Comments (5)
My guess is that we are not able to configure our default fusionauth tenant with this terraform provider, I mean let's simulate it, I have an unconfigured fusionauth client:
version: "3"
services:
db:
image: postgres:12.14
restart: always
environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 5
networks:
- db_net
volumes:
- db_data:/var/lib/postgresql/data
search:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.0
environment:
cluster.name: fusionauth
bootstrap.memory_lock: "true"
discovery.type: single-node
ES_JAVA_OPTS: ${ES_JAVA_OPTS}
healthcheck:
test:
[
"CMD",
"curl",
"--fail",
"--write-out",
"'HTTP %{http_code}'",
"--silent",
"--output",
"/dev/null",
"http://localhost:9200/",
]
interval: 5s
timeout: 5s
retries: 5
networks:
- search_net
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- search_data:/usr/share/elasticsearch/data
fusionauth:
image: fusionauth/fusionauth-app:1.45.3
depends_on:
db:
condition: service_healthy
search:
condition: service_healthy
environment:
DATABASE_URL: jdbc:postgresql://db:5432/fusionauth
DATABASE_ROOT_USERNAME: ${POSTGRES_USER}
DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
DATABASE_USERNAME: ${DATABASE_USERNAME}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
FUSIONAUTH_APP_MEMORY: 512M
FUSIONAUTH_APP_RUNTIME_MODE: development
FUSIONAUTH_APP_URL: http://fusionauth:9012
SEARCH_SERVERS: http://search:9200
SEARCH_TYPE: elasticsearch
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9012/api/status"]
interval: 5s
timeout: 5s
retries: 5
networks:
- db_net
- search_net
restart: unless-stopped
ports:
- 9012:9011
volumes:
- fusionauth_config:/usr/local/fusionauth/config
mailcatcher:
image: sj26/mailcatcher:v0.8.2
ports:
- "1021:1025"
- "1081:1080"
networks:
db_net:
driver: bridge
search_net:
driver: bridge
volumes:
db_data:
fusionauth_config:
search_data:
And now I wanna configure it, but I cannot since it does not have any apiKey. Now I am wondering if it is possible to configure an fusionauth instance from 0 to ready for use, both in dev env (local) and or staging/prod env. I tried this:
resource "fusionauth_api_key" "api-key" {
tenant_id = "5f41c3c4-032e-2f9b-8900-37c098b0be88"
description = "my super secret key"
key = "super-secret-key"
}
And I got this error:
│ Error: Cycle: fusionauth_api_key.api-key, provider["registry.terraform.io/gpsinsight/fusionauth"]
from terraform-provider-fusionauth.
I know it looks like two different question but they are relevant too IMO. I just added that docker compose file in favor of adding more clarity to my question and why I am asking it in the first place.
BTW I also tried to use fusionauth_tenant
resource and use
tenant_id = "5f41c3c4-032e-2f9b-8900-37c098b0be88"
name = "Default"
# ...
in order to configure my default tenant but I get an error that was saying that the Default
name is already exists which conveys that it was trying to create a new tenant and not update the existing one
*5f41c3c4-032e-2f9b-8900-37c098b0be88
is the default tenant ID
from terraform-provider-fusionauth.
BTW i just think that regarding adding api key through this provider was not really doable. It seems that we cannot skip using kickstart.json
for creating an super api key ref.
But regarding the default tenant and updating it, I think that is not feasible using normal existing means that are provided by this provider.
But definitely if you think like me and wanna keep your infrastructure configuration in one location you might wanna consider adding this in your terraform and then you can send a patch request to the default tenant when you are creating the theme or whatever it is in the terraform (In my case I am creating a custom theme in my terraform code and IO wanna use it for the default tenant as well)*:
data "httpclient_request" "get-tenants" {
url = "${var.fusionauth_host}/api/tenant/search?name=Default"
request_method = "GET"
request_headers = {
"Accept" = "application/json"
"Authorization" = "${var.fusionauth_api_key}"
}
}
locals {
fusionauth_tenant_id = jsondecode(data.httpclient_request.get-tenants.response_body).tenants[0].id
fusionauth_tenant_name = jsondecode(data.httpclient_request.get-tenants.response_body).tenants[0].name
}
data "httpclient_request" "set-default-tenant-theme" {
depends_on = [fusionauth_theme.custom-theme, data.httpclient_request.get-tenants]
url = "${var.fusionauth_host}/api/tenant/${local.fusionauth_tenant_id}"
request_method = "PATCH"
request_headers = {
"Accept" = "application/json"
"Content-Type" = "application/json"
"Authorization" = "${var.fusionauth_api_key}"
}
request_body = jsonencode(
{
"tenant" : {
"name" : "${local.fusionauth_tenant_name}",
"themeId" : "${fusionauth_theme.custom-theme.id}"
}
}
)
}
from terraform-provider-fusionauth.
Although you still need to create the super admin via kickstart.json 😭
from terraform-provider-fusionauth.
Have some breakthroughs but the new situation is that I have to apply the terraform twice in order to have the theme applied to the Default tenant. Any idea why?
Here is the log of my terraform:
As you can see it here my terraform is saying that it is gonna create the theme again and modify a bunch of things since it thinks it has been changed and also it is
from terraform-provider-fusionauth.
Related Issues (20)
- Acceptance tests failed on main HOT 1
- Using import for fusionauth_tenant and fusionauth_application creates errors HOT 6
- Multi-factor Configuration Issue HOT 12
- Can't update theme once created HOT 1
- Tenant multi_factor_configuration.login_policy is missing "Required" option
- Refresh token configuration options in application HOT 2
- Better support for multiple environments via workspaces
- Add support for SAML V2 Login Hint option
- Add support for twoFactorOneTimeCodeIdTimeToLiveInSeconds
- Feature Request: Support for Messengers & Message Templates HOT 1
- When application.data contains an array getting Error expected type 'string' HOT 1
- Why I have to reapply the same Terraform to see my custom theme is applied HOT 1
- Add support for configuring the unique_id_claim on idp_samlv2 HOT 1
- Error: application.data: data.developer_application: '' expected type 'string', got unconvertible type 'bool', value: 'true'
- When updating tenant, all webhooks are disabled (unchecked in tenant > webhooks section) HOT 2
- [feature][bug] Support for webhook event signing HOT 3
- [bug] Incorrect change detection for email form fields
- [bug] Incorrect change detection for application form configuration
- Feature Request: Theme data source
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-fusionauth.