/tyk/policies endpoint of gateway API returning 404

aaron · April 27, 2022, 2:33pm

I set up tyk gateway OSS with docker compose as described in the docs. However, if I try to talk to the /tyk/ploicies endpoint of the gateway API I’m getting 404 page not found as a reply. All other endpoints work as expected and the tyk.conf includes the configuration for policies described in the docs, as to be seen in my config posted below.

Also adding - ./policies/policies.json:/opt/tyk-gateway/policies/policies.json to volumes in docker-compose.yml, in order to use my own policies instead of the standard one generated in case of basic configuration, the same issue occurs.

Thanks in advance for your help!

tyk.conf:

{
  "listen_port": 8080,
  "secret": "352d20ee67be67f6340b4c0605b044b7",
  "template_path": "/opt/tyk-gateway/templates",
  "tyk_js_path": "/opt/tyk-gateway/js/tyk.js",
  "middleware_path": "/opt/tyk-gateway/middleware",
  "use_db_app_configs": false,
  "app_path": "/opt/tyk-gateway/apps/",
  "storage": {
    "type": "redis",
    "host": "tyk-redis",
    "port": 6379,
    "username": "",
    "password": "",
    "database": 0,
    "optimisation_max_idle": 2000,
    "optimisation_max_active": 4000
  },
  "enable_analytics": false,
  "analytics_config": {
    "type": "csv",
    "csv_dir": "/tmp",
    "mongo_url": "",
    "mongo_db_name": "",
    "mongo_collection": "",
    "purge_delay": -1,
    "ignored_ips": []
  },
  "health_check": {
    "enable_health_checks": true,
    "health_check_value_timeouts": 60
  },
  "optimisations_use_async_session_write": false,
  "enable_non_transactional_rate_limiter": true,
  "enable_sentinel_rate_limiter": false,
  "enable_redis_rolling_limiter": false,
  "allow_master_keys": false,
  "policies": {
    "policy_source": "file",
    "policy_record_name": "/opt/tyk-gateway/policies/policies.json"
  },
  "hash_keys": true,
  "enable_hashed_keys_listing": true,
  "close_connections": false,
  "http_server_options": {
    "enable_websockets": true
  },
  "allow_insecure_configs": true,
  "coprocess_options": {
    "enable_coprocess": true,
    "coprocess_grpc_server": ""
  },
  "enable_bundle_downloader": true,
  "bundle_base_url": "",
  "global_session_lifetime": 100,
  "force_global_session_lifetime": false,
  "max_idle_connections_per_host": 500,
  "enable_jsvm": true
}

docker-compose.yml:

version: '3.3'
services:
  tyk-gateway:
    image: tykio/tyk-gateway:v4.0rc2
    ports:
      - 8080:8080
    networks:
      - tyk
    volumes:
      - ./tyk.standalone.conf:/opt/tyk-gateway/tyk.conf
      - ./apps:/opt/tyk-gateway/apps
      - ./middleware:/opt/tyk-gateway/middleware
      - ./certs:/opt/tyk-gateway/certs
    environment:
      - TYK_GW_SECRET=foo
    depends_on:
      - tyk-redis
  tyk-redis:
    image: redis:5.0-alpine
    networks:
      - tyk
    ports:
      - 6379:6379
networks:
  tyk:

Olu · April 27, 2022, 4:22pm

I think the policies gateway endpoint is being introduced in version 4.1.x and above. I am not sure which release candidate version it starts with but I have tested with tykio/tyk-gateway:v4.1.0-rc10 and can confirm that is works.

aaron · April 27, 2022, 5:49pm

Endpoint works now, thanks a lot!

But now I have issues attaching policies to custom keys. The session object for posting the key (to /tyk/keys/<KEY>) looks like this:

{
  "access_rights": {
    "1": {
      "api_name": "Tyk Test API",
      "api_id": "1"
    }
  },
  "hmac_enabled": false,
  "hmac_string": "",
  "is_inactive": false,
  "monitor": {
    "trigger_limits": []
  },
  "apply_policy_id": "",
  "apply_policies": [
    "TEST_POLICY"
    ]
}

and policy (obtained by GET /tyk/policies) looks like this:

{
        "_id": "",
        "id": "TEST_POLICY",
        "name": "TEST_POLICY",
        "org_id": "",
        "rate": 100,
        "per": 1,
        "quota_max": -1,
        "quota_renewal_rate": 0,
        "throttle_interval": 0,
        "throttle_retry_limit": 0,
        "max_query_depth": 0,
        "access_rights": {
            "1": {
                "api_name": "Tyk Test API",
                "api_id": "1",
                "versions": [
                    "Default"
                ],
                "allowed_urls": null,
                "restricted_types": null,
                "limit": {
                    "rate": 0,
                    "per": 0,
                    "throttle_interval": 0,
                    "throttle_retry_limit": 0,
                    "max_query_depth": 0,
                    "quota_max": -1,
                    "quota_renews": 0,
                    "quota_remaining": 0,
                    "quota_renewal_rate": 0
                },
                "field_access_rights": null,
                "allowance_scope": ""
            }
        },
        "hmac_enabled": false,
        "enable_http_signature_validation": false,
        "active": true,
        "is_inactive": false,
        "tags": null,
        "key_expires_in": 0,
        "partitions": {
            "quota": false,
            "rate_limit": true,
            "complexity": false,
            "acl": false,
            "per_api": false
        },
        "last_updated": "",
        "meta_data": null,
        "graphql_access_rights": null
}

As indicated by partitions I only want to enforce rate limits. But what I get back is:

{
    "status": "error",
    "message": "Failed to create key, ensure security settings are correct."
}

As removing

"apply_policy_id": "",
"apply_policies": [
    "TEST_POLICY"
]

from the session object, the key is propperly added. Any idea what I’m doing wrong?

Thanks!

Olu · April 28, 2022, 10:20am

I am not sure but could you check if your API definition has an org_id. If it does then the policy would also have to be set with the same thing.

aaron · April 28, 2022, 10:35am

That’s it, thank you very much!!

kostya_sb · May 31, 2022, 12:22pm

Any idea when it will be pushed to the stable release? Thx.

Olu · June 1, 2022, 8:18am

I checked internally but could not find an actual release date. I know development is nearly complete and I suspect a release to be any time from July. But I can’t say for certain, so I update the thread around July with an update

jonlink_mf · August 4, 2022, 9:31pm

@Olu might it make sense to take the policies endpoint in the API docs out of version 4.0 if that’s not included in it?

Ubong · August 8, 2022, 2:27pm

Hi @jonlink_mf

I’ve created an internal ticket to this end.

Cheers,

jonlink_mf · August 10, 2022, 4:21pm

Thank you! Would definitely cut down on confusion