.test.name
  resource_group_name = azurerm_resource_group.test.name
  operation_id        = azurerm_api_management_api_operation.test.operation_id
  xml_link            = "https://gist.githubusercontent.com/riordanp/ca22f8113afae0eb38cc12d718fd048d/raw/d6ac89a2f35a6881a7729f8cb4883179dc88eea1/example.xml"
}

Step2: Update the version of Terraform Provider to 3.71.0.

Step3: Run "terraform init -upgrade" => No error

Step4: Run "terraform plan" => No error.
image

@o-otte
Copy link

o-otte commented Aug 31, 2023

@sinbai I tried to cut out one of our APIM Terraform Config for debugging, I needed to refactor some values to redact company details. I hope this helps for debugging

terraform {
  required_version = "1.5.6"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.69.0"
    }
  }
}

resource "azurerm_resource_group" "rsg" {
  location = "westeurope"
  name     = "APIM_RSG"
}

resource "azurerm_api_management" "apim" {
  name                = "someapiname"
  resource_group_name = azurerm_resource_group.rsg.name
  location            = "westeurope"

  publisher_name  = "Publisher Name"
  publisher_email = "[email protected]"

  sku_name = "Developer"

  identity {
    type = "SystemAssigned"
  }

  security {
    enable_backend_ssl30 = false
    enable_backend_tls10 = false
    enable_backend_tls11 = false

    enable_frontend_ssl30 = false
    enable_frontend_tls10 = false
    enable_frontend_tls11 = false

    triple_des_ciphers_enabled = false
  }

  policy {
    xml_content = <<-XML
    <policies>
        <inbound>
            <set-variable name="appgw-fqdn" value="{{appgw-fqdn}}" />
            <set-variable name="apps-fqdn" value="{{apps-fqdn}}" />
        </inbound>
        <backend>
            <forward-request />
        </backend>
        <outbound />
        <on-error />
    </policies>
    XML
  }

  lifecycle {
    ignore_changes = [hostname_configuration]
  }
}

resource "azurerm_api_management_api_version_set" "api" {
  name                = "redacted-name"
  resource_group_name = azurerm_api_management.apim.resource_group_name
  api_management_name = azurerm_api_management.apim.name
  display_name        = "Some API Name"
  versioning_scheme   = "Segment"
}

resource "azurerm_api_management_api" "api_v1" {
  name                = "redacted-name-v1"
  resource_group_name = azurerm_api_management.apim.resource_group_name
  api_management_name = azurerm_api_management.apim.name
  revision            = "1"
  display_name        = "Some API Name"
  path                = "path"
  protocols           = ["https"]
  service_url         = "redacted.example.com"

  oauth2_authorization {
    authorization_server_name = "some-server-name"
    scope                     = "Monitoring RemoteControl RegisterDevice"
  }

  lifecycle {
    ignore_changes = [
      description,
      display_name,
    ]
  }
}

resource "azurerm_api_management_api_operation_policy" "api_v1_ws" {
  api_name            = azurerm_api_management_api.api_v1.name
  api_management_name = azurerm_api_management_api.api_v1.api_management_name
  resource_group_name = azurerm_api_management_api.api_v1.resource_group_name
  operation_id        = "ws"

  xml_content = <<-XML
  <policies>
      <inbound>
          <base />
          <return-response>
              <set-status code="301" reason="Moved Permanently" />
              <set-header name="Location" exists-action="override">
                  <value>wss://${replace(azurerm_api_management_api.api_v1.service_url, "https://", "")}/api/ws</value>
              </set-header>
              <set-body />
          </return-response>
      </inbound>
      <backend>
          <base />
      </backend>
      <outbound>
          <base />
      </outbound>
      <on-error>
          <base />
      </on-error>
  </policies>
  XML
}

resource "azurerm_api_management_product" "external" {
  product_id            = "external"
  api_management_name   = azurerm_api_management.apim.name
  resource_group_name   = azurerm_api_management.apim.resource_group_name
  display_name          = "Some APIs"
  subscription_required = true
  approval_required     = false
  published             = true

  lifecycle {
    # Terms are managed manually
    ignore_changes = [terms]
  }
}

resource "azurerm_api_management_product_api" "api_v1_product" {
  for_each            = toset([azurerm_api_management_product.external.product_id])
  api_name            = azurerm_api_management_api.api_v1.name
  product_id          = each.value
  api_management_name = azurerm_api_management_api_version_set.api.api_management_name
  resource_group_name = azurerm_api_management_api_version_set.api.resource_group_name
}

On AzureRM 3.69.0 the plan works as expected, with no changes in the plan. With Version 3.70.0 and 3.71.0 the aforementioned error appears.

@furkankaracan
Copy link

This bug still appears with version 3.89.0

@ron-foreman
Copy link

Bug also present with version 3.92.0

Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.