Updating ratelimit in policy doesn't work properly

Shivam_Gupta · June 17, 2022, 5:17am

Hi
I have created a policy and have 1 API in it and had set perApi rate limit in it
I had created a key for that policy and used it to access the policy

So, after I update rate limit in policy
I had checked the json of that key, there rate limit gets updated properly in access_rights.limit

and now when I hit requests to API the previous rate limit is applied

To make it works properly I have to make a update request to that key without changing anything

Policy

 "30331163-0377-4e4e-bfa7-719be395ad9d": {
    "access_rights": {
      "1f6a9794-9e3c-43e7-bbe9-2807248b7aa9": {
        "api_id": "1f6a9794-9e3c-43e7-bbe9-2807248b7aa9",
        "api_name": "ApiConstant1",
        "versions": [
          "Default"
        ],
        "allowed_urls": [],
        "limit": {
          "rate": 5,
          "per": 10,
          "throttle_interval": -1,
          "throttle_retry_limit": -1,
          "max_query_depth": -1,
          "quota_max": -1,
          "quota_renews": -1,
          "quota_remaining": -1,
          "quota_renewal_rate": 0,
          "set_by_policy": false
        }
      }
    },
    "active": true,
    "is_inactive ": false,
    "name": "PolicyConstant1",
    "quota_max": -1,
    "quota_renewal_rate": -1,
    "rate": -1,
    "per": -1,
    "throttle_interval": -1,
    "throttle_retry_limit": -1,
    "state": "active",
    "tags": [],
    "key_expires_in": 0,
    "partitions": {
      "quota": false,
      "rate_limit": false,
      "complexity": false,
      "acl": false,
      "per_api": true
    }
  }

Key for that policy

{
    "last_check": 0,
    "allowance": 0,
    "rate": 3,
    "per": 10,
    "throttle_interval": -1,
    "throttle_retry_limit": -1,
    "max_query_depth": -1,
    "date_created": "2022-06-16T12:26:49.6848391Z",
    "expires": 0,
    "quota_max": -1,
    "quota_renews": 0,
    "quota_remaining": -1,
    "quota_renewal_rate": 0,
    "access_rights": {
        "1f6a9794-9e3c-43e7-bbe9-2807248b7aa9": {
            "api_name": "ApiConstant1",
            "api_id": "1f6a9794-9e3c-43e7-bbe9-2807248b7aa9",
            "versions": [
                "Default"
            ],
            "allowed_urls": [],
            "restricted_types": null,
            "limit": {
                "rate": 3,
                "per": 10,
                "throttle_interval": -1,
                "throttle_retry_limit": -1,
                "max_query_depth": -1,
                "quota_max": -1,
                "quota_renews": 0,
                "quota_remaining": -1,
                "quota_renewal_rate": 0
            },
            "field_access_rights": null,
            "allowance_scope": "1f6a9794-9e3c-43e7-bbe9-2807248b7aa9"
        }
    },
    "org_id": "",
    "oauth_client_id": "",
    "oauth_keys": null,
    "certificate": "",
    "basic_auth_data": {
        "password": "",
        "hash_type": ""
    },
    "jwt_data": {
        "secret": ""
    },
    "hmac_enabled": false,
    "enable_http_signature_validation": false,
    "hmac_string": "",
    "rsa_certificate_id": "",
    "is_inactive": false,
    "apply_policy_id": "",
    "apply_policies": [
        "30331163-0377-4e4e-bfa7-719be395ad9d"
    ],
    "data_expires": 0,
    "monitor": {
        "trigger_limits": null
    },
    "enable_detail_recording": false,
    "enable_detailed_recording": false,
    "meta_data": {},
    "tags": [],
    "alias": "Key2",
    "last_updated": "1655387486",
    "id_extractor_deadline": 0,
    "session_lifetime": 0
}

So is this some issue or actual behavior of Tyk Gateway?

Olu · June 17, 2022, 4:35pm

So the actual behavior as shared on this thread should be a simple call to the gateway with the key. I can’t recall if this is how it works, but I tested and confirmed a gateway restart is needed in 4.0.0 and 4.1.0-rc10.

So if you simply restart the gateway rather than hot reload it, then it should work.

Let us know if this worked for you.

Shivam_Gupta · June 20, 2022, 6:21am

I am using Tyk Gateway version 3.2.1
And I tested after updating policy when I restarted gateway it works fine

But issue over here is, it won’t be a good idea for me to restart gateway every time the policy is updated
So, as I update rate limit in policy, I can see changes in key’s definition without restarting the gateway then why isn’t it getting applied OR why isn’t it actually taking effect when I request that API

Well, is there any other way I can make policy changes apply without restarting the gateway?

Olu · June 20, 2022, 11:32am

I tried on v3.2.1 but I cannot reproduce the same issue. I checked again on later versions and yes I think that is an issue there but not on v3.2.1

I am not sure why that is happening for you but can you share your config file? I assume the issue might be somewhere in your config file:

Olu · June 20, 2022, 11:47am

For Open Source, it might be when 4.1.0 is officially out with the policy APIs through the gateway. Apart from that, it is through the dashboard. However, as I said, can you share your config file. I can’t reproduce the issue on v3.2.1

why isn’t it getting applied OR why isn’t it actually taking effect when I request that API

For this I am not sure. It would seem it has updated in memory since you get the updated values in the GET call for the key request. Maybe it’s with one of the fields I outlined in the config file.

Shivam_Gupta · June 20, 2022, 1:46pm

Hey!
Enabling this in my config resolved the issue

Thankyou !!!