英文:
APIM named value create or update rest api is not working
问题
我正在使用REST 创建或更新REST API 在我的PowerShell脚本中创建APIM命名值
脚本:
$requestPayload = @{
properties = @{
displayName = $displayname
keyVault = @{
secretIdentifier = $SecretIdentifier
}
secret = $true
}
}
# 将哈希表转换为JSON字符串
$jsonPayload = $requestPayload | ConvertTo-Json -Depth 5
# 创建/更新命名值
$baseurl="https://management.azure.com/subscriptions/";
$headers = @{ "Authorization" = "Bearer " + $accesstoken }
$url = $baseurl + $SubscriptionId + "/resourceGroups/" + $ResourceGroupName + "/providers/Microsoft.ApiManagement/service/" + $APIMResourceName + "/namedValues/$($Name)?api-version=2022-08-01";
$result = Invoke-WebRequest $url -Method 'Put' -Headers $headers -Body $jsonPayload -ContentType "application/json" -UseBasicParsing
Write-Output($result)
这个脚本在我的3个环境中都正常工作(实验室、预生产订阅中的测试和生产订阅中的预生产环境),但在生产环境中不起作用。
在所有4个环境中,输出的$result都相同,即响应代码202已接受。除了生产环境,命名值正常创建并引用了密钥库密钥,在生产环境中无法正常工作。我无法找出实际原因,因为此API返回202已接受的响应。在APIM服务中,我还检查了活动日志,那里也只能看到已接受和已启动的日志,而没有成功、完成或任何错误日志。
在不知道错误详细信息的情况下,很难解决这个问题。
我还验证了APIM实例,它在密钥库中设置了获取和列出访问策略。
请告诉我是否有办法找出错误是什么。
英文:
I am using REST create or update rest api to create the APIM named value in my PowerShell script
script:
$requestPayload = @{
properties = @{
displayName = $displayname
keyVault = @{
secretIdentifier = $SecretIdentifier
}
secret = $true
}
}
# Convert the hash table to a JSON string
$jsonPayload = $requestPayload | ConvertTo-Json -Depth 5
# Create/Update named values
$baseurl="https://management.azure.com/subscriptions/";
$headers = @{ "Authorization" = "Bearer " + $accesstoken }$url=$baseurl+$SubscriptionId+"/resourceGroups/"+$ResourceGroupName+"/providers/Microsoft.ApiManagement/service/"+$APIMResourceName+"/namedValues/$($Name)?api-version=2022-08-01";
$result=Invoke-WebRequest  $url -Method 'Put' -Headers $headers -Body  $jsonPayload -ContentType "application/json" -UseBasicParsing
Write-Output( $result)
This script works perfectly fine in 3 of my environments(lab and test in pre prod subscription and prv in prod subscription) but in prod environment it is not working.
The output $result in all 4 environment is same that is Response code 202 accepted. Except production environment the named value is getting created properly with keyvault secret reference, only in prod it is not working. I was not able to find out the actual cause as this api is returning the 202 accepted response. In APIM service also I checked activity log there also I can see the accepted and started logs but not succeeded or completed or any error log.
Without knowing the error details it is hard to solve this issue.
I have also verified that apim instance, it has get and list access policy set in keyvault.
Please let me know is there way to find out what is the error.
答案1
得分: 1
202响应应该包含一个Location头,指向您可以监视过程的URL。使用GET请求轮询该URL,直到收到除202以外的响应,该响应应包含错误信息。
如果我要猜的话,您的生产环境中的APIM服务可能无法访问您正在为其创建的Named Value的KeyVault。确保APIM服务已启用托管标识。如果您的KeyVault已配置在访问策略中,请确保将生产环境中的APIM服务标识添加到ACL以读取密钥的值。如果您的KeyVault处于RBAC模式下,请确保APIM服务至少添加了"Secret User"角色的访问控制。
英文:
202 response should come with Location header pointing at URL where you can monitor the process. Poll on that with GET request untill you get anything else but 202 and that response should contain error information.
If I would have to guess, your APIM service in prod does not have access to a KeyVault you're creating Named Value for. Make sure APIM service has Managed Identity enabled. If your KeyVault is configured in Access Policy, make sure prod APIM service's identity is addedd to ACL to read secret value. IF your KeyVault is in RBAC mode, make sure APIM service is added at least Secret User role in Access Control.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论