Tyk SecurityPolicy with K8s CRD not working with Auth Key

Branch/Environment/Version

  • Branch/Version: v4.0.3
  • Environment: Hybrid
    Describe the bug
    Tyk SecurityPolicy with K8s CRD not working with Auth Key. we created a SecurityPolicy with yaml.

Policy Yaml:

apiVersion: tyk.tyk.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: test-api-policy
spec:
  name: Test API Policy
  state: active
  active: true
  key_expires_in: 0
  tags:
    - "test_policy"
  access_rights_array:
    - name: test-api
      namespace: default
      versions:
        - "Default"

so when we create a policy with the tyk operator, it is creating two ids _id (mongoid: 6333f0348f47e40001da45dd) and id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5).

when we create a key with this policy and access the API it is throwing Access to this API has been disallowed because in the tyk gateway it is trying to get the policy with the id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) so it is returning policy not found.

can the gateway access the policy with the id or it can access only with _id ?
in middleware.go it is throwing error

policy, ok := t.Gw.policiesByID[polID]
t.Gw.policiesMu.RUnlock()
		if !ok {
			err := fmt.Errorf("policy not found: %q", polID)
			t.Logger().Error(err)
			return err
}

Logs:
[Sep 29 16:32:05] ERROR policy not found: “ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5” api_id=ZGVmYXVsdC9nZXQtY2xhaW0tc3RhdHVzLXJlc3Q api_name=Test API mw=AuthKey org_id=**** origin=::1 path=/test

I think the issue is the ApplyPolicies for the User Session State return id (ZGVmYXVsdC90cmFuc2FjdGlvbi1hcGktcG9saWN5) but in the policies map of the gateway the key is with _id(6333f0348f47e40001da45dd). so while ApplyPolicies is called, the gateway couldn’t find the policy.

Thanks for positing this @ibuar. We appreciate the feedback.

However, could you assist with opening this as a defect on the Tyk Operator repo. I assume this is related to Operator since K8 CRD is involved.

The devs have much quicker visibility on open issues and can validate or reply to issues faster.

Thanks.