Change default tenant theme
kasir-barati opened this issue · 5 comments
Hi dear reader
Thanks for this wonderful Terraform provider 💮, I just wanted to know how can we change the default tenant's theme or other conf using this provider, is it even possible?
I know that we can do it by having this kickstart.json
:
{
"apiKeys": [
{
"key": "7ef6fa566cf6bd2948f86dc9174b1ad87a40a67fa00c72edab82d566b79eeb206d532b9f217eac391423d087c0a329bb5518d6281d2bb29c2919642b4cc7300f"
}
],
"requests": [
{
"method": "PATCH",
"url": "/api/tenant/#{FUSIONAUTH_TENANT_ID}",
"body": {
"tenant": {
"themeId": "#{themeID}"
}
}
},
{
"method": "POST",
"url": "/api/user/registration",
"tenantId": "#{FUSIONAUTH_TENANT_ID}",
"body": {
"user": {
"email": "admin@admin.com",
"password": "adminadmin"
},
"registration": {
"applicationId": "#{FUSIONAUTH_APPLICATION_ID}",
"roles": ["admin"]
}
}
}
]
}
But as you can see it is not possible since we do not wanna use kickstart.json
.
any idea?
My guess is that we are not able to configure our default fusionauth tenant with this terraform provider, I mean let's simulate it, I have an unconfigured fusionauth client:
version: "3"
services:
db:
image: postgres:12.14
restart: always
environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 5
networks:
- db_net
volumes:
- db_data:/var/lib/postgresql/data
search:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0
environment:
cluster.name: fusionauth
bootstrap.memory_lock: "true"
discovery.type: single-node
ES_JAVA_OPTS: ${ES_JAVA_OPTS}
healthcheck:
test:
[
"CMD",
"curl",
"--fail",
"--write-out",
"'HTTP %{http_code}'",
"--silent",
"--output",
"/dev/null",
"http://localhost:9200/",
]
interval: 5s
timeout: 5s
retries: 5
networks:
- search_net
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- search_data:/usr/share/elasticsearch/data
fusionauth:
image: fusionauth/fusionauth-app:1.45.3
depends_on:
db:
condition: service_healthy
search:
condition: service_healthy
environment:
DATABASE_URL: jdbc:postgresql://db:5432/fusionauth
DATABASE_ROOT_USERNAME: ${POSTGRES_USER}
DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
DATABASE_USERNAME: ${DATABASE_USERNAME}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
FUSIONAUTH_APP_MEMORY: 512M
FUSIONAUTH_APP_RUNTIME_MODE: development
FUSIONAUTH_APP_URL: http://fusionauth:9012
SEARCH_SERVERS: http://search:9200
SEARCH_TYPE: elasticsearch
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9012/api/status"]
interval: 5s
timeout: 5s
retries: 5
networks:
- db_net
- search_net
restart: unless-stopped
ports:
- 9012:9011
volumes:
- fusionauth_config:/usr/local/fusionauth/config
mailcatcher:
image: sj26/mailcatcher:v0.8.2
ports:
- "1021:1025"
- "1081:1080"
networks:
db_net:
driver: bridge
search_net:
driver: bridge
volumes:
db_data:
fusionauth_config:
search_data:
And now I wanna configure it, but I cannot since it does not have any apiKey. Now I am wondering if it is possible to configure an fusionauth instance from 0 to ready for use, both in dev env (local) and or staging/prod env. I tried this:
resource "fusionauth_api_key" "api-key" {
tenant_id = "5f41c3c4-032e-2f9b-8900-37c098b0be88"
description = "my super secret key"
key = "super-secret-key"
}
And I got this error:
│ Error: Cycle: fusionauth_api_key.api-key, provider["registry.terraform.io/gpsinsight/fusionauth"]
I know it looks like two different question but they are relevant too IMO. I just added that docker compose file in favor of adding more clarity to my question and why I am asking it in the first place.
BTW I also tried to use fusionauth_tenant
resource and use
tenant_id = "5f41c3c4-032e-2f9b-8900-37c098b0be88"
name = "Default"
# ...
in order to configure my default tenant but I get an error that was saying that the Default
name is already exists which conveys that it was trying to create a new tenant and not update the existing one
*5f41c3c4-032e-2f9b-8900-37c098b0be88
is the default tenant ID
BTW i just think that regarding adding api key through this provider was not really doable. It seems that we cannot skip using kickstart.json
for creating an super api key ref.
But regarding the default tenant and updating it, I think that is not feasible using normal existing means that are provided by this provider.
But definitely if you think like me and wanna keep your infrastructure configuration in one location you might wanna consider adding this in your terraform and then you can send a patch request to the default tenant when you are creating the theme or whatever it is in the terraform (In my case I am creating a custom theme in my terraform code and IO wanna use it for the default tenant as well)*:
data "httpclient_request" "get-tenants" {
url = "${var.fusionauth_host}/api/tenant/search?name=Default"
request_method = "GET"
request_headers = {
"Accept" = "application/json"
"Authorization" = "${var.fusionauth_api_key}"
}
}
locals {
fusionauth_tenant_id = jsondecode(data.httpclient_request.get-tenants.response_body).tenants[0].id
fusionauth_tenant_name = jsondecode(data.httpclient_request.get-tenants.response_body).tenants[0].name
}
data "httpclient_request" "set-default-tenant-theme" {
depends_on = [fusionauth_theme.custom-theme, data.httpclient_request.get-tenants]
url = "${var.fusionauth_host}/api/tenant/${local.fusionauth_tenant_id}"
request_method = "PATCH"
request_headers = {
"Accept" = "application/json"
"Content-Type" = "application/json"
"Authorization" = "${var.fusionauth_api_key}"
}
request_body = jsonencode(
{
"tenant" : {
"name" : "${local.fusionauth_tenant_name}",
"themeId" : "${fusionauth_theme.custom-theme.id}"
}
}
)
}
Although you still need to create the super admin via kickstart.json ðŸ˜
Have some breakthroughs but the new situation is that I have to apply the terraform twice in order to have the theme applied to the Default tenant. Any idea why?
Here is the log of my terraform:
As you can see it here my terraform is saying that it is gonna create the theme again and modify a bunch of things since it thinks it has been changed and also it is