@dan said in Kubernetes deployment of version 1.16.0-RC.1:
Also, what in particular doesn't work with the current charts? What doesn’t support 1.16.0-rc.1?
Exactly this. I am using version 1.16.0-RC.1 because I don't want elasticsearch. Currently, the official charts do not allow to install it without elasticsearch.
@dan Yes, I will file a bug there if it is still happening. Thanks for your help.
@dan I can confirm it's working as expected. Thanks for your useful advice.
@dan I can confirm it's working as expected. Thanks for your useful advice.
@dan hmmm I did not see that method. I'll give a try. I'm pretty sure it will work. Thanks for the hint!
long story short: this works:
request = {
'tenant': {
'emailConfiguration': {
'host': hostname,
'port': port,
'username': username,
'password': password,
'security': 'SSL' if enable_ssl == 'true' else 'NONE',
}
}
}
headers = {'content-type': 'application/json', 'authorization': api_key}
response = requests.patch(f'{api_url}/api/tenant/{tenant_id}', data=json.dumps(request), headers=headers)
i.e. I receive status 200, but this doesn't:
request = {
'tenant': {
'emailConfiguration': {
'host': hostname,
'port': port,
'username': username,
'password': password,
'security': 'SSL' if enable_ssl == 'true' else 'NONE',
}
}
}
response = client.update_tenant(tenant_id, request)
i.e. I receive status 400.
Without the trailing slash in fusionauth api url, I get a 400 status code for call
request = {
'tenant': {
'emailConfiguration': {
'host': hostname,
'port': port,
'username': username,
'password': password,
'security': 'SSL' if enable_ssl == 'true' else 'NONE',
}
}
}
response = client.update_tenant(tenant_id, request)
The printed value of the request variable is
{'tenant': {'emailConfiguration': {'host': 'my-smtp-host', 'port': 8081, 'username': 'laurent', 'password': '1234', 'security': 'SSL'}}}
I was able to gather that
response = client.retrieve_tenants()
tenants = response.success_response['tenants']
returns None because I created the fusionauth client like this:
client = FusionAuthClient(args.api_key, args.api_url)
with api_url ending with trailing slash. Interestingly,
response.was_successful()
is true. I still have no explanation for the other call.
If I do
curl http://docker122445-env-0749025.hidora.com/api/tenant
-H "Accept: application/json"
-H 'Authorization: CrH00Hgsp1yj1NKyGHGwxS8xKpoJh9gwNcOKful4'
then I get my default tenant.
If I don't use the python client, but rather do this:
curl -X PATCH http://my-fusionauth-hostname.com/api/tenant/135ccc5c-17b9-414b-9538-65d77e53a0c0
-H 'Content-Type: application/json'
-H 'Accept: application/json'
-H 'Authorization: CrH00Hgsp1yj1NKyGHGwxS8xKpoJh9gwNcOKful4'
-d '{ "tenant": { "emailConfiguration": { "host": "smtp-host", "port": 8080, "username": "the-username", "password": "password", "security": "SSL" } } }'
Then it works.
I am using the single, default tenant defined by fusionauth :
I installed fusionauth with the following kickstart:
{
"apiKeys": [
{
"description": "Almighty API Key",
"key": "#{almightyApiKey}"
},
{
"description": "Serverless API Key",
"key": "#{serverlessApiKey}",
"permissions": {
"endpoints": {
"/api/jwt/validate": [
"POST"
],
"/api/login": [
"POST"
],
"/api/user": [
"POST",
"DELETE"
],
"/api/user/registration": [
"POST"
]
}
}
}
],
"requests": [
{
"body": {
"registration": {
"applicationId": "#{FUSIONAUTH_APPLICATION_ID}",
"roles": [
"admin"
]
},
"user": {
"email": "#{adminEmail}",
"password": "#{adminPassword}"
}
},
"method": "POST",
"url": "/api/user/registration"
},
{
"body": {
"emailTemplate": {
"defaultHtmlTemplate": "To change your password use the following token:\n\n<p>changePasswordId=${changePasswordId}</p>",
"defaultSubject": "Reset your password",
"defaultTextTemplate": "To change your password use the following token: \n\nchangePasswordId=${changePasswordId}",
"name": "Forgot Password"
}
},
"method": "POST",
"url": "/api/email/template/#{forgotPasswordEmailTemplateId}"
},
{
"body": {
"emailTemplate": {
"defaultHtmlTemplate": "Your account has been created and you must setup a password. Use the following token to setup your password:\n\n<p>changePasswordId=${changePasswordId}</p>",
"defaultSubject": "Setup your password",
"defaultTextTemplate": "Your account has been created and you must setup a password. Use the following token to setup your password: \n\nchangePasswordId=${changePasswordId}",
"name": "Setup Password"
}
},
"method": "POST",
"url": "/api/email/template/#{setPasswordEmailTemplateId}"
},
{
"body": {
"emailTemplate": {
"defaultHtmlTemplate": "[#if user.verified]\nPro tip, your email has already been verified, but feel free to complete the verification process to verify your verification of your email address.\n[/#if]\n\nTo complete your email verification use the following token:\n\n<p>${verificationId}</p>",
"defaultSubject": "Verify your email address",
"defaultTextTemplate": "[#if user.verified]\nPro tip, your email has already been verified, but feel free to complete the verification process to verify your verification of your email address.\n[/#if]\n\nTo complete your email verification use the following token:\n\n${verificationId}",
"name": "Email Verification"
}
},
"method": "POST",
"url": "/api/email/template/#{verificationEmailTemplateId}"
},
{
"body": {
"emailTemplate": {
"defaultHtmlTemplate": "[#if registration.verified]\nPro tip, your registration has already been verified, but feel free to complete the verification process to verify your verification of your registration.\n[/#if]\n\nTo complete your registration verification use the following token: \n<p>${verificationId}</p>",
"defaultSubject": "Verify your registration",
"defaultTextTemplate": "[#if registration.verified]\nPro tip, your registration has already been verified, but feel free to complete the verification process to verify your verification of your registration.\n[/#if]\n\nTo complete your registration verification use the following token: \n\n${verificationId}",
"name": "Registration Verification"
}
},
"method": "POST",
"url": "/api/email/template/#{registrationVerificationEmailTemplateId}"
},
{
"body": {
"tenant": {
"emailConfiguration": {
"defaultFromEmail": "#{fromEmail}",
"defaultFromName": "#{fromName}",
"forgotPasswordEmailTemplateId": "#{forgotPasswordEmailTemplateId}",
"host": "#{mailServerHost}",
"password": "#{mailServerPassword}",
"port": "#{mailServerPort}",
"security": "#{mailServerSecurity}",
"setPasswordEmailTemplateId": "#{setPasswordEmailTemplateId}",
"username": "#{mailServerUsername}",
"verificationEmailTemplateId": "#{verificationEmailTemplateId}",
"verificationStrategy": "FormField",
"verifyEmail": true,
"verifyEmailWhenChanged": true
},
"issuer": "#{issuer}",
"name": "Default",
"userDeletePolicy": {
"unverified": {
"enabled": true,
"numberOfDaysToRetain": 1
}
}
}
},
"method": "PATCH",
"url": "/api/tenant/#{defaultTenantId}"
},
{
"body": {
"lambda": {
"body": "function populate(jwt, user, registration) { jwt['#{hasuraClaimsNamespace}'] = { 'x-hasura-allowed-roles': jwt.roles, 'x-hasura-default-role': jwt.roles[0], 'x-hasura-user-id': user.id }; }",
"debug": true,
"enabled": true,
"name": "hasura",
"type": "JWTPopulate"
}
},
"method": "POST",
"url": "/api/lambda/#{hasuraLambdaId}"
}
],
"variables": {
"adminEmail": "admin@company.com",
"adminPassword": "my admin password",
"almightyApiKey": "24114b81-4207-4b02-bcd5-3bbbb91a66e7",
"defaultTenantId": "9d72d134-464e-4542-a42f-6b0ac602f0d2",
"forgotPasswordEmailTemplateId": "#{UUID()}",
"fromEmail": "no-reply@company.com",
"fromName": "Company",
"hasuraClaimsNamespace": "https://hasura.io/jwt/claims",
"hasuraLambdaId": "#{UUID()}",
"issuer": "company.com",
"mailServerHost": "smtp-host",
"mailServerPassword": "smtp-pwd",
"mailServerPort": 1025,
"mailServerSecurity": "NONE",
"mailServerUsername": "smtp-user",
"registrationVerificationEmailTemplateId": "#{UUID()}",
"serverlessApiKey": "42f41c94-e41a-492c-891c-c85f2204c639",
"setPasswordEmailTemplateId": "#{UUID()}",
"verificationEmailTemplateId": "#{UUID()}"
}
}
I have defined a super-user api key:
Using that key, with python fusionauth client, I am trying to get all tenants like this:
response = client.retrieve_tenants()
tenants = response.success_response['tenants']
I get None tenants. Why? I was expecting to see my default tenant here. Then, if I grab my default tenant id and use it like this:
request = {
'tenant': {
'emailConfiguration': {
'host': hostname,
'port': port,
'username': username,
'password': password,
'security': 'SSL' if enable_ssl == 'true' else 'NONE',
}
}
}
response = client.update_tenant(tenant_id, request)
then I get response.status == 405 which is not documented in your documentation. Why do I get that status? How can I update my default tenant's smtp parameters through the API? If I do it through the FusionAuth dashboard, then it works.
I am working with FusionAuth
version 1.32.1.
Thanks in advance for your help!
Hey Dan,
Thanks for your very useful advice. This line is critical in the configuration you mention:
"url": "/api/application/#{joomlaAppId}",
I didn't know I could put the request parameter right there. My problem is then solved.
Hi,
In my kickstart.json, I have the following section:
{
"body": {
"application": {
"jwtConfiguration": {
"accessTokenKeyId": "#{accessTokenSigningKeyId}",
"enabled": true,
"refreshTokenTimeToLiveInMinutes": 1440,
"timeToLiveInSeconds": 3600
},
"lambdaConfiguration": {
"accessTokenPopulateId": "#{hasuraLambdaId}"
},
"loginConfiguration": {
"allowTokenRefresh": true,
"generateRefreshTokens": true,
"requireAuthentication": true
},
"name": "test-application",
"roles": [
{
"isDefault": true,
"isSuperRole": false,
"name": "user"
},
{
"isDefault": false,
"isSuperRole": false,
"name": "manager"
}
]
}
},
"method": "POST",
"url": "/api/application"
}
In that kickstart, I would like to directly register a user in that application test-application. I figured I could set myself the application's id (with e.g. #{UUID()}) and use that id in the user registration:
{
"body": {
"registration": {
"applicationId": "#{THE_TEST_APPLICATION_ID}",
"roles": [
"manager"
]
},
"user": {
"email": "#{managerEmail}",
"password": "#{managerPassword}"
}
},
"method": "POST",
"url": "/api/user/registration"
},
However, I was not able to gather from the documentation how to achieve that. The applicationId is a request parameter and there seems to be no way to set it through a parameter in the /api/application body.
Is there a to do what I want or do I have to register the user after fusionauth kickstart?
Thanks in advance for your advice!