TT-9145 apidefinition JWTDefaultPolicies configured using operator cannot be configured in Tyk
owenchenxy opened this issue · 4 comments
Tyk operator version: 0.13.0
Tyk version: 5.0.0
Defect
my securitypolicy config is as below:
apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
name: xianyao-local-test
spec:
active: true
name: xianyao-local-test
state: active
access_rights_array:
- name: xianyao-local-test
namespace: default
versions:
- Default
key_expires_in: 3600
meta_data:
X-Tyk-Policy: ecom-apps
my api definition config is as below:
apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition
metadata:
name: xianyao-local-test
spec:
name: xianyao-local-test
domain: gateway-svc-tyk-hybrid.tyk
enable_jwt: true
protocol: http
active: true
proxy:
target_url: http://httpbin:8000/get
listen_path: /test
strip_listen_path: true
strip_auth_data: false
jwt_signing_method: rsa
jwt_source: aHR0cHM6Ly9iMmNzdGFnZS56ZWlzcy5jb20vYjJjc3RhZ2UuemVpc3MuY29tL2Rpc2NvdmVyeS92Mi4wL2tleXM/cD1iMmNfMWFfemVpc3NpZG5vcm1hbHNpW25pbg==
jwt_identity_base_field: sub
jwt_policy_field_name: polA
jwt_default_policies:
- 'xianyao-local-test'
Expected
Expected is that when I apply the yaml files above, from the Tyk Dashboard, I should see the jwt default policy xianyao-local-test
showing in the details page of api definition xianyao-local-test
.
Actual
However, it doesn't show up under the jwt default policies
in the api details page.
Action Taken
I tried to select the policy xianyao-local-test
from the drop-down menu of jwt default policies
, and then click update
. But it cannot be successfully configured. I use the developers tool of Chrome, and find the http response of the update
performance. It shows that in the jwt default policies
, there's a list of base64 encoded string of the policy name I just configured, which should be a list of policy id.
I checked the security policy resource in k8s cluster, its spec id is the base64 string of it's namespaced name. Apparently this is a bug. I raised a PR #635 for this and workout fine in my environment.
Some of the CI Test has not been passed. But I'm not sure whether they matter.
Hi @owenchenxy,
Thank you for raising the issue and PR too!
This issue was already in our backlog. It is a Dashboard UI bug which doesn't display policy if explicit IDs(base64 encoded IDs in our case) are set.
@komalsukhani
Are there any plans to fix this with the next release?
Hi @owenchenxy @talex-de, please note that the JWT Default policy setting is actually updated in the backend, just not reflected on the UI. The Dashboard team will be working on the UI fix, will update here when we have a planned fix date.