Cannot "inject" values for email templates from files

[till]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

I am trying to customize the email templates using external files as the values file from your helm chart gets longer and longer, and longer.

So far, I only get a config map rendered that contains the values from the file though, e.g. {{.Values.email_recovery}} but I expected to see the values of the files I inject with --set-file.

Reproducing the bug

kratos:
  emailTemplates:
    recovery:
      valid:
        subject: Recover access to your account
        body: |-
          {{ .Values.email_recovery }}
        plainBody: |-
          {{ .Values.email_recovery_txt }}
      invalid:
        subject: Account access attempted
        body: |-
          {{ .Values.email_recovery_invalid }}
        plainBody: |-
          {{ .Values.email_recovery_invalid_txt }}

I tried it with:

        helm template --debug
        --values kratos/values.yml
        --values kratos/values.local.yml
        --set-file user_schema=kratos/chema.json,email_recovery=kratos/emails/recovery.html,email_recovery_txt=kratos/emails/recovery.txt,email_recovery_invalid=kratos/emails/recovery-invalid.html,email_recovery_invalid_txt=kratos/emails/recovery-invalid.txt,email_verification=kratos/emails/verification.html,email_verification_txt=kratos/emails/verification.txt,email_verification_invalid=kratos/emails/verification-invalid.html,email_verification_invalid_txt=kratos/emails/verification-invalid.txt
        --version 0.37.0
        ory-kratos ory/kratos

This renders a config map like:

# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: ory-kratos-template-recovery-invalid
  namespace: default
  labels:
    app.kubernetes.io/name: kratos
    helm.sh/chart: kratos-0.37.0
    app.kubernetes.io/instance: ory-kratos
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
data:
  "email.subject.gotmpl": |
    Account access attempted
  "email.body.gotmpl": |-
    {{ .Values.email_recovery_invalid }}
  "email.body.plaintext.gotmpl": |-
    {{ .Values.email_recovery_invalid_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: ory-kratos-template-recovery-valid
  namespace: default
  labels:
    app.kubernetes.io/name: kratos
    helm.sh/chart: kratos-0.37.0
    app.kubernetes.io/instance: ory-kratos
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
data:
  "email.subject.gotmpl": |
    Recover access to your account
  "email.body.gotmpl": |-
    {{ .Values.email_recovery }}
  "email.body.plaintext.gotmpl": |-
    {{ .Values.email_recovery_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: ory-kratos-template-verification-invalid
  namespace: default
  labels:
    app.kubernetes.io/name: kratos
    helm.sh/chart: kratos-0.37.0
    app.kubernetes.io/instance: ory-kratos
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
data:
  "email.subject.gotmpl": |
    Email verification failed
  "email.body.gotmpl": |-
    {{ .Values.email_verification_invalid }}
  "email.body.plaintext.gotmpl": |-
    {{ .Values.email_verification_invalid_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: ory-kratos-template-verification-valid
  namespace: default
  labels:
    app.kubernetes.io/name: kratos
    helm.sh/chart: kratos-0.37.0
    app.kubernetes.io/instance: ory-kratos
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
  annotations:
data:
  "email.subject.gotmpl": |
    Please verify your email address
  "email.body.gotmpl": |-
    {{ .Values.email_verification }}
  "email.body.plaintext.gotmpl": |-
    {{ .Values.email_verification_txt }}

Relevant log output

No error

Relevant configuration

No response

Version

0.37.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response

[till]

It seems like the --set-file for the schema is a special case, the emails work like this:

        --set-file kratos.emailTemplates.recovery.valid.body=kratos/emails/recovery.html
        --set-file kratos.emailTemplates.recovery.valid.plainBody=kratos/emails/recovery.txt
        --set-file kratos.emailTemplates.recovery.invalid.body=kratos/emails/recovery-invalid.html
        --set-file kratos.emailTemplates.recovery.invalid.plainBody=kratos/emails/recovery-invalid.txt
        --set-file kratos.emailTemplates.verification.valid.body=kratos/emails/verification.html
        --set-file kratos.emailTemplates.verification.valid.plainBody=kratos/emails/verification.txt
        --set-file kratos.emailTemplates.verification.invalid.body=kratos/emails/verification-invalid.html
        --set-file kratos.emailTemplates.verification.invalid.plainBody=kratos/emails/verification-invalid.txt

At least that renders the ConfigMap resources correctly. But kratos still doesn't use "new" these emails.

[till]

So, the last bit was missing:

kratos:
  config:
    courier:
      template_override_path: /conf/courier-templates

I think the first bit could probably be docs?

The one remaining problem is that the config mentions the following templates:

• kratos.emailTemplates.recovery.valid
• kratos.emailTemplates.recovery.invalid
• kratos.emailTemplates.verification.valid
• kratos.emailTemplates.verification.invalid

Is there more? Because I just tried a verification flow and the email includes a code?

[till]

Maybe this could be added to the values file: https://github.com/ory/kratos/tree/master/courier/template/courier/builtin/templates

Following the naming of the directories, you can set any other template, e.g.:

        --set-file kratos.emailTemplates.verification_code.valid.body=kratos/emails/verification_code.html
        --set-file kratos.emailTemplates.verification_code.valid.plainBody=kratos/emails/verification_code.txt
        --set-file kratos.emailTemplates.verification_code.invalid.body=kratos/emails/verification-invalid.html
        --set-file kratos.emailTemplates.verification_code.invalid.plainBody=kratos/emails/verification-invalid.txt

[Demonsthere]

Hi there! The configmap implementation for the templates is quite flexible and simply traverses through the config using a for-each structure. Do you think this is a documentation issue, and we should reword it to make it clear that the examples in values.yaml and the docs are just examples and not all fields that can be set using this mechanism?

[till]

Yeah, another example and maybe a link to kratos source would be sufficient IMHO.