search

TykTechnologies / tyk-demo

Tyk Docker Demo with full Pro Tyk Installation and more!
51 stars 12 forks source link

defect: bootstrapping an API key should work for OAS apis #220

Open asoorm opened 9 months ago

asoorm commented 9 months ago

When bootstrapping an OAS style API definition, and creating a key with access rights to that API, the bootstrap fails because the API with that ID does not exist:

tyk-demo-tyk-gateway-1       | time="Oct 05 06:37:51" level=error msg="Could not add key for this API ID, API doesn't exist." api_id=651d6ef9d0e9ba0001ea657f key="eyJvcmciOiI1ZTlkOTU0NGExZGNkNjAwMDFkMGVkMjAiLCJpZCI6ImhtYWMiLCJoIjoibXVybXVyNjQifQ==" org_id=5e9d9544a1dcd60001d0ed20 path=-- prefix=api server_name=system user_id=system user_ip=--

We need the ability to declare an API ID when importing and exporting which keys, policies and automation tooling can rely on.

Sample API Def:

{
  "components": {},
  "info": {
    "title": "HMAC Protected API",
    "version": "1.0.0"
  },
  "openapi": "3.0.3",
  "paths": {},
  "servers": [
    {
      "url": "http://tyk-gateway.localhost:8080/hmac-protected-api/"
    }
  ],
  "x-tyk-api-gateway": {
    "info": {
      "dbId": "DBID",                                                    <-------- I CAN SET THIS, BUT IT SEEMS LIKE I CANT USE IT       
      "id": "ID",                                                              <-------- THIS CHANGES EVERY TIME BOOTSTRAP / IMPORT
      "name": "HMAC Protected API",
      "orgId": "5e9d9544a1dcd60001d0ed20",
      "state": {
        "active": true
      }
    },
    "server": {
      "authentication": {
        "enabled": true,
        "hmac": {
          "allowedAlgorithms": [
            "hmac-sha1",
            "hmac-sha256"
          ],
          "allowedClockSkew": -1,
          "enabled": true,
          "header": {
            "enabled": true,
            "name": "Authorization"
          }
        }
      },
      "listenPath": {
        "strip": true,
        "value": "/hmac-protected-api/"
      },
      "slug": "hmac-protected-api"
    },
    "upstream": {
      "url": "http://httpbin"
    }
  }
}

Sample Key

{
  "last_check": 0,
  "allowance": 1000,
  "rate": 1000,
  "per": 60,
  "throttle_interval": -1,
  "throttle_retry_limit": -1,
  "max_query_depth": -1,
  "expires": 0,
  "quota_max": -1,
  "quota_renews": 1696429681,
  "quota_remaining": 0,
  "quota_renewal_rate": -1,
  "access_rights": {
    "651d6ef9d0e9ba0001ea657f": {                   <----- I CANNOT USE VALUE IN dbID
      "api_name": "HMAC Protected API",
      "api_id": "651d6ef9d0e9ba0001ea657f",    <----- I CANNOT USE VALUE IN dbID
      "versions": [""],
      "allowed_urls": null,
      "limit": null,
      "allowance_scope": ""
    }
  },
  "org_id": "5e9d9544a1dcd60001d0ed20",
  "hmac_enabled": true,
  "hmac_string": "HMAC_SHARED_SECRET"
}
davegarvey commented 8 months ago

This was originally a workaround due to OAS API definition ids being random. But now that it's possible to control the id, the script can be updated accordingly.