We Keep Coding

Can you set an Application's Client Secret using a kickstart file? FusionAuth

I am using a kickstart.json file to setup FusionAuth in developer environments. Everything is automated except I still need to manually go and get the client secret from the fusion auth instance.
Is there anyway I can predefine the client secret in the kickstart file so I can pre-configure it in my app?

you should absolutely be able to set the client secret from kickstart.json. Any API call should work from within Kickstart.
https://fusionauth.io/docs/v1/tech/apis/applications#create-an-application indicates you can POST an application including the client secret.
So a kickstart file like this should work:
{
"variables": {
"defaultTenantId": "30663132-6464-6665-3032-326466613934"
},
"apiKeys": [
{
"key": "mykey",
"description": "API key"
}
],
"requests": [
{
"method": "POST",
"url": "/api/application/85a03867-dccf-4882-adde-1a79aeec50df",
"body": {
"application": {
"name": "Pied Piper",
"roles": [
{
"name": "dev"
},
{
"name": "ceo"
},
{
"name": "intern"
}
],
"oauthConfiguration" : {
"clientSecret": "shhh-your-desired-secret"
}
}
}
}
]
}
I haven't tested that, but don't see any reason why it would not work. (Note that 1.37, the most recent version, has an issue with kickstart as documented here: https://github.com/FusionAuth/fusionauth-issues/issues/1816 but that should be fixed soon.)
If this doesn't work for you, please share the error message and a scrubbed kickstart file.

Composer require private repository from gitlab ssh ignored

I'm trying to pull a private repository from gitlab with composer without any success.
This is what I have in my composer.json file under repositories:
"repositories": [
{
"type": "vcs",
"url": "git#gitlab.com:the-vendor/dashboard-api.git"
}
]
When I clone the project like this: git#gitlab.com:the-vendor/dashboard-api.git manually, everything works fine.
Now when I require the project like so:
"require": {
"the-vendor/dashboard": "dev-orchestrate"
}
I also tried: "dev-main", "dev-main#dev", "dev-orchestrate#dev".
And run: composer update the-vendor/dashboard I get the following error:
Failed to download the-vendor/dashboard-api:The "https://gitlab.com/api/v4/projects/joij%2Fdashboard-api" file could not be downloaded (HTTP/2 404 ):
{"message":"404 Project Not Found"}
Your credentials are required to fetch private repository metadata (git#gitlab.com:the-vendor/dashboard-api.git)
A token will be created and stored in "/root/.composer/auth.json", your password will never be stored
To revoke access to this token you can visit https://gitlab.com/-/profile/personal_access_tokens
Username:
Installation failed, reverting ./composer.json and ./composer.lock to their original content.
I'm not sure what to make of this. Composer should be able to clone the project through ssh. But instead I get that vague 404 and then I have to give my username and password.
I also tried this:
"repositories": [
{
"type": "git",
"url": "git#gitlab.com:the-vendor/dashboard-api.git"
}
]
But then it behaves as if there is no "repositories" in the composer json at all, and I get this error:
Problem 1
- Root composer.json requires the-vendor/dashboard, it could not be found in any version, there may be a typo in the package name.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://getcomposer.org/doc/04-schema.md#minimum-stability> for more details.
- It's a private package and you forgot to add a custom repository to find it
Read <https://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.
This is the composer.json of the dashboard-api:
{
"name": "the-vendor/dashboard",
"type": "project",
"description": "TheVendor Dashboards",
"keywords": ["framework", "laravel"],
"license": "proprietary",
"require": {
"php": "^8.1",
"elasticsearch/elasticsearch": "v7.17.0",
"guzzlehttp/guzzle": "^7.2",
"laravel/framework": "^9.2",
"laravel/sanctum": "^2.14.1",
"laravel/tinker": "^2.7",
"ext-pdo": "*"
},
"require-dev": {
"fakerphp/faker": "^1.9.1",
"laravel/sail": "^1.0.1",
"mockery/mockery": "^1.4.4",
"nunomaduro/collision": "^6.1",
"phpunit/phpunit": "^9.5.10",
"phpspec/prophecy": "1.15.0",
"spatie/laravel-ignition": "^1.0"
},
"autoload": {
"psr-4": {
"TheVendor\\Dashboard\\": "app/",
"Database\\Factories\\": "database/factories/",
"Database\\Seeders\\": "database/seeders/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"scripts": {
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"#php artisan package:discover --ansi"
],
"post-update-cmd": [
"#php artisan vendor:publish --tag=laravel-assets --ansi --force"
],
"post-root-package-install": [
"#php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"#php artisan key:generate --ansi"
]
},
"extra": {
"laravel": {
"providers": [
"TheVendor\\Dashboard\\Providers\\AppServiceProvider",
"TheVendor\\Dashboard\\Providers\\ESClientServiceProvider",
"TheVendor\\Dashboard\\Providers\\ESCreateIndexesServiceProvider"
],
"dont-discover": []
}
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true
},
"minimum-stability": "dev",
"prefer-stable": true
}
I wonder if anyone knows what I'm missing.

Alright! I found the problem. There is no need to go for an auth.json with an API Token. This is where I went wrong:
The main branch had a different package name! The branch I was trying to pull had the right one, but if the main composer.json has a different package name you get this error:
Root composer.json requires the-vendor/dashboard, it could not be found in any version, there may be a typo in the package name.
Once you have that, and require the package like this:
"require": [
"the-vendor/dashboard": "dev-orchestrate"
]
With this in the root of composer.json
"repositories": [
{
"type": "git",
"url": "git#gitlab.com:the-vendor/dashboard-api.git"
}
]
It will simply use ssh to clone the private repository

Chaostoolkit istio extension hangs when playing experiment

I'm trying to use the chaos toolkit istio extension, my problem is as follows:
I have a experiment.json file which contains a single probe to retrieve a virtual service. The file looks similar to the following:
{
"version": "1.0.0",
"title": "test",
"description": "N/A",
"tags": []
"secrets": {
"istio": {
"KUBERNETES_CONTEXT": {
"type": "env",
"key": "KUBERNETES_CONTEXT"
}
}
},
"method": [
{
"type": "probe",
"name": get_virtual_service:,
"provider": {
"type": "python",
"module": "chaosistio.fault.probes",
"func": "get_virtual_service",
"arguments": {
"virtual_service_name": "test"
"ns": "test-ns"
}
}
}
}
I have set KUBERNETES_CONTEXT and http/https proxy as env vars. My authorisation is using $HOME/.kube/config.
When playing the experiment it validates the file fine and tries to perform the action but becomes stuck and just hangs until it times out.
The error I see in the logs is a HTTPSConnectionPool error (failed to establish a new connection, operation timed out).
Am I missing any settings? All help appreciated.

Create env fails when using a daemonset to create processes in Kubernetes

I want to deploy a software in to nodes with daemonset, but it is not a docker app. I created a daemonset json like this :
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"app": "uniagent"
},
"annotations": {
"scheduler.alpha.kubernetes.io/tolerations": "[{\"key\":\"beta.k8s.io/accepted-app\",\"operator\":\"Exists\", \"effect\":\"NoSchedule\"}]"
},
"enable": true
},
"spec": {
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {},
"processes": [
{
"name": "foundation",
"package": "xxxxx",
"resources": {
"limits": {
"cpu": "100m",
"memory": "1Gi"
}
},
"lifecyclePlan": {
"kind": "ProcessLifecycle",
"namespace": "engb",
"name": "app-plc"
},
"env": [
{
"name": "SECRET_USERNAME",
"valueFrom": {
"secretKeyRef": {
"name": "key-secret",
"key": "uniagentuser"
}
}
},
{
"name": "SECRET_PASSWORD",
"valueFrom": {
"secretKeyRef": {
"name": "key-secret",
"key": "uniagenthash"
}
}
}
]
},
when the app deploy succeeds, the env variables do not exist at all.
What should I do to solve this problem?
Thanks

Daemon Sets have to be docker containers. You can't have non-containerized programs run as Daemon Sets. https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ Kubernetes only launches containers.
Also in your YAML manifest file, I see a "processes" key and I have reason to believe it's not a valid manifest file, so I doubt you deployed it successfully.
You have not pasted the "full" YAML file, but I'm guessing the "template" key at the beginning is the spec.template key of the file.
Run kubectl explain daemonset.spec.template.spec and you'll see that there is no "processes" field.

Composer asks only for password with private repository

When I use a private repository like below in my composer.json
"repositories": [
{
"url": "ssh://repo.com/porject",
"type": "git"
}
],
Composer install/update doesn't ask me for my username, it gets the name of the current user of my computer and uses it automatically. It prompts me only for a password.
Any idea how to set it correctly and how I can store the auth once typed in?

Try to config access via SSH keys or specify your desired username like below. For more information see the Composer docs.
{
"repositories": [
{
"type": "composer",
"url": "ssh2.sftp://example.org",
"options": {
"ssh2": {
"username": "composer",
"pubkey_file": "/home/composer/.ssh/id_rsa.pub",
"privkey_file": "/home/composer/.ssh/id_rsa"
}
}
}
]
}