Support for separate resource for API Management service All APIs Policy

[sirlatrom]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

If references to named values are used in the API Management service (henceforth APIM) policy for All APIs, the named values must exist first. However, for named values to be created, they need the APIM to be created first, hence creating a catch-22.

New or Affected Resource(s)

• azurerm_api_management_policy

Potential Terraform Configuration

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West US"
}

resource "azurerm_api_management" "example" {
  name                = "example-apim"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  publisher_name      = "pub1"
  publisher_email     = "[email protected]"

  sku_name = "Developer_1"
}

resource "azurerm_api_management_named_value" "example" {
  name                = "example-apimg"
  resource_group_name = azurerm_resource_group.example.name
  api_management_name = azurerm_api_management.example.name
  display_name        = "ExampleProperty"
  value               = "Example Value"
}

resource "azurerm_api_management_policy" "example" {
  apim_management_id = azurerm_api_management.example.id
  xml_content        = file("example.xml")
}

References

N/A.

[knutwannheden]

This sounds very promising! Can you please confirm that the <policies> "XML" uses the Rawxml format rather than XML so that C# expressions with special characters (<, >, or ") don't cause problems?

[sirlatrom]

This sounds very promising! Can you please confirm that the <policies> "XML" uses the Rawxml format rather than XML so that C# expressions with special characters (<, >, or ") don't cause problems?

When applying our own policy, it ends up looking correct in the Azure Portal policy editor and in the API responses for the policy, so I assume it is fine.

We do have a few expressions with ", < and > in them, and in the API response after applying the policy, they look like this, which I believe is correct:

<set-variable name=\"REDACTED\" value=\"@(((IResponse)context.Variables[&quot;REDACTED&quot;]).Body.As&lt;JObject&gt;())\" />

[knutwannheden]

Thanks for the heads-up. I just want to make sure this new resource can also be used to set policies containing stuff like:

<set-variable name="REDACTED" value="@(((IResponse)context.Variables["REDACTED"]).Body.As<JObject>())" />

This appears to be the case, which is great.

Note that with the current azurerm_api_management resource this is not possible and I have to encode it like this instead:

<set-variable name="REDACTED" value="@(((IResponse)context.Variables[&quot;REDACTED&quot;]).Body.As&lt;JObject&gt;())" />

I created a PR for that: #9296.

[knutwannheden]

Are there any workarounds for the catch-22 problem mentioned regarding named values which are referenced from the policies? Possibly something that can be controlled using the resource lifecycles?

I didn't notice this problem until trying to destroy resources. The reason I didn't notice them when creating resources was that I didn't create all resources from scratch. I already had an existing API management resource.

[ghost]

This has been released in version 2.39.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.39.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!