search

TykTechnologies / tyk-operator

Tyk Operator for Kubernetes
https://tyk.io
Mozilla Public License 2.0
197 stars 38 forks source link

Can't connect Api to a user_group_owners #691

Closed g-bohncke closed 3 months ago

g-bohncke commented 5 months ago

When using a OperatorContext or Secret:tyk-operator-conf if it contains user_group_owners the creating of api's fails

Expected Behavior

To be able to create api's that belong to a specific team

Current Behavior

{"level":"info","ts":1712314883.2202964,"logger":"controllers.SecretCert","msg":"ApiDefinition updated successfully","cert":"monitoring/server-cert-prometheus-tyk"} {"level":"info","ts":1712314883.258113,"logger":"controllers.ApiDefinition","msg":"Call","ApiDefinition":"monitoring/monitoring-prometheus-ingress-tyk-7990cf181","Method":"GET","URL":"https://glorious-tinderbox-adm.aws-euc1.cloud-ara.tyk.io/api/apis/bW9uaXRvcmluZy9tb25pdG9yaW5nLXByb21ldGhldXMtaW5ncmVzcy10eWstNzk5MGNmMTgx","Status":200} {"level":"error","ts":1712314883.2591567,"logger":"controllers.ApiDefinition","msg":"Failed to update Status","ApiDefinition":"monitoring/monitoring-prometheus-ingress-tyk-7990cf181","error":"unable to get api monitoring/monitoring-prometheus-ingress-tyk-7990cf181 ApiDefinition.tyk.tyk.io \"monitoring-prometheus-ingress-tyk-7990cf181\" not found","stacktrace":"github.com/TykTechnologies/tyk-operator/controllers.(ApiDefinitionReconciler).Reconcile.func1\n\t/workspace/controllers/apidefinition_controller.go:201\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.mutate\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/controller/controllerutil/controllerutil.go:341\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.CreateOrUpdate\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/controller/controllerutil/controllerutil.go:213\ngithub.com/TykTechnologies/tyk-operator/controllers.(ApiDefinitionReconciler).Reconcile\n\t/workspace/controllers/apidefinition_controller.go:118\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:214"} {"level":"error","ts":1712314883.2594898,"logger":"controller-runtime.manager.controller.apidefinition","msg":"Reconciler error","reconciler group":"tyk.tyk.io","reconciler kind":"ApiDefinition","name":"monitoring-prometheus-ingress-tyk-7990cf181","namespace":"monitoring","error":"unable to get api monitoring/monitoring-prometheus-ingress-tyk-7990cf181 ApiDefinition.tyk.tyk.io \"monitoring-prometheus-ingress-tyk-7990cf181\" not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:214"}

komalsukhani commented 5 months ago

@g-bohncke I am not able to reproduce this issue. Can you provide following details:

  1. Operator and Tyk Gateway/Dashboard version
  2. Manifest files you are applying
g-bohncke commented 5 months ago

@komalsukhani I checked today with the latest versions and it still persists tyk-operator Helm version: 0.17.0 tyk-data-plane Helm version: 1.3.0 Dashboard is the trail version running at https://glorious-tinderbox-adm.aws-euc1.cloud-ara.tyk.io/apis

by adding TYK_USER_GROUP_OWNERS I get the above error

The tyk-operator-conf :

apiVersion: v1 data: TYK_AUTH: Y2YxNjA4Nzc0MDJhNDA0ZTc2MTRjYmI4YjY0NTNkZDI= TYK_MODE: cHJv TYK_ORG: NjYwZWQ5MWU3ZDI0NzIwMDAxZGUzYzky TYK_TLS_INSECURE_SKIP_VERIFY: dHJ1ZQ== TYK_URL: aHR0cHM6Ly9nbG9yaW91cy10aW5kZXJib3gtYWRtLmF3cy1ldWMxLmNsb3VkLWFyYS50eWsuaW8= TYK_USER_GROUP_OWNERS: cGxhdGZvcm0= immutable: false kind: Secret metadata: annotations: reconcile.external-secrets.io/data-hash: c7047e8ff8ec82145eeca0ef3a9a64e1 labels: argocd.argoproj.io/instance: portals-non-prod-tyk-operator-system reconcile.external-secrets.io/created-by: d8b76303a7a9c2bb45a913e23b124493 name: tyk-operator-conf namespace: tyk-operator-system ownerReferences:

komalsukhani commented 4 months ago

@g-bohncke Sorry for delay in response.

You have set platform in the user group owners. We need to set user group id in that field instead of group name.