Tyk SecurityPolicy with K8s CRD not working with Auth Key
IbuAR opened this issue · 4 comments
when we create a policy with the tyk operator, it is creating two ids _id (mongoid: 6333f0348f47e40001da45dd) and id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5).
when we create a key with this policy and access the API it is throwing Access to this API has been disallowed because in the tyk gateway it is trying to get the policy with the id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) so it is returning policy not found.
I think the issue is the ApplyPolicies for the User Session State return id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) but in the policies map of the gateway the key is with _id (6333f0348f47e40001da45dd). so while ApplyPolicies is called, the gateway couldn’t find the policy.
apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
name: test-api-policy
spec:
name: Test API Policy
state: active
active: true
key_expires_in: 0
tags:
- "test_policy"
access_rights_array:
- name: test-api
namespace: default
versions:
- "Default"
Your Environment
tyk-operator
version/commit: v0.11.0- Gateway: v4.0.3
@IbuAR Can you validate if allow_explicit_policy_id
is set to true in your gateway config?
@komalsukhani
we are running a hybrid gateway, It's working when we set allow_explicit_policy_id=true
.
so this is the option to toggling usage of id instead of internal id right?
@IbuAR Yes. Here is the documentation for the same https://tyk.io/docs/tyk-oss-gateway/configuration/#policiesallow_explicit_policy_id
Thanks, @komalsukhani 😄 👍