If you see the error below when attempting to clear any caches via the dashboard
There are two solutions;
Solution 1:
The recommended solution to resolve the issue involves using OPA rules. You can access the OPA rules through the Dashboard UI;
Change this catch-all OPA rule, which will initially be this:
# If a request to an endpoint does not match any defined permissions, the request will be denied.
deny[x] {
count(request_permission) == 0
x := sprintf("This action is unknown. You do not have permission to access '%v'.", [input.request.path])
}
Into this:
# If a request to an endpoint does not match any defined permissions, the request will be denied.
deny[x] {
count(request_permission) == 0
not regex.match("/api/cache/(.*)", input.request.path)
x := sprintf("This action is unknown. You do not have permission to access '%v'.", [input.request.path])
}
If you would like only admins to be able to invalidate the API cache, You can go ahead and add the rule below into the above rule
# only allow an admin to invalidate an API cache
deny[x] {
regex.match("/api/cache/(.*)", input.request.path)
not is_admin
x := sprintf("You do not have permissions to invalidate the cache via '%v'.", [i
If you do not add this, all users will be able to invalidate the API cache.
Solution 2:
You can use the Dashboard API to clear the cache. A sample request will look like this.
curl https://<tyk-dashboard>/api/cache/{api-id} -X DELETE -H "Authorization: <dashboard-api-credentials>"
Where the Authorization header value is the API Access Credentials of a Dashboard User.
Using this makes the same request to the Dashboard as clicking the "Invalidate Cache" button in the UI.
Comments
0 comments
Please sign in to leave a comment.