Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

AEM Cloud Config Pipeline Failed due to YAML parsing error

Avatar

Community Advisor

We tried to whitelist domains only for specific IP addresses. Given the large number of domains and IP addresses, we aimed to make the configuration more readable and manageable by separating the lists into different files using the YAML lookup method as shown below: 

- name: domains-ip-restriction
  when:
    allOf:
      - reqProperty: domain
        in: "{{ lookup('file', 'restricted_domains.yaml') }}"
      - reqProperty: clientIp
        notIn: "{{ lookup('file', 'whitelisted_ips.yaml') }}"
  action:
    type: block

restricted_domains.yaml:

- dev.domain1.com
- dev.domain2.com

whitelisted_ips.yaml:

- 172.143.23.10/32

However, the config pipeline failed with the following error logs: 

2024-09-24T18:22:28+0000 Summary of events during the deployment step:
2024-09-24T18:22:28+0000 Begin deployment in sites-dev [CorrelationId: XXX]
2024-09-24T18:23:15+0000 Config Pipeline update status is failed
2024-09-24T18:23:15+0000 Error details are present:
2024-09-24T18:23:15+0000 Could not parse yaml file in 'restricted_domains.yaml'. Please check that you are using valid YAML syntax and check the documentation
2024-09-24T18:23:15+0000 Finished deployment in aaaem-sites-dev

We are aware that IP Allowlist can be configured via Cloud Manager for restricted websites. However, in our case, some domains need to be publicly accessible, which is why we are using this approach with CDN configuration.

Any suggestions on how to proceed with separate files for the IPs and domain lists, or is the only approach to duplicate these lists directly in the cdn.yaml file?

 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

4 Replies

Avatar

Community Advisor

Hi @Mahedi_Sabuj ,

Have you tried to inline lists directly in yaml file  and check if the build is happening fine  ? This is to rule out any lookup file issue. 

 

- name: domains-ip-restriction
  when:
    allOf:
      - reqProperty: domain
        in: ["dev.domain1.com", "dev.domain2.com"]
      - reqProperty: clientIp
        notIn: ["172.143.23.10/32"]
  action:
    type: block

Thanks,

Somen

Avatar

Community Advisor

Inline config works fine, but we prefer managing IP addresses in a separate file for better reusability across different rules. This approach allows us to use the same IP addresses in multiple rules without duplication.

Avatar

Community Advisor

In this case the issue can be in the format of the lookup  file  that you are trying to attach  or  pipeline script might have some specific conditions that it checks.  As per current documentation every yaml file has a common syntax like  below . 

  kind: "LogForwarding"
  version: "1"
  metadata:
    envTypes: ["dev"]

As you are passing yaml file what changes were done to pass the list as an array to the required property field ? In publicly available documentation don't see any option to append a lookup file or valid "kind" type for lookup.  Suggest  to raise an Adobe support ticket  to get further inputs from the engineering team.

Thanks,

Somen

Avatar

Community Advisor

I have already raised a ticket with the Adobe Support team and awaiting their response. Thanks.