Policies through arm not applied correctly #36
Description
I am deploying an arm template for an existing APIM service and modifying the inbound policies for one of the apis to include a conditional :
<policies>
<inbound>
<choose>
<when condition=\"@(context.Request.Url.Path.Contains("ABC"))\">
<validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized. Access token is missing or invalid.\">
<openid-config url=\"https://login.microsoftonline.com/common/.well-known/openid-configuration\" />
<required-claims>
<claim name=\"aud\">
<value>',
parameters('audience'),
'</value>
</claim>
<claim name=\"roles\" match=\"all\">
<value>Read</value>
<value>Write</value>
</claim>
</required-claims>
</validate-jwt>
</when>
<otherwise>
<validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized. Access token is missing or invalid.\">
<openid-config url=\"https://login.microsoftonline.com/common/.well-known/openid-configuration\" />
<required-claims>
<claim name=\"aud\">
<value>',
parameters('audience'),
' </value>
</claim>
<claim name=\"roles\" match=\"any\">
<value>Read</value>
</claim>
</required-claims>
</validate-jwt>
</otherwise>
</choose>
<base />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Validation for the first condition works after deployment but the second one does not.
Ex:
test.com/abc -validation works
test.com/xyz -validation always fails with a valid access token error
After I go in through the web portal I see the policy is there just as in the arm template. All I do is re-save the policy and it works as expected again.