Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

huangapple go评论76阅读模式
英文:

Azure: Error thrown when following official doc to set up inbound policies for APIM

问题

我按照此 文档 上的步骤进行操作,但在保存策略编辑器下的 "入站处理" 和代码视图按钮 "</>" 时出现了以下错误:

一个或多个字段包含不正确的值:
元素 'cors' 中的错误,位于第2行,第5列:策略部分不允许在指定的范围内
元素 'validate-jwt' 中的错误,位于第16行,第5列:策略部分不允许在指定的范围内
元素 'rate-limit-by-key' 中的错误,位于第24行,第5列:策略部分不允许在指定的范围内

以下是代码:

<inbound>
   <cors allow-credentials="true">
         <allowed-origins>
             <origin>https://devjohn1.z11.web.core.windows.net/</origin>
         </allowed-origins>
         <allowed-methods preflight-result-max-age="120">
             <method>GET</method>
         </allowed-methods>
         <allowed-headers>
             <header>*</header>
         </allowed-headers>
         <expose-headers>
             <header>*</header>
         </expose-headers>
   </cors>
   <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
      <openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
      <required-claims>
         <claim name="aud">
            <value>56f39849-19eb-49d6-qweqw-123123123</value>
         </claim>
      </required-claims>
   </validate-jwt>
   <rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
   <rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>

可能出了什么问题?我只是按照步骤进行操作...

英文:

I followed steps on this doc precisely, but got this error when saving the policy editor Under "Inbound processing" and code view button "</>":

One or more fields contain incorrect values:
Error in element &#39;cors&#39; on line 2, column 5: Policy section is not allowed in the specified scope
Error in element &#39;validate-jwt&#39; on line 16, column 5: Policy section is not allowed in the specified scope
Error in element &#39;rate-limit-by-key&#39; on line 24, column 5: Policy section is not allowed in the specified scope

here is the code:

&lt;inbound&gt;
   &lt;cors allow-credentials=&quot;true&quot;&gt;
         &lt;allowed-origins&gt;
             &lt;origin&gt;https://devjohn1.z11.web.core.windows.net/&lt;/origin&gt;
         &lt;/allowed-origins&gt;
         &lt;allowed-methods preflight-result-max-age=&quot;120&quot;&gt;
             &lt;method&gt;GET&lt;/method&gt;
         &lt;/allowed-methods&gt;
         &lt;allowed-headers&gt;
             &lt;header&gt;*&lt;/header&gt;
         &lt;/allowed-headers&gt;
         &lt;expose-headers&gt;
             &lt;header&gt;*&lt;/header&gt;
         &lt;/expose-headers&gt;
   &lt;/cors&gt;
   &lt;validate-jwt header-name=&quot;Authorization&quot; failed-validation-httpcode=&quot;401&quot; failed-validation-error-message=&quot;Unauthorized. Access token is missing or invalid.&quot; require-expiration-time=&quot;true&quot; require-signed-tokens=&quot;true&quot; clock-skew=&quot;300&quot;&gt;
      &lt;openid-config url=&quot;https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin&quot; /&gt;
      &lt;required-claims&gt;
         &lt;claim name=&quot;aud&quot;&gt;
            &lt;value&gt;56f39849-19eb-49d6-qweqw-123123123&lt;/value&gt;
         &lt;/claim&gt;
      &lt;/required-claims&gt;
   &lt;/validate-jwt&gt;
   &lt;rate-limit-by-key calls=&quot;300&quot; renewal-period=&quot;120&quot; counter-key=&quot;@(context.Request.IpAddress)&quot; /&gt;
   &lt;rate-limit-by-key calls=&quot;15&quot; renewal-period=&quot;60&quot; counter-key=&quot;@(context.Request.Headers.GetValueOrDefault(&quot;Authorization&quot;,&quot;&quot;).AsJwt()?.Subject)&quot; /&gt;
&lt;/inbound&gt;

What can be wrong? I was just following the steps....

答案1

得分: 1

我已经尝试在我的环境中重现了这个问题,并获得了与下面相同的错误-

> 一个或多个字段包含不正确的值:
> - 第2行,第10列的'cors'元素中存在错误:在指定的范围内不允许策略部分
> - 第16行,第10列的'validate-jwt'元素中存在错误:在指定的范围内不允许策略部分
> - 第24行,第10列的'rate-limit-by-key'元素中存在错误:在指定的范围内不允许策略部分

每当您尝试以以下方式保存策略时,都会收到错误消息

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

在创建了新的API后,单击APIM中的入站策略代码编辑器

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

单击后,您将获得默认的策略模板。将入站策略粘贴到<inbound></inbound>标记中,保持其他标记不变。

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

在对现有策略进行了一些修改之后,我能够保存它。将<inbound></inbound>保留在<policies></policies>中。

<policies>
    <inbound>
        <cors allow-credentials="true">
            <allowed-origins>
                <origin>https://devjohn1.z11.web.core.windows.net/</origin>
            </allowed-origins>
            <allowed-methods preflight-result-max-age="120">
                <method>GET</method>
            </allowed-methods>
            <allowed-headers>
                <header>*</header>
            </allowed-headers>
            <expose-headers>
                <header>*</header>
            </expose-headers>
        </cors>
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
            <openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
            <required-claims>
                <claim name="aud">
                    <value>56f39849-19eb-49d6-qweqw-123123123</value>
                </claim>
            </required-claims>
        </validate-jwt>
        <rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
        <rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>
英文:

I have tried to reproduce the issue at my environment and got the same error as below-

> One or more fields contain incorrect values:
> - Error in element 'cors' on line 2, column 10: Policy section is not allowed in the specified scope
> - Error in element 'validate-jwt' on line 16, column 10: Policy section is not allowed in the specified scope
> - Error in element 'rate-limit-by-key' on line 24, column 10: Policy section is not allowed in the specified scope

Whenever you will try to save the policies in the following manner, you will be get the error

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

After creating the new API in APIM click on the inbound policy code editor

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

After clicking, you will get the default policy template. Paste your inbound policies within &lt;inbound&gt;&lt;/inbound&gt; keeping other tags as is.

Azure: 遵循官方文档设置 APIM 的入站策略时引发的错误

After few modification in your existing policy, I am able to save it. Keep &lt;inbound&gt;&lt;/inbound&gt; within &lt;policies&gt;&lt;/policies&gt;.

&lt;policies&gt;
    &lt;inbound&gt;
        &lt;cors allow-credentials=&quot;true&quot;&gt;
            &lt;allowed-origins&gt;
                &lt;origin&gt;https://devjohn1.z11.web.core.windows.net/&lt;/origin&gt;
            &lt;/allowed-origins&gt;
            &lt;allowed-methods preflight-result-max-age=&quot;120&quot;&gt;
                &lt;method&gt;GET&lt;/method&gt;
            &lt;/allowed-methods&gt;
            &lt;allowed-headers&gt;
                &lt;header&gt;*&lt;/header&gt;
            &lt;/allowed-headers&gt;
            &lt;expose-headers&gt;
                &lt;header&gt;*&lt;/header&gt;
            &lt;/expose-headers&gt;
        &lt;/cors&gt;
        &lt;validate-jwt header-name=&quot;Authorization&quot; failed-validation-httpcode=&quot;401&quot; failed-validation-error-message=&quot;Unauthorized. Access token is missing or invalid.&quot; require-expiration-time=&quot;true&quot; require-signed-tokens=&quot;true&quot; clock-skew=&quot;300&quot;&gt;
            &lt;openid-config url=&quot;https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin&quot; /&gt;
            &lt;required-claims&gt;
                &lt;claim name=&quot;aud&quot;&gt;
                    &lt;value&gt;56f39849-19eb-49d6-qweqw-123123123&lt;/value&gt;
                &lt;/claim&gt;
            &lt;/required-claims&gt;
        &lt;/validate-jwt&gt;
        &lt;rate-limit-by-key calls=&quot;300&quot; renewal-period=&quot;120&quot; counter-key=&quot;@(context.Request.IpAddress)&quot; /&gt;
        &lt;rate-limit-by-key calls=&quot;15&quot; renewal-period=&quot;60&quot; counter-key=&quot;@(context.Request.Headers.GetValueOrDefault(&quot;Authorization&quot;,&quot;&quot;).AsJwt()?.Subject)&quot; /&gt;
    &lt;/inbound&gt;
    &lt;backend&gt;
        &lt;base /&gt;
    &lt;/backend&gt;
    &lt;outbound&gt;
        &lt;base /&gt;
    &lt;/outbound&gt;
    &lt;on-error&gt;
        &lt;base /&gt;
    &lt;/on-error&gt;
&lt;/policies&gt;

huangapple
  • 本文由 发表于 2023年6月19日 16:30:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/76504917.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定