auth0-deploy-cli 7.5.1 → 7.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc +7 -41
- package/.husky/pre-commit +4 -0
- package/.husky/pre-push +3 -1
- package/.prettierignore +10 -0
- package/.prettierrc.json +4 -0
- package/CHANGELOG.md +209 -7
- package/CONTRIBUTING.md +2 -2
- package/README.md +3 -0
- package/lib/args.js +16 -17
- package/lib/commands/export.js +3 -3
- package/lib/commands/import.js +7 -6
- package/lib/commands/index.js +1 -1
- package/lib/configFactory.js +5 -1
- package/lib/context/defaults.js +4 -3
- package/lib/context/directory/handlers/actions.js +6 -5
- package/lib/context/directory/handlers/attackProtection.js +7 -6
- package/lib/context/directory/handlers/branding.js +60 -0
- package/lib/context/directory/handlers/clientGrants.js +6 -4
- package/lib/context/directory/handlers/clients.js +4 -3
- package/lib/context/directory/handlers/connections.js +7 -4
- package/lib/context/directory/handlers/databases.js +30 -22
- package/lib/context/directory/handlers/emailProvider.js +6 -4
- package/lib/context/directory/handlers/emailTemplates.js +13 -11
- package/lib/context/directory/handlers/guardianFactorProviders.js +6 -4
- package/lib/context/directory/handlers/guardianFactorTemplates.js +6 -4
- package/lib/context/directory/handlers/guardianFactors.js +6 -4
- package/lib/context/directory/handlers/guardianPhoneFactorMessageTypes.js +4 -3
- package/lib/context/directory/handlers/guardianPhoneFactorSelectedProvider.js +4 -3
- package/lib/context/directory/handlers/guardianPolicies.js +4 -3
- package/lib/context/directory/handlers/hooks.js +5 -4
- package/lib/context/directory/handlers/index.js +5 -2
- package/lib/context/directory/handlers/migrations.js +8 -8
- package/lib/context/directory/handlers/organizations.js +4 -3
- package/lib/context/directory/handlers/pages.js +20 -20
- package/lib/context/directory/handlers/resourceServers.js +6 -4
- package/lib/context/directory/handlers/roles.js +4 -3
- package/lib/context/directory/handlers/rules.js +5 -4
- package/lib/context/directory/handlers/rulesConfigs.js +7 -5
- package/lib/context/directory/handlers/tenant.js +7 -4
- package/lib/context/directory/handlers/triggers.js +3 -2
- package/lib/context/directory/index.js +23 -22
- package/lib/context/index.js +66 -62
- package/lib/context/yaml/handlers/actions.js +12 -8
- package/lib/context/yaml/handlers/attackProtection.js +6 -12
- package/lib/context/yaml/handlers/branding.js +66 -0
- package/lib/context/yaml/handlers/clientGrants.js +5 -4
- package/lib/context/yaml/handlers/clients.js +9 -6
- package/lib/context/yaml/handlers/connections.js +10 -7
- package/lib/context/yaml/handlers/databases.js +15 -10
- package/lib/context/yaml/handlers/emailProvider.js +7 -5
- package/lib/context/yaml/handlers/emailTemplates.js +6 -5
- package/lib/context/yaml/handlers/guardianFactorProviders.js +6 -13
- package/lib/context/yaml/handlers/guardianFactorTemplates.js +6 -13
- package/lib/context/yaml/handlers/guardianFactors.js +6 -13
- package/lib/context/yaml/handlers/guardianPhoneFactorMessageTypes.js +6 -13
- package/lib/context/yaml/handlers/guardianPhoneFactorSelectedProvider.js +6 -13
- package/lib/context/yaml/handlers/guardianPolicies.js +6 -13
- package/lib/context/yaml/handlers/hooks.js +7 -5
- package/lib/context/yaml/handlers/index.js +5 -2
- package/lib/context/yaml/handlers/migrations.js +3 -2
- package/lib/context/yaml/handlers/organizations.js +6 -5
- package/lib/context/yaml/handlers/pages.js +6 -5
- package/lib/context/yaml/handlers/resourceServers.js +5 -4
- package/lib/context/yaml/handlers/roles.js +6 -5
- package/lib/context/yaml/handlers/rules.js +6 -5
- package/lib/context/yaml/handlers/rulesConfigs.js +6 -5
- package/lib/context/yaml/handlers/tenant.js +7 -5
- package/lib/context/yaml/handlers/triggers.js +5 -4
- package/lib/context/yaml/index.js +33 -24
- package/lib/index.js +20 -15
- package/lib/logger.js +4 -3
- package/lib/readonly.js +11 -16
- package/lib/sessionDurationsToMinutes.js +15 -0
- package/lib/tools/auth0/client.js +6 -6
- package/lib/tools/auth0/handlers/actions.js +21 -23
- package/lib/tools/auth0/handlers/attackProtection.js +14 -17
- package/lib/tools/auth0/handlers/branding.js +71 -13
- package/lib/tools/auth0/handlers/clientGrants.js +17 -10
- package/lib/tools/auth0/handlers/clients.js +15 -8
- package/lib/tools/auth0/handlers/connections.js +30 -10
- package/lib/tools/auth0/handlers/databases.js +24 -12
- package/lib/tools/auth0/handlers/default.js +47 -29
- package/lib/tools/auth0/handlers/emailTemplates.js +8 -10
- package/lib/tools/auth0/handlers/guardianFactorProviders.js +3 -3
- package/lib/tools/auth0/handlers/guardianFactorTemplates.js +3 -3
- package/lib/tools/auth0/handlers/guardianFactors.js +3 -3
- package/lib/tools/auth0/handlers/guardianPhoneFactorMessageTypes.js +11 -10
- package/lib/tools/auth0/handlers/guardianPhoneFactorSelectedProvider.js +10 -9
- package/lib/tools/auth0/handlers/guardianPolicies.js +5 -4
- package/lib/tools/auth0/handlers/hooks.js +34 -21
- package/lib/tools/auth0/handlers/index.js +31 -27
- package/lib/tools/auth0/handlers/migrations.js +2 -1
- package/lib/tools/auth0/handlers/organizations.js +67 -32
- package/lib/tools/auth0/handlers/pages.js +20 -14
- package/lib/tools/auth0/handlers/prompts.js +1 -0
- package/lib/tools/auth0/handlers/resourceServers.js +28 -15
- package/lib/tools/auth0/handlers/roles.js +61 -32
- package/lib/tools/auth0/handlers/rules.js +55 -32
- package/lib/tools/auth0/handlers/rulesConfigs.js +12 -6
- package/lib/tools/auth0/handlers/tenant.js +8 -4
- package/lib/tools/auth0/handlers/triggers.js +11 -12
- package/lib/tools/auth0/index.js +15 -31
- package/lib/tools/auth0/schema.js +7 -27
- package/lib/tools/calculateChanges.js +149 -0
- package/lib/tools/constants.js +162 -154
- package/lib/tools/deploy.js +1 -1
- package/lib/tools/index.js +1 -1
- package/lib/tools/logger.js +14 -8
- package/lib/tools/utils.js +3 -144
- package/lib/tools/{ValidationError.js → validationError.js} +3 -1
- package/lib/types.js +2 -0
- package/lib/utils.js +12 -22
- package/package.json +9 -2
- package/tsconfig.json +2 -3
- package/typescript-migration-progress.sh +1 -1
|
@@ -15,13 +15,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
15
15
|
exports.schema = exports.pageNameMap = exports.supportedPages = void 0;
|
|
16
16
|
const default_1 = __importDefault(require("./default"));
|
|
17
17
|
const constants_1 = __importDefault(require("../../constants"));
|
|
18
|
-
exports.supportedPages = constants_1.default.PAGE_NAMES
|
|
19
|
-
.filter((p) => p.includes('.json'))
|
|
20
|
-
.map((p) => p.replace('.json', ''));
|
|
18
|
+
exports.supportedPages = constants_1.default.PAGE_NAMES.filter((p) => p.includes('.json')).map((p) => p.replace('.json', ''));
|
|
21
19
|
exports.pageNameMap = {
|
|
22
20
|
guardian_multifactor: 'guardian_mfa_page',
|
|
23
21
|
password_reset: 'change_password',
|
|
24
|
-
error_page: 'error_page'
|
|
22
|
+
error_page: 'error_page',
|
|
25
23
|
};
|
|
26
24
|
// With this schema, we can only validate property types but not valid properties on per type basis
|
|
27
25
|
exports.schema = {
|
|
@@ -33,12 +31,12 @@ exports.schema = {
|
|
|
33
31
|
html: { type: 'string', default: '' },
|
|
34
32
|
url: { type: 'string' },
|
|
35
33
|
show_log_link: { type: 'boolean' },
|
|
36
|
-
enabled: { type: 'boolean' }
|
|
34
|
+
enabled: { type: 'boolean' },
|
|
37
35
|
},
|
|
38
|
-
required: ['name']
|
|
39
|
-
}
|
|
36
|
+
required: ['name'],
|
|
37
|
+
},
|
|
40
38
|
};
|
|
41
|
-
class
|
|
39
|
+
class PagesHandler extends default_1.default {
|
|
42
40
|
constructor(options) {
|
|
43
41
|
super(Object.assign(Object.assign({}, options), { type: 'pages' }));
|
|
44
42
|
}
|
|
@@ -47,13 +45,17 @@ class PageHandler extends default_1.default {
|
|
|
47
45
|
}
|
|
48
46
|
updateLoginPage(page) {
|
|
49
47
|
return __awaiter(this, void 0, void 0, function* () {
|
|
50
|
-
const globalClient = yield this.client.clients.getAll({
|
|
48
|
+
const globalClient = yield this.client.clients.getAll({
|
|
49
|
+
is_global: true,
|
|
50
|
+
paginate: true,
|
|
51
|
+
include_totals: true,
|
|
52
|
+
});
|
|
51
53
|
if (!globalClient[0]) {
|
|
52
54
|
throw new Error('Unable to find global client id when trying to update the login page');
|
|
53
55
|
}
|
|
54
56
|
yield this.client.clients.update({ client_id: globalClient[0].client_id }, {
|
|
55
57
|
custom_login_page: page.html,
|
|
56
|
-
custom_login_page_on: page.enabled
|
|
58
|
+
custom_login_page_on: page.enabled,
|
|
57
59
|
});
|
|
58
60
|
this.updated += 1;
|
|
59
61
|
this.didUpdate(page);
|
|
@@ -86,7 +88,11 @@ class PageHandler extends default_1.default {
|
|
|
86
88
|
return __awaiter(this, void 0, void 0, function* () {
|
|
87
89
|
const pages = [];
|
|
88
90
|
// Login page is handled via the global client
|
|
89
|
-
const globalClient = yield this.client.clients.getAll({
|
|
91
|
+
const globalClient = yield this.client.clients.getAll({
|
|
92
|
+
is_global: true,
|
|
93
|
+
paginate: true,
|
|
94
|
+
include_totals: true,
|
|
95
|
+
});
|
|
90
96
|
if (!globalClient[0]) {
|
|
91
97
|
throw new Error('Unable to find global client id when trying to dump the login page');
|
|
92
98
|
}
|
|
@@ -94,7 +100,7 @@ class PageHandler extends default_1.default {
|
|
|
94
100
|
pages.push({
|
|
95
101
|
name: 'login',
|
|
96
102
|
enabled: globalClient[0].custom_login_page_on,
|
|
97
|
-
html: globalClient[0].custom_login_page
|
|
103
|
+
html: globalClient[0].custom_login_page,
|
|
98
104
|
});
|
|
99
105
|
}
|
|
100
106
|
const tenantSettings = yield this.client.tenant.getSettings();
|
|
@@ -115,7 +121,7 @@ class PageHandler extends default_1.default {
|
|
|
115
121
|
return;
|
|
116
122
|
// Login page is handled via the global client
|
|
117
123
|
const loginPage = pages.find((p) => p.name === 'login');
|
|
118
|
-
if (loginPage) {
|
|
124
|
+
if (loginPage !== undefined) {
|
|
119
125
|
yield this.updateLoginPage(loginPage);
|
|
120
126
|
}
|
|
121
127
|
// Rest of pages are on tenant level settings
|
|
@@ -123,4 +129,4 @@ class PageHandler extends default_1.default {
|
|
|
123
129
|
});
|
|
124
130
|
}
|
|
125
131
|
}
|
|
126
|
-
exports.default =
|
|
132
|
+
exports.default = PagesHandler;
|
|
@@ -13,6 +13,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.schema = void 0;
|
|
16
|
+
//@ts-nocheck because prompts haven't been fully implemented in this codebase yet
|
|
16
17
|
const default_1 = __importDefault(require("./default"));
|
|
17
18
|
exports.schema = { type: 'object' };
|
|
18
19
|
class PromptsHandler extends default_1.default {
|
|
@@ -13,13 +13,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.schema = exports.excludeSchema = void 0;
|
|
16
|
-
const
|
|
16
|
+
const validationError_1 = __importDefault(require("../../validationError"));
|
|
17
17
|
const constants_1 = __importDefault(require("../../constants"));
|
|
18
18
|
const default_1 = __importDefault(require("./default"));
|
|
19
|
-
const
|
|
19
|
+
const calculateChanges_1 = require("../../calculateChanges");
|
|
20
20
|
exports.excludeSchema = {
|
|
21
21
|
type: 'array',
|
|
22
|
-
items: { type: 'string' }
|
|
22
|
+
items: { type: 'string' },
|
|
23
23
|
};
|
|
24
24
|
exports.schema = {
|
|
25
25
|
type: 'array',
|
|
@@ -34,20 +34,19 @@ exports.schema = {
|
|
|
34
34
|
type: 'object',
|
|
35
35
|
properties: {
|
|
36
36
|
name: { type: 'string' },
|
|
37
|
-
description: { type: 'string' }
|
|
38
|
-
}
|
|
39
|
-
}
|
|
37
|
+
description: { type: 'string' },
|
|
38
|
+
},
|
|
39
|
+
},
|
|
40
40
|
},
|
|
41
41
|
enforce_policies: { type: 'boolean' },
|
|
42
|
-
token_dialect: { type: 'string' }
|
|
42
|
+
token_dialect: { type: 'string' },
|
|
43
43
|
},
|
|
44
|
-
required: ['name', 'identifier']
|
|
45
|
-
}
|
|
44
|
+
required: ['name', 'identifier'],
|
|
45
|
+
},
|
|
46
46
|
};
|
|
47
47
|
class ResourceServersHandler extends default_1.default {
|
|
48
48
|
constructor(options) {
|
|
49
|
-
super(Object.assign(Object.assign({}, options), { type: 'resourceServers', stripUpdateFields: ['identifier']
|
|
50
|
-
}));
|
|
49
|
+
super(Object.assign(Object.assign({}, options), { type: 'resourceServers', stripUpdateFields: ['identifier'] }));
|
|
51
50
|
}
|
|
52
51
|
objString(resourceServer) {
|
|
53
52
|
return super.objString({ name: resourceServer.name, identifier: resourceServer.identifier });
|
|
@@ -56,7 +55,10 @@ class ResourceServersHandler extends default_1.default {
|
|
|
56
55
|
return __awaiter(this, void 0, void 0, function* () {
|
|
57
56
|
if (this.existing)
|
|
58
57
|
return this.existing;
|
|
59
|
-
const resourceServers = yield this.client.resourceServers.getAll({
|
|
58
|
+
const resourceServers = yield this.client.resourceServers.getAll({
|
|
59
|
+
paginate: true,
|
|
60
|
+
include_totals: true,
|
|
61
|
+
});
|
|
60
62
|
return resourceServers.filter((rs) => rs.name !== constants_1.default.RESOURCE_SERVERS_MANAGEMENT_API_NAME);
|
|
61
63
|
});
|
|
62
64
|
}
|
|
@@ -65,13 +67,24 @@ class ResourceServersHandler extends default_1.default {
|
|
|
65
67
|
let { resourceServers } = assets;
|
|
66
68
|
// Do nothing if not set
|
|
67
69
|
if (!resourceServers)
|
|
68
|
-
return {
|
|
70
|
+
return {
|
|
71
|
+
del: [],
|
|
72
|
+
create: [],
|
|
73
|
+
conflicts: [],
|
|
74
|
+
update: [],
|
|
75
|
+
};
|
|
69
76
|
const excluded = (assets.exclude && assets.exclude.resourceServers) || [];
|
|
70
77
|
let existing = yield this.getType();
|
|
71
78
|
// Filter excluded
|
|
72
79
|
resourceServers = resourceServers.filter((r) => !excluded.includes(r.name));
|
|
73
80
|
existing = existing.filter((r) => !excluded.includes(r.name));
|
|
74
|
-
return (0,
|
|
81
|
+
return (0, calculateChanges_1.calculateChanges)({
|
|
82
|
+
handler: this,
|
|
83
|
+
assets: resourceServers,
|
|
84
|
+
existing,
|
|
85
|
+
identifiers: ['id', 'identifier'],
|
|
86
|
+
allowDelete: false, //TODO: actually pass in correct allowDelete value
|
|
87
|
+
});
|
|
75
88
|
});
|
|
76
89
|
}
|
|
77
90
|
validate(assets) {
|
|
@@ -85,7 +98,7 @@ class ResourceServersHandler extends default_1.default {
|
|
|
85
98
|
return;
|
|
86
99
|
const mgmtAPIResource = resourceServers.find((r) => r.name === constants_1.default.RESOURCE_SERVERS_MANAGEMENT_API_NAME);
|
|
87
100
|
if (mgmtAPIResource) {
|
|
88
|
-
throw new
|
|
101
|
+
throw new validationError_1.default(`You can not configure the '${constants_1.default.RESOURCE_SERVERS_MANAGEMENT_API_NAME}'.`);
|
|
89
102
|
}
|
|
90
103
|
yield _super.validate.call(this, assets);
|
|
91
104
|
});
|
|
@@ -43,7 +43,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
43
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
44
|
exports.schema = void 0;
|
|
45
45
|
const default_1 = __importStar(require("./default"));
|
|
46
|
-
const
|
|
46
|
+
const calculateChanges_1 = require("../../calculateChanges");
|
|
47
47
|
const logger_1 = __importDefault(require("../../logger"));
|
|
48
48
|
exports.schema = {
|
|
49
49
|
type: 'array',
|
|
@@ -59,15 +59,15 @@ exports.schema = {
|
|
|
59
59
|
type: 'object',
|
|
60
60
|
properties: {
|
|
61
61
|
permission_name: { type: 'string' },
|
|
62
|
-
resource_server_identifier: { type: 'string' }
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
}
|
|
62
|
+
resource_server_identifier: { type: 'string' },
|
|
63
|
+
},
|
|
64
|
+
},
|
|
65
|
+
},
|
|
66
66
|
},
|
|
67
|
-
required: ['name']
|
|
68
|
-
}
|
|
67
|
+
required: ['name'],
|
|
68
|
+
},
|
|
69
69
|
};
|
|
70
|
-
class
|
|
70
|
+
class RolesHandler extends default_1.default {
|
|
71
71
|
constructor(config) {
|
|
72
72
|
super(Object.assign(Object.assign({}, config), { type: 'roles', id: 'id', identifiers: ['name'] }));
|
|
73
73
|
}
|
|
@@ -84,15 +84,19 @@ class RoleHandler extends default_1.default {
|
|
|
84
84
|
}
|
|
85
85
|
createRoles(creates) {
|
|
86
86
|
return __awaiter(this, void 0, void 0, function* () {
|
|
87
|
-
yield this.client.pool
|
|
87
|
+
yield this.client.pool
|
|
88
|
+
.addEachTask({
|
|
88
89
|
data: creates || [],
|
|
89
|
-
generator: (item) => this.createRole(item)
|
|
90
|
+
generator: (item) => this.createRole(item)
|
|
91
|
+
.then((data) => {
|
|
90
92
|
this.didCreate(data);
|
|
91
93
|
this.created += 1;
|
|
92
|
-
}).catch((err) => {
|
|
93
|
-
throw new Error(`Problem creating ${this.type} ${this.objString(item)}\n${err}`);
|
|
94
94
|
})
|
|
95
|
-
|
|
95
|
+
.catch((err) => {
|
|
96
|
+
throw new Error(`Problem creating ${this.type} ${this.objString(item)}\n${err}`);
|
|
97
|
+
}),
|
|
98
|
+
})
|
|
99
|
+
.promise();
|
|
96
100
|
});
|
|
97
101
|
}
|
|
98
102
|
deleteRole(data) {
|
|
@@ -102,16 +106,21 @@ class RoleHandler extends default_1.default {
|
|
|
102
106
|
}
|
|
103
107
|
deleteRoles(dels) {
|
|
104
108
|
return __awaiter(this, void 0, void 0, function* () {
|
|
105
|
-
if (this.config('AUTH0_ALLOW_DELETE') === 'true' ||
|
|
106
|
-
|
|
109
|
+
if (this.config('AUTH0_ALLOW_DELETE') === 'true' ||
|
|
110
|
+
this.config('AUTH0_ALLOW_DELETE') === true) {
|
|
111
|
+
yield this.client.pool
|
|
112
|
+
.addEachTask({
|
|
107
113
|
data: dels || [],
|
|
108
|
-
generator: (item) => this.deleteRole(item)
|
|
114
|
+
generator: (item) => this.deleteRole(item)
|
|
115
|
+
.then(() => {
|
|
109
116
|
this.didDelete(item);
|
|
110
117
|
this.deleted += 1;
|
|
111
|
-
}).catch((err) => {
|
|
112
|
-
throw new Error(`Problem deleting ${this.type} ${this.objString(item)}\n${err}`);
|
|
113
118
|
})
|
|
114
|
-
|
|
119
|
+
.catch((err) => {
|
|
120
|
+
throw new Error(`Problem deleting ${this.type} ${this.objString(item)}\n${err}`);
|
|
121
|
+
}),
|
|
122
|
+
})
|
|
123
|
+
.promise();
|
|
115
124
|
}
|
|
116
125
|
else {
|
|
117
126
|
logger_1.default.warn(`Detected the following roles should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
|
|
@@ -138,15 +147,19 @@ class RoleHandler extends default_1.default {
|
|
|
138
147
|
}
|
|
139
148
|
updateRoles(updates, roles) {
|
|
140
149
|
return __awaiter(this, void 0, void 0, function* () {
|
|
141
|
-
yield this.client.pool
|
|
150
|
+
yield this.client.pool
|
|
151
|
+
.addEachTask({
|
|
142
152
|
data: updates || [],
|
|
143
|
-
generator: (item) => this.updateRole(item, roles)
|
|
153
|
+
generator: (item) => this.updateRole(item, roles)
|
|
154
|
+
.then((data) => {
|
|
144
155
|
this.didUpdate(data);
|
|
145
156
|
this.updated += 1;
|
|
146
|
-
}).catch((err) => {
|
|
147
|
-
throw new Error(`Problem updating ${this.type} ${this.objString(item)}\n${err}`);
|
|
148
157
|
})
|
|
149
|
-
|
|
158
|
+
.catch((err) => {
|
|
159
|
+
throw new Error(`Problem updating ${this.type} ${this.objString(item)}\n${err}`);
|
|
160
|
+
}),
|
|
161
|
+
})
|
|
162
|
+
.promise();
|
|
150
163
|
});
|
|
151
164
|
}
|
|
152
165
|
getType() {
|
|
@@ -161,7 +174,11 @@ class RoleHandler extends default_1.default {
|
|
|
161
174
|
try {
|
|
162
175
|
const roles = yield this.client.roles.getAll({ paginate: true, include_totals: true });
|
|
163
176
|
for (let index = 0; index < roles.length; index++) {
|
|
164
|
-
const permissions = yield this.client.roles.permissions.getAll({
|
|
177
|
+
const permissions = yield this.client.roles.permissions.getAll({
|
|
178
|
+
paginate: true,
|
|
179
|
+
include_totals: true,
|
|
180
|
+
id: roles[index].id,
|
|
181
|
+
});
|
|
165
182
|
const strippedPerms = yield Promise.all(permissions.map((permission) => __awaiter(this, void 0, void 0, function* () {
|
|
166
183
|
delete permission.resource_server_name;
|
|
167
184
|
delete permission.description;
|
|
@@ -188,19 +205,31 @@ class RoleHandler extends default_1.default {
|
|
|
188
205
|
return;
|
|
189
206
|
// Gets roles from destination tenant
|
|
190
207
|
const existing = yield this.getType();
|
|
191
|
-
const changes = (0,
|
|
208
|
+
const changes = (0, calculateChanges_1.calculateChanges)({
|
|
209
|
+
handler: this,
|
|
210
|
+
assets: roles,
|
|
211
|
+
existing,
|
|
212
|
+
identifiers: ['id', 'name'],
|
|
213
|
+
allowDelete: false, //TODO: actually pass in correct allowDelete value
|
|
214
|
+
});
|
|
192
215
|
logger_1.default.debug(`Start processChanges for roles [delete:${changes.del.length}] [update:${changes.update.length}], [create:${changes.create.length}]`);
|
|
193
|
-
const myChanges = [
|
|
216
|
+
const myChanges = [
|
|
217
|
+
{ del: changes.del },
|
|
218
|
+
{ create: changes.create },
|
|
219
|
+
{ update: changes.update },
|
|
220
|
+
];
|
|
194
221
|
yield Promise.all(myChanges.map((change) => __awaiter(this, void 0, void 0, function* () {
|
|
195
222
|
switch (true) {
|
|
196
223
|
case change.del && change.del.length > 0:
|
|
197
|
-
|
|
224
|
+
if (change.del)
|
|
225
|
+
yield this.deleteRoles(change.del);
|
|
198
226
|
break;
|
|
199
227
|
case change.create && change.create.length > 0:
|
|
200
|
-
yield this.createRoles(changes.create);
|
|
228
|
+
yield this.createRoles(changes.create); //TODO: fix this tho change.create
|
|
201
229
|
break;
|
|
202
230
|
case change.update && change.update.length > 0:
|
|
203
|
-
|
|
231
|
+
if (change.update)
|
|
232
|
+
yield this.updateRoles(change.update, existing);
|
|
204
233
|
break;
|
|
205
234
|
default:
|
|
206
235
|
break;
|
|
@@ -211,5 +240,5 @@ class RoleHandler extends default_1.default {
|
|
|
211
240
|
}
|
|
212
241
|
__decorate([
|
|
213
242
|
(0, default_1.order)('60')
|
|
214
|
-
],
|
|
215
|
-
exports.default =
|
|
243
|
+
], RolesHandler.prototype, "processChanges", null);
|
|
244
|
+
exports.default = RolesHandler;
|
|
@@ -13,13 +13,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.schema = exports.excludeSchema = void 0;
|
|
16
|
-
const
|
|
16
|
+
const validationError_1 = __importDefault(require("../../validationError"));
|
|
17
17
|
const utils_1 = require("../../utils");
|
|
18
18
|
const default_1 = __importDefault(require("./default"));
|
|
19
19
|
const logger_1 = __importDefault(require("../../logger"));
|
|
20
|
+
const calculateChanges_1 = require("../../calculateChanges");
|
|
20
21
|
exports.excludeSchema = {
|
|
21
22
|
type: 'array',
|
|
22
|
-
items: { type: 'string' }
|
|
23
|
+
items: { type: 'string' },
|
|
23
24
|
};
|
|
24
25
|
exports.schema = {
|
|
25
26
|
type: 'array',
|
|
@@ -29,38 +30,37 @@ exports.schema = {
|
|
|
29
30
|
properties: {
|
|
30
31
|
script: {
|
|
31
32
|
type: 'string',
|
|
32
|
-
description:
|
|
33
|
-
default: ''
|
|
33
|
+
description: "A script that contains the rule's code",
|
|
34
|
+
default: '',
|
|
34
35
|
},
|
|
35
36
|
name: {
|
|
36
37
|
type: 'string',
|
|
37
|
-
description:
|
|
38
|
-
pattern: '^[^-\\s][a-zA-Z0-9-\\s]+[^-\\s]$'
|
|
38
|
+
description: "The name of the rule. Can only contain alphanumeric characters, spaces and '-'. Can neither start nor end with '-' or spaces",
|
|
39
|
+
pattern: '^[^-\\s][a-zA-Z0-9-\\s]+[^-\\s]$',
|
|
39
40
|
},
|
|
40
41
|
order: {
|
|
41
42
|
type: ['number', 'null'],
|
|
42
|
-
description:
|
|
43
|
-
default: null
|
|
43
|
+
description: "The rule's order in relation to other rules. A rule with a lower order than another rule executes first.",
|
|
44
|
+
default: null,
|
|
44
45
|
},
|
|
45
46
|
enabled: {
|
|
46
47
|
type: 'boolean',
|
|
47
48
|
description: 'true if the rule is enabled, false otherwise',
|
|
48
|
-
default: true
|
|
49
|
+
default: true,
|
|
49
50
|
},
|
|
50
51
|
stage: {
|
|
51
52
|
type: 'string',
|
|
52
|
-
description:
|
|
53
|
+
description: "The rule's execution stage",
|
|
53
54
|
default: 'login_success',
|
|
54
|
-
enum: ['login_success', 'login_failure', 'pre_authorize']
|
|
55
|
-
}
|
|
55
|
+
enum: ['login_success', 'login_failure', 'pre_authorize'],
|
|
56
|
+
},
|
|
56
57
|
},
|
|
57
|
-
required: ['name']
|
|
58
|
-
}
|
|
58
|
+
required: ['name'],
|
|
59
|
+
},
|
|
59
60
|
};
|
|
60
61
|
class RulesHandler extends default_1.default {
|
|
61
62
|
constructor(options) {
|
|
62
|
-
super(Object.assign(Object.assign({}, options), { type: 'rules', stripUpdateFields: ['stage']
|
|
63
|
-
}));
|
|
63
|
+
super(Object.assign(Object.assign({}, options), { type: 'rules', stripUpdateFields: ['stage'] }));
|
|
64
64
|
}
|
|
65
65
|
getType() {
|
|
66
66
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -84,17 +84,27 @@ class RulesHandler extends default_1.default {
|
|
|
84
84
|
existing = existing.filter((r) => !excludedRules.includes(r.name));
|
|
85
85
|
}
|
|
86
86
|
// Figure out what needs to be updated vs created
|
|
87
|
-
const { del, update, create, conflicts } = (0,
|
|
87
|
+
const { del, update, create, conflicts } = (0, calculateChanges_1.calculateChanges)({
|
|
88
|
+
handler: this,
|
|
89
|
+
assets: rules,
|
|
90
|
+
existing,
|
|
91
|
+
identifiers: ['id', 'name'],
|
|
92
|
+
allowDelete: false, //TODO: actually pass in correct allowDelete value
|
|
93
|
+
});
|
|
88
94
|
// Figure out the rules that need to be re-ordered
|
|
89
95
|
const futureRules = [...create, ...update];
|
|
90
96
|
const futureMaxOrder = Math.max(...futureRules.map((r) => r.order));
|
|
91
97
|
const existingMaxOrder = Math.max(...existing.map((r) => r.order));
|
|
92
98
|
let nextOrderNo = Math.max(futureMaxOrder, existingMaxOrder);
|
|
99
|
+
//@ts-ignore because we know reOrder is Asset[]
|
|
93
100
|
const reOrder = futureRules.reduce((accum, r) => {
|
|
94
101
|
const conflict = existing.find((f) => r.order === f.order && r.name !== f.name);
|
|
95
|
-
if (conflict) {
|
|
102
|
+
if (conflict !== undefined) {
|
|
96
103
|
nextOrderNo += 1;
|
|
97
|
-
|
|
104
|
+
return [
|
|
105
|
+
...accum,
|
|
106
|
+
Object.assign(Object.assign({}, conflict), { order: nextOrderNo }),
|
|
107
|
+
];
|
|
98
108
|
}
|
|
99
109
|
return accum;
|
|
100
110
|
}, []);
|
|
@@ -103,7 +113,7 @@ class RulesHandler extends default_1.default {
|
|
|
103
113
|
update,
|
|
104
114
|
create,
|
|
105
115
|
reOrder,
|
|
106
|
-
conflicts
|
|
116
|
+
conflicts,
|
|
107
117
|
};
|
|
108
118
|
});
|
|
109
119
|
}
|
|
@@ -121,23 +131,29 @@ class RulesHandler extends default_1.default {
|
|
|
121
131
|
const { update, create, del } = yield this.calcChanges(assets, true);
|
|
122
132
|
// Include del rules which are actually not going to be deleted but are excluded
|
|
123
133
|
// they can still muck up the ordering so we must take it into consideration.
|
|
124
|
-
const futureRules = [
|
|
134
|
+
const futureRules = [
|
|
135
|
+
...create,
|
|
136
|
+
...update,
|
|
137
|
+
...del.filter((r) => excludedRules.includes(r.name)),
|
|
138
|
+
];
|
|
125
139
|
// Detect rules with the same order
|
|
126
140
|
const rulesSameOrder = (0, utils_1.duplicateItems)(futureRules, 'order');
|
|
127
141
|
if (rulesSameOrder.length > 0) {
|
|
128
142
|
const formatted = rulesSameOrder.map((dups) => dups.map((d) => `${d.name}`));
|
|
129
|
-
throw new
|
|
143
|
+
throw new validationError_1.default(`There are multiple rules for the following stage-order combinations
|
|
130
144
|
${(0, utils_1.dumpJSON)(formatted)}.
|
|
131
145
|
Only one rule must be defined for the same order number in a stage.`);
|
|
132
146
|
}
|
|
133
147
|
// Detect Rules that are changing stage as it's not allowed.
|
|
134
148
|
const existing = yield this.getType();
|
|
135
|
-
const stateChanged = futureRules
|
|
149
|
+
const stateChanged = futureRules
|
|
150
|
+
.reduce((changed, rule) => [
|
|
136
151
|
...changed,
|
|
137
|
-
...existing.filter((r) => rule.name.toLowerCase() === r.name.toLowerCase() && r.stage !== rule.stage)
|
|
138
|
-
]
|
|
152
|
+
...existing.filter((r) => rule.name.toLowerCase() === r.name.toLowerCase() && r.stage !== rule.stage),
|
|
153
|
+
], [])
|
|
154
|
+
.map((r) => r.name);
|
|
139
155
|
if (stateChanged.length > 0) {
|
|
140
|
-
throw new
|
|
156
|
+
throw new validationError_1.default(`The following rules changed stage which is not allowed:
|
|
141
157
|
${(0, utils_1.dumpJSON)(stateChanged)}.
|
|
142
158
|
Rename the rules to recreate them and avoid this error.`);
|
|
143
159
|
}
|
|
@@ -156,20 +172,27 @@ class RulesHandler extends default_1.default {
|
|
|
156
172
|
// Figure out what needs to be updated vs created
|
|
157
173
|
const changes = yield this.calcChanges(assets);
|
|
158
174
|
// Temporally re-order rules with conflicting ordering
|
|
159
|
-
yield this.client.pool
|
|
175
|
+
yield this.client.pool
|
|
176
|
+
.addEachTask({
|
|
160
177
|
data: changes.reOrder,
|
|
161
|
-
generator: (rule) => this.client
|
|
178
|
+
generator: (rule) => this.client
|
|
179
|
+
.updateRule({ id: rule.id }, (0, utils_1.stripFields)(rule, this.stripUpdateFields))
|
|
180
|
+
.then(() => {
|
|
162
181
|
const updated = {
|
|
163
|
-
name: rule.name,
|
|
182
|
+
name: rule.name,
|
|
183
|
+
stage: rule.stage,
|
|
184
|
+
order: rule.order,
|
|
185
|
+
id: rule.id,
|
|
164
186
|
};
|
|
165
187
|
logger_1.default.info(`Temporally re-order Rule ${(0, utils_1.dumpJSON)(updated)}`);
|
|
166
|
-
})
|
|
167
|
-
})
|
|
188
|
+
}),
|
|
189
|
+
})
|
|
190
|
+
.promise();
|
|
168
191
|
yield _super.processChanges.call(this, assets, {
|
|
169
192
|
del: changes.del,
|
|
170
193
|
create: changes.create,
|
|
171
194
|
update: changes.update,
|
|
172
|
-
conflicts: changes.conflicts
|
|
195
|
+
conflicts: changes.conflicts,
|
|
173
196
|
});
|
|
174
197
|
});
|
|
175
198
|
}
|
|
@@ -20,16 +20,16 @@ exports.schema = {
|
|
|
20
20
|
type: 'object',
|
|
21
21
|
properties: {
|
|
22
22
|
key: { type: 'string', pattern: '^[A-Za-z0-9_-]*$' },
|
|
23
|
-
value: { type: 'string' }
|
|
23
|
+
value: { type: 'string' },
|
|
24
24
|
},
|
|
25
|
-
required: ['key', 'value']
|
|
25
|
+
required: ['key', 'value'],
|
|
26
26
|
},
|
|
27
|
-
additionalProperties: false
|
|
27
|
+
additionalProperties: false,
|
|
28
28
|
};
|
|
29
29
|
class RulesConfigsHandler extends default_1.default {
|
|
30
30
|
constructor(options) {
|
|
31
31
|
super(Object.assign(Object.assign({}, options), { type: 'rulesConfigs', id: 'key', functions: {
|
|
32
|
-
update: 'set' // Update or Creation of a ruleConfig is via set not update
|
|
32
|
+
update: 'set', // Update or Creation of a ruleConfig is via set not update
|
|
33
33
|
} }));
|
|
34
34
|
}
|
|
35
35
|
getType() {
|
|
@@ -45,12 +45,18 @@ class RulesConfigsHandler extends default_1.default {
|
|
|
45
45
|
const { rulesConfigs } = assets;
|
|
46
46
|
// Do nothing if not set
|
|
47
47
|
if (!rulesConfigs || !rulesConfigs.length)
|
|
48
|
-
return {
|
|
48
|
+
return {
|
|
49
|
+
del: [],
|
|
50
|
+
update: [],
|
|
51
|
+
create: [],
|
|
52
|
+
conflicts: [],
|
|
53
|
+
};
|
|
49
54
|
// Intention is to not delete/cleanup old configRules, that needs to be handled manually.
|
|
50
55
|
return {
|
|
51
56
|
del: [],
|
|
52
57
|
update: rulesConfigs,
|
|
53
|
-
create: []
|
|
58
|
+
create: [],
|
|
59
|
+
conflicts: [],
|
|
54
60
|
};
|
|
55
61
|
});
|
|
56
62
|
}
|
|
@@ -42,14 +42,18 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
42
42
|
};
|
|
43
43
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
44
|
exports.schema = void 0;
|
|
45
|
-
const
|
|
45
|
+
const validationError_1 = __importDefault(require("../../validationError"));
|
|
46
46
|
const default_1 = __importStar(require("./default"));
|
|
47
47
|
const pages_1 = require("./pages");
|
|
48
48
|
const utils_1 = require("../../utils");
|
|
49
49
|
exports.schema = {
|
|
50
|
-
type: 'object'
|
|
50
|
+
type: 'object',
|
|
51
51
|
};
|
|
52
|
-
const blockPageKeys = [
|
|
52
|
+
const blockPageKeys = [
|
|
53
|
+
...Object.keys(pages_1.pageNameMap),
|
|
54
|
+
...Object.values(pages_1.pageNameMap),
|
|
55
|
+
...pages_1.supportedPages,
|
|
56
|
+
];
|
|
53
57
|
class TenantHandler extends default_1.default {
|
|
54
58
|
constructor(options) {
|
|
55
59
|
super(Object.assign(Object.assign({}, options), { type: 'tenant' }));
|
|
@@ -72,7 +76,7 @@ class TenantHandler extends default_1.default {
|
|
|
72
76
|
return;
|
|
73
77
|
const pageKeys = Object.keys(tenant).filter((k) => blockPageKeys.includes(k));
|
|
74
78
|
if (pageKeys.length > 0) {
|
|
75
|
-
throw new
|
|
79
|
+
throw new validationError_1.default(`The following pages ${(0, utils_1.dumpJSON)(pageKeys)} were found in tenant settings. Pages should be set separately. Please refer to the documentation.`);
|
|
76
80
|
}
|
|
77
81
|
});
|
|
78
82
|
}
|