Only redis and tyk-gateway are running in Docker. I’ve successfully created APIs, but now I need to create policies for JWT quotas. What are the options?
Features indicate Full REST API, but I haven’t been able to find documentation.
Looking at the tyk github policy.go source code, there are
- LoadPoliciesFromFile
- LoadPoliciesFromDashboard
- LoadPoliciesFromRPC
The load from file seems like a workable solution if I knew where to copy them. I found /opt/tyk-gateway/policies with one file called policies.json. I don’t see the policies I created through the dashboard. Can I copy them to individual files in this dir? Do they have to be added to the polices.json? What is the format?
HELP!!!
1 Like
Hi Troy,
To create Policies programmatically, yu will need to use the Dashboard REST API which has a policies endpoint.
If you are running Tyk and the Dashboard then this will be the only way to create and load policies.
To use file-based policy loading, then you’ll need to not use the dashboard at all (or at least, not to set up and manage policies).
Policies are added to the policie folder which is defined in the Tyk.conf file.
The relevant details are in the docs for he configuration file here:
https://tyk.io/docs/tyk-api-gateway-v-2-0/configuration/gateway-configuration-options/
The relevant config we’re using is:
policies.policy_source
Set this value to file to look on the file system for a definition file, set to service to use the dashboard service. Note the option for mongo has now been removed.
You’ll need to use the dashboard RESt API if you want to export your definitions into a file format.
The policy file format is like the example shows, one JSON object with all the relevant policies as sub documents (see tyk/policies/policies.json at master · TykTechnologies/tyk · GitHub)
Hope that helps.
Thanks for the quick response. I got it all working with the file based APIs and policies.
If the dashboard service were not executing will a new LB tyk-gateway node or an existing tyk-gateway that restarts be able to load the policies?
If you are running in file based mode then the dashboard isn’t a dependency.
If you are using the dashboard to manage your APIs then an auto scaling Tyk node with a downed dashboard will not bootstrap properly until the dashboard comes back online (and is appropriately licensed).
An existing Tyk node that reloads (not restarts) but fails to find the dash will defensively load and keep its old configuration until the dash comes back.
You can run multiple dashboards behind an LB in an environment to mitigate against the dashboard process failing and stopping your nodes from scaling.
It’s worth noting that file-based configuration and dashboard based are considered mutually exclusive so it’s either a dependency orbit isn’t.