k8s
k8s copied to clipboard
ory
Cannot "inject" values for email templates from files
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
I am trying to customize the email templates using external files as the values file from your helm chart gets longer and longer, and longer.
So far, I only get a config map rendered that contains the values from the file though, e.g. {{.Values.email_recovery}} but I expected to see the values of the files I inject with --set-file.
Reproducing the bug
kratos:
emailTemplates:
recovery:
valid:
subject: Recover access to your account
body: |-
{{ .Values.email_recovery }}
plainBody: |-
{{ .Values.email_recovery_txt }}
invalid:
subject: Account access attempted
body: |-
{{ .Values.email_recovery_invalid }}
plainBody: |-
{{ .Values.email_recovery_invalid_txt }}
I tried it with:
helm template --debug
--values kratos/values.yml
--values kratos/values.local.yml
--set-file user_schema=kratos/chema.json,email_recovery=kratos/emails/recovery.html,email_recovery_txt=kratos/emails/recovery.txt,email_recovery_invalid=kratos/emails/recovery-invalid.html,email_recovery_invalid_txt=kratos/emails/recovery-invalid.txt,email_verification=kratos/emails/verification.html,email_verification_txt=kratos/emails/verification.txt,email_verification_invalid=kratos/emails/verification-invalid.html,email_verification_invalid_txt=kratos/emails/verification-invalid.txt
--version 0.37.0
ory-kratos ory/kratos
This renders a config map like:
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ory-kratos-template-recovery-invalid
namespace: default
labels:
app.kubernetes.io/name: kratos
helm.sh/chart: kratos-0.37.0
app.kubernetes.io/instance: ory-kratos
app.kubernetes.io/version: "v1.0.0"
app.kubernetes.io/managed-by: Helm
annotations:
data:
"email.subject.gotmpl": |
Account access attempted
"email.body.gotmpl": |-
{{ .Values.email_recovery_invalid }}
"email.body.plaintext.gotmpl": |-
{{ .Values.email_recovery_invalid_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ory-kratos-template-recovery-valid
namespace: default
labels:
app.kubernetes.io/name: kratos
helm.sh/chart: kratos-0.37.0
app.kubernetes.io/instance: ory-kratos
app.kubernetes.io/version: "v1.0.0"
app.kubernetes.io/managed-by: Helm
annotations:
data:
"email.subject.gotmpl": |
Recover access to your account
"email.body.gotmpl": |-
{{ .Values.email_recovery }}
"email.body.plaintext.gotmpl": |-
{{ .Values.email_recovery_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ory-kratos-template-verification-invalid
namespace: default
labels:
app.kubernetes.io/name: kratos
helm.sh/chart: kratos-0.37.0
app.kubernetes.io/instance: ory-kratos
app.kubernetes.io/version: "v1.0.0"
app.kubernetes.io/managed-by: Helm
annotations:
data:
"email.subject.gotmpl": |
Email verification failed
"email.body.gotmpl": |-
{{ .Values.email_verification_invalid }}
"email.body.plaintext.gotmpl": |-
{{ .Values.email_verification_invalid_txt }}
---
# Source: kratos/templates/configmap-templates.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ory-kratos-template-verification-valid
namespace: default
labels:
app.kubernetes.io/name: kratos
helm.sh/chart: kratos-0.37.0
app.kubernetes.io/instance: ory-kratos
app.kubernetes.io/version: "v1.0.0"
app.kubernetes.io/managed-by: Helm
annotations:
data:
"email.subject.gotmpl": |
Please verify your email address
"email.body.gotmpl": |-
{{ .Values.email_verification }}
"email.body.plaintext.gotmpl": |-
{{ .Values.email_verification_txt }}
Relevant log output
No error
Relevant configuration
No response
Version
0.37.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
No response
It seems like the --set-file for the schema is a special case, the emails work like this:
--set-file kratos.emailTemplates.recovery.valid.body=kratos/emails/recovery.html
--set-file kratos.emailTemplates.recovery.valid.plainBody=kratos/emails/recovery.txt
--set-file kratos.emailTemplates.recovery.invalid.body=kratos/emails/recovery-invalid.html
--set-file kratos.emailTemplates.recovery.invalid.plainBody=kratos/emails/recovery-invalid.txt
--set-file kratos.emailTemplates.verification.valid.body=kratos/emails/verification.html
--set-file kratos.emailTemplates.verification.valid.plainBody=kratos/emails/verification.txt
--set-file kratos.emailTemplates.verification.invalid.body=kratos/emails/verification-invalid.html
--set-file kratos.emailTemplates.verification.invalid.plainBody=kratos/emails/verification-invalid.txt
At least that renders the ConfigMap resources correctly. But kratos still doesn't use "new" these emails.
So, the last bit was missing:
kratos:
config:
courier:
template_override_path: /conf/courier-templates
I think the first bit could probably be docs?
The one remaining problem is that the config mentions the following templates:
- kratos.emailTemplates.recovery.valid
- kratos.emailTemplates.recovery.invalid
- kratos.emailTemplates.verification.valid
- kratos.emailTemplates.verification.invalid
Is there more? Because I just tried a verification flow and the email includes a code?
Maybe this could be added to the values file: https://github.com/ory/kratos/tree/master/courier/template/courier/builtin/templates
Following the naming of the directories, you can set any other template, e.g.:
--set-file kratos.emailTemplates.verification_code.valid.body=kratos/emails/verification_code.html
--set-file kratos.emailTemplates.verification_code.valid.plainBody=kratos/emails/verification_code.txt
--set-file kratos.emailTemplates.verification_code.invalid.body=kratos/emails/verification-invalid.html
--set-file kratos.emailTemplates.verification_code.invalid.plainBody=kratos/emails/verification-invalid.txt
Hi there! The configmap implementation for the templates is quite flexible and simply traverses through the config using a for-each structure. Do you think this is a documentation issue, and we should reword it to make it clear that the examples in values.yaml and the docs are just examples and not all fields that can be set using this mechanism?
Yeah, another example and maybe a link to kratos source would be sufficient IMHO.