Closed jdieterich-brav closed 2 years ago
I am not able to reproduce this. Can you please share Security Policy yaml file?
apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
name: tenants
namespace: flux-system
spec:
id: 62500c5fb6e263000139f791
name: tenants
active: true
state: active
access_rights_array:
- name: internal-developer-platform-internal-developer-platform-a86b6fab5
namespace: internal-developer-platform
versions:
- Default
This is the file, however the initial policy didn't have the ID, that was added later
Quick question - are you using the Ingress Controller? e.g. was the API Definition created via Ingress?
https://github.com/TykTechnologies/tyk-operator-internal/issues/18
Is this issue related?
Yes we are using the ingress controller, and we did come across that issue, however we ended up finding a solution for it where we found the way the name was generated and inserted that.
I'd say this issue isn't closely related to the one we're currently seeing though, because it's the policy ID which is causing us issues
Is there any known workaround for this at the moment, or an ETA on a fix? We're running into the same problem for any policy created via the operator we cannot assign keys to it with the same error:
Tyk: Failed to create key - policy not found: "cmVzdC1zYW1wbGUvcmVzdC1zYW1wbGUtc2FtcGxlLXBvbGljeQ"
where the policy id shown in the dashboard is different
Also, our API Definitions aren't created via an ingress they're made via an ApiDefinition object.
@George-Grasham please confirm you have allow explicit policy id as true in Tyk configs?
We are using Tyk Cloud so I'm not sure we can set this config. we're using hybrid gateways so I can change the config there but not on the control plane (which I imagine is the one we actually need to change)
Thanks for your help 👍
@George-Grasham you can reach out to support and they can change your control plane config :)
This issue is resolved, thanks all
Expected Behavior
When we create a new security policy and deploy it to our k8s cluster, the operator will pick this up, and push it up to the dashboard. From here we can use the policy to generate keys for it, add APIs etc.
Current Behavior
The security policy is picked up by the operator and pushed to the dashboard. However when we then try to generate a key for example, we get an error message that the policy isn't found, and the ID associated with it. However this ID doesn't match with the ID that is presented in the dashboard. When we inspect the security policy in our cluster, the
pol_id
value is set to the ID that is displayed on the dashboard, whereas_id
is set to the ID it can't find on key generation. It looks like this ID is<namespace>/<apiName>
encoded in base64.Possible Solution
When the operator pushed the security policy it get's the ID back from the dashboard and then updates
_id
to match that value.Steps to Reproduce
Context
We are looking to add security policies in a gitops way, by adding them to a repo, which then reconciles them to the cluster through the use of flux. We would like to then be able to use these policies without having to change any config on the dashboard.
Your Environment