Skip to content

Tyk 1.6 and Tyk Dashboard 0.9.4.5
Compare
Choose a tag to compare
@lonelycode lonelycode released this 02 Jul 11:10
· 4450 commits to master since this release
1.6
e0617d5

UPDATE: Dashboard version 0.9.4.5 Hotfix: Large data sets now supported in analytics. Fixes bug where analytics do not show up.

Major release - now with a portal :-)

v1.6

  • Added LDAP StorageHandler, enables basic key lookups from an LDAP service

  • Added Policies feature, you can now define key policies for keys you generate:

    • Create a policies/policies.json file

    • Set the appropriate arguments in tyk.conf file:

      "policies": {
    "policy_source": "file",
    "policy_record_name": "./policies/policies.json"
}

    • Create a policy, they look like this:

      {
    "default": {
        "rate": 1000,
        "per": 1,
        "quota_max": 100,
        "quota_renewal_rate": 60,
        "access_rights": {
            "41433797848f41a558c1573d3e55a410": {
                "api_name": "My API",
                "api_id": "41433797848f41a558c1573d3e55a410",
                "versions": [
                    "Default"
                ]
            }
        },
        "org_id": "54de205930c55e15bd000001",
        "hmac_enabled": false
    }
}

    • Add a apply_policy_id field to your Session object when you create a key with your policy ID (in this case the ID is default)

    • Reload Tyk

    • Policies will be applied to Keys when they are loaded form Redis, and the updated i nRedis so they can be ueried if necessary

  • Policies can invalidate whole keysets by copying over the InActive field, set this to true in a policy and all keys that have the policy set will be refused access.

  • Added granular path white-list: It is now possible to define at the key level what access permissions a key has, this is a white-list of regex keys and apply to a whole API definition. Granular permissions are applied after version-based (global) ones in the api-definition. These granular permissions take the form a new field in the access rights field in either a policy definition or a session object in the new allowed_urls field:

    {
    "default": {
        "rate": 1000,
        "per": 1,
        "quota_max": 100,
        "quota_renewal_rate": 60,
        "access_rights": {
            "41433797848f41a558c1573d3e55a410": {
                "api_name": "My API",
                "api_id": "41433797848f41a558c1573d3e55a410",
                "versions": [
                    "Default"
                ],
                "allowed_urls": [
                    {   
                        "url": "/resource/(.*),
                        "methods": ["GET", "POST"] 
                    }
                ]
            }
        },
        "org_id": "54de205930c55e15bd000001",
        "hmac_enabled": false
    }
}

  • Added hash_keys config option. Setting this to true willc ause Tyk to store all keys in Redis in a hashed representation. This will also obfuscate keys in analytics data, using the hashed representation instead. Webhooks will continue to make the full API key available. This change is not backwards compatible if enabled on an existing installation.

  • Added cache_options.enable_upstream_cache_control flag to API definitions

    • Upstream cache control is exclusive, caching must be enabled on the API, and the path to listen for upstream headers must be defined in the extended_paths section, otherwise the middleware will not activate for the path
    • Modified caching middleware to listen for two response headers: x-tyk-cache-action-set and x-tyk-cache-action-set-ttl.
    • If an upstream application replies with the header x-tyk-cache-action-set set to 1 (or anything non empty), and upstream control is enabled. Tyk will cache the response.
    • If the upstream application sets x-tyk-cache-action-set-ttl to a numeric value, and upstream control is enabled, the cached object will be created for whatever number of seconds this value is set to.

  • Added auth.use_param option to API Definitions, set to tru if you want Tyk to check for the API Token in the request parameters instead of the header, it will look for the value set in auth.auth_header_name and is case sensitive

  • Host manager now supports Portal NginX tempalte maangement, will generate portal configuration files for NginX on load for each organisation in DB

  • Host manager will now gracefully attempt reconnect if Redis goes down

  • Tyk will now reload on notifications from Redis (dashboard signal) for cluster reloads (see below), new option in config SuppressRedisSignalReload will suppress this behaviour (for example, if you are still using old host manager)

  • Added new group reload endpoint (for management via LB), sending a GET to /tyk/reload/group will now send a pub/sub notification via Redis which will cause all listening nodes to reload gracefully.

  • Host manager can now be set to manage Tyk or not, this means host manager can be deployed alongside NGinX without managing Tyk, and Tyk nodes reloading on their own using redis pub/sub

  • Rate limiter now uses a rolling window, makes gaming the limiter by staddling the TTL harder

Assets 26
Loading