Applying security policies through tyk-operator (oss)

We have applied SecurityPolicy given here through tyk-operator and it is reflecting when we run below command -

kubectl get securitypolicy -n tyk

But when I try to generate an OAuth Client with this security policy by giving policy_id it is throwing error as policy not found.
When I checked in the policies.json file present inside the pod then there also this security policy was not present.

After I added this policy manually in policies.json file then I was able to create OAuth clients.

Am I missing something in this policy or security policy creation is not supported through operator?

Below are the error messages logged when I create a security policy through operator -

{"level":"info","ts":1618821237.1511142,"logger":"securitypolicy-resource","msg":"default","name":"oauth-provider-policy"}
{"level":"info","ts":1618821237.1809022,"logger":"securitypolicy-resource","msg":"validate create","name":"oauth-provider-policy"}
{"level":"info","ts":1618821237.191932,"logger":"controllers.SecurityPolicy","msg":"Reconciling SecurityPolicy instance","SecurityPolicy":"tyk/oauth-provider-policy"}
{"level":"info","ts":1618821237.1919882,"logger":"controllers.SecurityPolicy","msg":"updating access rights"}
{"level":"info","ts":1618821237.2210846,"logger":"controllers.SecurityPolicy","msg":"Call","Method":"GET","URL":"http://tyk-svc.tyk.svc.cluster.local:8080/tyk/apis/dHlrL29hdXRoLXByb3ZpZGVyLWFwaQ","Status":200}
{"level":"info","ts":1618821237.221413,"logger":"controllers.SecurityPolicy","msg":"Creating  policy"}
{"level":"error","ts":1618821237.2214265,"logger":"controllers.SecurityPolicy","msg":"Failed to create policy","error":"TODO: This feature is not implemented yet","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/TykTechnologies/tyk-operator/controllers.(*SecurityPolicyReconciler).create\n\t/workspace/controllers/securitypolicy_controller.go:172\ngithub.com/TykTechnologies/tyk-operator/controllers.(*SecurityPolicyReconciler).Reconcile.func1\n\t/workspace/controllers/securitypolicy_controller.go:92\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.mutate\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/controller/controllerutil/controllerutil.go:228\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.CreateOrUpdate\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/controller/controllerutil/controllerutil.go:212\ngithub.com/TykTechnologies/tyk-operator/controllers.(*SecurityPolicyReconciler).Reconcile\n\t/workspace/controllers/securitypolicy_controller.go:65\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:244\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:90"}
{"level":"error","ts":1618821237.2215466,"logger":"controller","msg":"Reconciler error","reconcilerGroup":"tyk.tyk.io","reconcilerKind":"SecurityPolicy","controller":"securitypolicy","name":"oauth-provider-policy","namespace":"tyk","error":"TODO: This feature is not implemented yet","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:246\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:90"}

Here it is saying “This feature is not implemented yet”.
Is the Admin API support added for Security Policies? Are there any other ways for adding these for oss other than adding it manually inside the pod?

Is there any other way of doing this other than adding it manually inside the pod?

Hi Anup.

No there isn’t. If you are using OSS without Tyk dashboard you need to mount the policy inside the pod.