TT-9145 apidefinition JWTDefaultPolicies configured using operator cannot be configured in Tyk

Question

TT-9145 apidefinition JWTDefaultPolicies configured using operator cannot be configured in Tyk

owenchenxy opened this issue a year ago · 4 comments

Tyk operator version: 0.13.0
Tyk version: 5.0.0

Defect
my securitypolicy config is as below:

apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: xianyao-local-test
spec:
  active: true
  name: xianyao-local-test
  state: active
  access_rights_array:
    - name: xianyao-local-test
      namespace: default
      versions:
        - Default
  key_expires_in: 3600
  meta_data:
    X-Tyk-Policy: ecom-apps

my api definition config is as below:

apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition
metadata:
  name: xianyao-local-test
spec:
  name: xianyao-local-test
  domain: gateway-svc-tyk-hybrid.tyk
  enable_jwt: true
  protocol: http
  active: true
  proxy:
    target_url: http://httpbin:8000/get
    listen_path: /test
    strip_listen_path: true
  strip_auth_data: false
  jwt_signing_method: rsa
  jwt_source: aHR0cHM6Ly9iMmNzdGFnZS56ZWlzcy5jb20vYjJjc3RhZ2UuemVpc3MuY29tL2Rpc2NvdmVyeS92Mi4wL2tleXM/cD1iMmNfMWFfemVpc3NpZG5vcm1hbHNpW25pbg==
  jwt_identity_base_field: sub
  jwt_policy_field_name: polA
  jwt_default_policies:
    - 'xianyao-local-test'

Expected
Expected is that when I apply the yaml files above, from the Tyk Dashboard, I should see the jwt default policy xianyao-local-test showing in the details page of api definition xianyao-local-test.

Actual
However, it doesn't show up under the jwt default policies in the api details page.

Action Taken
I tried to select the policy xianyao-local-test from the drop-down menu of jwt default policies, and then click update. But it cannot be successfully configured. I use the developers tool of Chrome, and find the http response of the update performance. It shows that in the jwt default policies, there's a list of base64 encoded string of the policy name I just configured, which should be a list of policy id.

I checked the security policy resource in k8s cluster, its spec id is the base64 string of it's namespaced name. Apparently this is a bug. I raised a PR #635 for this and workout fine in my environment.

Some of the CI Test has not been passed. But I'm not sure whether they matter.

Answer 1 · 2023-06-14T06:22:22.000Z

Hi @owenchenxy,
Thank you for raising the issue and PR too!
This issue was already in our backlog. It is a Dashboard UI bug which doesn't display policy if explicit IDs(base64 encoded IDs in our case) are set.

Answer 2 · 2023-06-19T12:11:00.000Z

@komalsukhani
Are there any plans to fix this with the next release?

Answer 3 · 2023-06-29T11:23:50.000Z

Hi @owenchenxy @talex-de, please note that the JWT Default policy setting is actually updated in the backend, just not reflected on the UI. The Dashboard team will be working on the UI fix, will update here when we have a planned fix date.