search

TykTechnologies / tyk-operator

Tyk Operator for Kubernetes
https://tyk.io
Mozilla Public License 2.0
197 stars 38 forks source link

deleting an api definition should fail if a security policy grants access to it #286

Closed asoorm closed 3 years ago

asoorm commented 3 years ago 
Feature: Delete an ApiDefinition

  Scenario: Deleting an ApiDefinition when a SecurityPolicy grants access to it
    Given I have a protected ApiDefinition
      And I have a SecurityPolicy which grants access to it
    When I delete the ApiDefinition
    Then The ApiDefinition reconciler should return an error and requeue the request

Step 1: Create the Tyk API

cat <<EOF | kubectl apply -f - 
apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition

metadata:
  name: httpbin

spec:
  name: HttpBin
  protocol: http
  proxy:
    target_url: http://httpbin.org
    listen_path: /httpbin
    strip_listen_path: true
  active: true
  use_keyless: true
EOF

Step 2: Create the SecurityPolicy

cat <<EOF | kubectl apply -f - 
apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy

metadata:
  name: mypolicy

spec:
  access_rights_array:
    - name: httpbin
      namespace: default
      versions:
        - Default
  active: true
  name: MyPolicy
  state: active
  rate: 100
  per: 1
EOF

Step 3: Delete the api defintion

kubectl delete apidefinitions.tyk.tyk.io httpbin 
apidefinition.tyk.tyk.io "httpbin" deleted           <----------- This should actually be blocked by the finalizer, which should requeue till the SecurityPolicy object is also deleted, or the apidefinition is de-referenced.

Issue occurs on v0.6.0

helm list -A | grep operator
tyk-operator            tykpro                  1               2021-04-13 12:49:20.008365 +0100 BST    deployed        tyk-operator-0.6.0
asoorm commented 3 years ago

This issue is a regression, working code sample:

https://github.com/TykTechnologies/tyk-operator/blob/v0.2.0/controllers/apidefinition_controller.go#L61-L82

Screenshot 2021-04-19 at 16 52 59