Tyk SecurityPolicy with K8s CRD not working with Auth Key

Question

Tyk SecurityPolicy with K8s CRD not working with Auth Key

IbuAR opened this issue 2 years ago · 4 comments

when we create a policy with the tyk operator, it is creating two ids _id (mongoid: 6333f0348f47e40001da45dd) and id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5).

when we create a key with this policy and access the API it is throwing Access to this API has been disallowed because in the tyk gateway it is trying to get the policy with the id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) so it is returning policy not found.

I think the issue is the ApplyPolicies for the User Session State return id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) but in the policies map of the gateway the key is with _id (6333f0348f47e40001da45dd). so while ApplyPolicies is called, the gateway couldn’t find the policy.

apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: test-api-policy
spec:
  name: Test API Policy
  state: active
  active: true
  key_expires_in: 0
  tags:
    - "test_policy"
  access_rights_array:
    - name: test-api
      namespace: default
      versions:
        - "Default"

Your Environment

tyk-operator version/commit: v0.11.0
Gateway: v4.0.3

Answer 1 · 2022-09-30T07:09:24.000Z

@IbuAR Can you validate if allow_explicit_policy_id is set to true in your gateway config?

Answer 2 · 2022-09-30T07:36:38.000Z

@komalsukhani
we are running a hybrid gateway, It's working when we set allow_explicit_policy_id=true.
so this is the option to toggling usage of id instead of internal id right?

Answer 3 · 2022-09-30T07:41:53.000Z

@IbuAR Yes. Here is the documentation for the same https://tyk.io/docs/tyk-oss-gateway/configuration/#policiesallow_explicit_policy_id

Answer 4 · 2022-09-30T07:43:37.000Z

Thanks, @komalsukhani 😄 👍