search

goauthentik / terraform-provider-authentik

Manage https://goauthentik.io with terraform.
https://registry.terraform.io/providers/goauthentik/authentik/latest/docs
GNU General Public License v3.0
58 stars 16 forks source link

authentik_flow ignores changes to background #482

Open spencerhughes opened 3 months ago

spencerhughes commented 3 months ago

When setting the background attribute of authentik_flow to either a path within Authentik (e.g., /media/public/flow-backgrounds/background.png) or to a URL as per the documentation, Terraform reports that the resource was successfully changed, but the previous value of background remains unchanged.

If you run Terraform in debug mode, you can see that it notices this but ignores it:

2024-03-09T11:48:08.405-0500 [INFO]  provider.terraform-provider-authentik_v2024.2.0: 2024/03/09 11:48:08
GET /api/v3/flows/instances/test-authentication-flow/ HTTP/1.1
Host: auth.example.com
User-Agent: authentik-terraform@2024.2.0
Accept: application/json
Authorization: Bearer TOKEN
Accept-Encoding: gzip
: timestamp=2024-03-09T11:48:08.405-0500
2024-03-09T11:48:08.438-0500 [INFO]  provider.terraform-provider-authentik_v2024.2.0: 2024/03/09 11:48:08
HTTP/1.1 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Date: Sat, 09 Mar 2024 16:48:08 GMT
Referrer-Policy: same-origin
Vary: Accept-Encoding
Vary: Cookie
X-Authentik-Id: LONGHASH
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Powered-By: authentik

{"pk":"HASH","policybindingmodel_ptr_id":"HASH","name":"Welcome to Test Website","slug":"test-authentication-flow","title":"Welcome to Test Website","designation":"authentication","background":"/static/dist/assets/images/flow_background.jpg","stages":["STAGE_ID_HASH","STAGE_ID_HASH","STAGE_ID_HASH"],"policies":[],"cache_count":0,"policy_engine_mode":"any","compatibility_mode":false,"export_url":"/api/v3/flows/instances/test-authentication-flow/export/","layout":"stacked","denied_action":"message_continue","authentication":"none"}: timestamp=2024-03-09T11:48:08.438-0500
2024-03-09T11:48:08.438-0500 [WARN]  Provider "provider[\"registry.terraform.io/goauthentik/authentik\"]" produced an unexpected new value for authentik_flow.authentication, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .background: was cty.StringVal("https://auth.example.com/media/public/flow-backgrounds/background.png"), but now cty.StringVal("/static/dist/assets/images/flow_background.jpg")
authentik_flow.authentication: Modifications complete after 0s [id=test-authentication-flow]

As mentioned, I've also tried setting the value of background to /media/public/flow-backgrounds/background.png, which yields the same result.

ifeulner commented 3 months ago

Any update on this @BeryJu ?

joostfarla commented 2 weeks ago

I'm having the same issue. I've worked around it by mounting a config map on the location of the background-image file, replacing it with a transparant pixel (but could be any image). Not very nice, but it works for now.

resource "kubernetes_config_map" "bg_pixel" {
  metadata {
    name = "cm-bg-pixel"
  }

  binary_data = {
    "flow_background.jpg" = "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII="
  }
}

And in the Authentik (Helm) values file:

server:
  volumes:
    - name: bg-pixel
      configMap:
        name: cm-bg-pixel
  volumeMounts:
    - name: bg-pixel
      mountPath: /web/dist/assets/images/flow_background.jpg
      subPath: flow_background.jpg

Make sure the config map is deployed in the same namespace as Authentik.

marcportabellaclotet-mt commented 1 week ago

Any update on this topic? Thanks