auth0-deploy-cli 7.7.0 → 7.7.1

package/CHANGELOG.md

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [7.7.1] - 2022-04-07
+
+### Added
+
+- Deprecation warnings for now deprecated asset-specific exclusion configuration properties: `AUTH0_EXCLUDED_RULES`, `AUTH0_EXCLUDED_CLIENTS`, `AUTH0_EXCLUDED_DATABASES`, `AUTH0_EXCLUDED_CONNECTIONS`, `AUTH0_EXCLUDED_RESOURCE_SERVERS`, `AUTH0_EXCLUDED_DEFAULTS`. See [Resource Exclusion Proposal](https://github.com/auth0/auth0-deploy-cli/issues/451#user-content-deprecated-exclusion-props) for details. [#481]
+
+### Fixed
+
+- Rules configs failing to update after regression prevented asset-specific overrides of Node Auth0 SDK methods [#482]
+- Attack protection not replacing keywords [#478]
+
 ## [7.7.0] - 2022-04-06
 
 ### Added
@@ -652,7 +663,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#453]: https://github.com/auth0/auth0-deploy-cli/issues/453
 [#468]: https://github.com/auth0/auth0-deploy-cli/issues/468
 [#471]: https://github.com/auth0/auth0-deploy-cli/issues/471
-[unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v7.7.0...HEAD
+[#478]: https://github.com/auth0/auth0-deploy-cli/issues/478
+[#481]: https://github.com/auth0/auth0-deploy-cli/issues/481
+[#482]: https://github.com/auth0/auth0-deploy-cli/issues/482
+[unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v7.7.1...HEAD
+[7.7.1]: https://github.com/auth0/auth0-deploy-cli/compare/v7.7.0...v7.7.1
 [7.7.0]: https://github.com/auth0/auth0-deploy-cli/compare/v7.6.0...v7.7.0
 [7.6.0]: https://github.com/auth0/auth0-deploy-cli/compare/v7.5.2...v7.6.0
 [7.5.2]: https://github.com/auth0/auth0-deploy-cli/compare/v7.5.1...v7.5.2

package/lib/context/directory/handlers/attackProtection.js

@@ -32,9 +32,9 @@ function parse(context) {
             attackProtection: undefined,
         };
     }
-    const breachedPasswordDetection = (0, utils_1.loadJSON)(files.breachedPasswordDetection);
-    const bruteForceProtection = (0, utils_1.loadJSON)(files.bruteForceProtection);
-    const suspiciousIpThrottling = (0, utils_1.loadJSON)(files.suspiciousIpThrottling);
+    const breachedPasswordDetection = (0, utils_1.loadJSON)(files.breachedPasswordDetection, context.mappings);
+    const bruteForceProtection = (0, utils_1.loadJSON)(files.bruteForceProtection, context.mappings);
+    const suspiciousIpThrottling = (0, utils_1.loadJSON)(files.suspiciousIpThrottling, context.mappings);
     return {
         attackProtection: {
             breachedPasswordDetection,

package/lib/context/index.js

@@ -46,6 +46,24 @@ const setupContext = (config) => __awaiter(void 0, void 0, void 0, function* ()
     if (missingParams.length > 0) {
         throw new Error(`The following parameters were missing. Please add them to your config.json or as an environment variable. ${JSON.stringify(missingParams)}`);
     }
+    ((config) => {
+        // Detect and warn on usage of deprecated exclusion params. See: https://github.com/auth0/auth0-deploy-cli/issues/451#user-content-deprecated-exclusion-props
+        const deprecatedExclusionParams = [
+            'AUTH0_EXCLUDED_RULES',
+            'AUTH0_EXCLUDED_CLIENTS',
+            'AUTH0_EXCLUDED_DATABASES',
+            'AUTH0_EXCLUDED_CONNECTIONS',
+            'AUTH0_EXCLUDED_RESOURCE_SERVERS',
+            'AUTH0_EXCLUDED_DEFAULTS',
+        ];
+        const usedDeprecatedParams = deprecatedExclusionParams.filter((deprecatedParam) => {
+            const deprecatedConfigValue = config[deprecatedParam];
+            return !!deprecatedConfigValue && deprecatedConfigValue.length > 0;
+        });
+        if (usedDeprecatedParams.length > 0) {
+            logger_1.default.warn(`Usage of the ${usedDeprecatedParams.join(', ')} exclusion ${usedDeprecatedParams.length > 1 ? 'params are' : 'param is'} deprecated and may be removed from future major versions. See: https://github.com/auth0/auth0-deploy-cli/issues/451#user-content-deprecated-exclusion-props for details.`);
+        }
+    })(config);
     const accessToken = yield (() => __awaiter(void 0, void 0, void 0, function* () {
         if (!!config.AUTH0_ACCESS_TOKEN)
             return config.AUTH0_ACCESS_TOKEN;

package/lib/tools/auth0/client.js

@@ -33,7 +33,7 @@ const API_FREQUENCY_PER_SECOND = 8;
 const MAX_PAGE_SIZE = 100;
 function getEntity(rsp) {
     const found = Object.values(rsp).filter((a) => Array.isArray(a));
-    if (found.length === 1) {
+    if (Array.isArray(found) && found.length === 1) {
         return found[0];
     }
     throw new Error('There was an error trying to find the entity within paginate');
@@ -147,11 +147,11 @@ function pagedManager(client, manager) {
 }
 // Warp around the ManagementClient and detect when requesting specific pages to return all
 function pagedClient(client) {
-    client.pool = new promise_pool_executor_1.PromisePoolExecutor({
-        concurrencyLimit: API_CONCURRENCY,
-        frequencyLimit: API_FREQUENCY_PER_SECOND,
-        frequencyWindow: 1000, // 1 sec
-    });
-    return pagedManager(client, client);
+    const clientWithPooling = Object.assign(Object.assign({}, client), { pool: new promise_pool_executor_1.PromisePoolExecutor({
+            concurrencyLimit: API_CONCURRENCY,
+            frequencyLimit: API_FREQUENCY_PER_SECOND,
+            frequencyWindow: 1000, // 1 sec
+        }) });
+    return pagedManager(clientWithPooling, clientWithPooling);
 }
 exports.default = pagedClient;

package/lib/tools/auth0/handlers/databases.js

@@ -111,14 +111,14 @@ class DatabaseHandler extends default_1.default {
                 };
             // Convert enabled_clients by name to the id
             const clients = yield this.client.clients.getAll({ paginate: true, include_totals: true });
-            const existingDatabasesConecctions = yield this.client.connections.getAll({
+            const existingDatabasesConnections = yield this.client.connections.getAll({
                 strategy: 'auth0',
                 paginate: true,
                 include_totals: true,
             });
             const formatted = databases.map((db) => {
                 if (db.enabled_clients) {
-                    return Object.assign(Object.assign({}, db), { enabled_clients: (0, utils_1.getEnabledClients)(assets, db, existingDatabasesConecctions, clients) });
+                    return Object.assign(Object.assign({}, db), { enabled_clients: (0, utils_1.getEnabledClients)(assets, db, existingDatabasesConnections, clients) });
                 }
                 return db;
             });

package/lib/tools/auth0/handlers/default.js

@@ -56,7 +56,7 @@ class APIHandler {
         logger_1.default.info(`Updated [${this.type}]: ${this.objString(item)}`);
     }
     objString(item) {
-        return (0, utils_1.dumpJSON)(item);
+        return (0, utils_1.convertJsonToString)(item);
     }
     getType() {
         return __awaiter(this, void 0, void 0, function* () {
@@ -106,7 +106,7 @@ class APIHandler {
             if (duplicateNames.length > 0) {
                 const formatted = duplicateNames.map((dups) => dups.map((d) => `${d.name}`));
                 throw new validationError_1.default(`There are multiple ${this.type} with the same name combinations
-      ${(0, utils_1.dumpJSON)(formatted)}.
+      ${(0, utils_1.convertJsonToString)(formatted)}.
        Names must be unique.`);
             }
             // Do not allow items with same id
@@ -114,7 +114,7 @@ class APIHandler {
             if (duplicateIDs.length > 0) {
                 const formatted = duplicateIDs.map((dups) => dups.map((d) => `${d[this.id]}`));
                 throw new validationError_1.default(`There are multiple ${this.type} for the following stage-order combinations
-      ${(0, utils_1.dumpJSON)(formatted)}.
+      ${(0, utils_1.convertJsonToString)(formatted)}.
        Only one rule must be defined for the same order number in a stage.`);
             }
         });
@@ -145,7 +145,7 @@ class APIHandler {
                         .addEachTask({
                         data: del || [],
                         generator: (delItem) => {
-                            const delFunction = this.getClientFN('delete');
+                            const delFunction = this.getClientFN(this.functions.delete);
                             return delFunction({ [this.id]: delItem[this.id] })
                                 .then(() => {
                                 this.didDelete(delItem);
@@ -164,7 +164,7 @@ class APIHandler {
                 .addEachTask({
                 data: conflicts || [],
                 generator: (updateItem) => {
-                    const updateFN = this.getClientFN('update');
+                    const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
                     const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
                     return updateFN(params, payload)
@@ -180,7 +180,7 @@ class APIHandler {
                 .addEachTask({
                 data: create || [],
                 generator: (createItem) => {
-                    const createFunction = this.getClientFN('create');
+                    const createFunction = this.getClientFN(this.functions.create);
                     return createFunction(createItem)
                         .then((data) => {
                         this.didCreate(data);
@@ -197,7 +197,7 @@ class APIHandler {
                 .addEachTask({
                 data: update || [],
                 generator: (updateItem) => {
-                    const updateFN = this.getClientFN('update');
+                    const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
                     const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
                     return updateFN(params, payload)

package/lib/tools/auth0/handlers/rules.js

@@ -141,7 +141,7 @@ class RulesHandler extends default_1.default {
             if (rulesSameOrder.length > 0) {
                 const formatted = rulesSameOrder.map((dups) => dups.map((d) => `${d.name}`));
                 throw new validationError_1.default(`There are multiple rules for the following stage-order combinations
-      ${(0, utils_1.dumpJSON)(formatted)}.
+      ${(0, utils_1.convertJsonToString)(formatted)}.
        Only one rule must be defined for the same order number in a stage.`);
             }
             // Detect Rules that are changing stage as it's not allowed.
@@ -154,7 +154,7 @@ class RulesHandler extends default_1.default {
                 .map((r) => r.name);
             if (stateChanged.length > 0) {
                 throw new validationError_1.default(`The following rules changed stage which is not allowed:
-      ${(0, utils_1.dumpJSON)(stateChanged)}.
+      ${(0, utils_1.convertJsonToString)(stateChanged)}.
       Rename the rules to recreate them and avoid this error.`);
             }
             yield _super.validate.call(this, assets);
@@ -184,7 +184,7 @@ class RulesHandler extends default_1.default {
                         order: rule.order,
                         id: rule.id,
                     };
-                    logger_1.default.info(`Temporally re-order Rule ${(0, utils_1.dumpJSON)(updated)}`);
+                    logger_1.default.info(`Temporally re-order Rule ${(0, utils_1.convertJsonToString)(updated)}`);
                 }),
             })
                 .promise();

package/lib/tools/auth0/handlers/tenant.js

@@ -76,7 +76,7 @@ class TenantHandler extends default_1.default {
                 return;
             const pageKeys = Object.keys(tenant).filter((k) => blockPageKeys.includes(k));
             if (pageKeys.length > 0) {
-                throw new validationError_1.default(`The following pages ${(0, utils_1.dumpJSON)(pageKeys)} were found in tenant settings. Pages should be set separately. Please refer to the documentation.`);
+                throw new validationError_1.default(`The following pages ${(0, utils_1.convertJsonToString)(pageKeys)} were found in tenant settings. Pages should be set separately. Please refer to the documentation.`);
             }
         });
     }

package/lib/tools/utils.js

@@ -1,11 +1,34 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.areArraysEquals = exports.filterExcluded = exports.duplicateItems = exports.getEnabledClients = exports.stripFields = exports.dumpJSON = exports.flatten = exports.loadFileAndReplaceKeywords = exports.convertClientNamesToIds = exports.convertClientNameToId = exports.keywordReplace = exports.keywordStringReplace = exports.keywordArrayReplace = void 0;
+exports.areArraysEquals = exports.filterExcluded = exports.duplicateItems = exports.getEnabledClients = exports.stripFields = exports.convertJsonToString = exports.flatten = exports.loadFileAndReplaceKeywords = exports.convertClientNamesToIds = exports.convertClientNameToId = exports.keywordReplace = exports.keywordStringReplace = exports.keywordArrayReplace = void 0;
 const path_1 = __importDefault(require("path"));
-const fs_1 = __importDefault(require("fs"));
+const fs_1 = __importStar(require("fs"));
 const dot_prop_1 = __importDefault(require("dot-prop"));
 const lodash_1 = __importDefault(require("lodash"));
 const logger_1 = __importDefault(require("./logger"));
@@ -23,6 +46,7 @@ exports.keywordArrayReplace = keywordArrayReplace;
 function keywordStringReplace(input, mappings) {
     Object.keys(mappings).forEach(function (key) {
         const regex = new RegExp(`##${key}##`, 'g');
+        // @ts-ignore TODO: come back and distinguish strings vs array replacement.
         input = input.replace(regex, mappings[key]);
     });
     return input;
@@ -48,11 +72,12 @@ function convertClientNamesToIds(names, clients) {
         if (names.includes(client.name)) {
             const index = resolvedNames.findIndex((item) => item.name === client.name);
             resolvedNames[index].resolved = true;
-            acc.push(client.client_id);
+            return [...acc, client.client_id];
         }
-        return acc;
+        return [...acc];
     }, []);
     const unresolved = resolvedNames.filter((item) => !item.resolved).map((item) => item.name);
+    // @ts-ignore TODO: come back and refactor to use map instead of reduce.
     return [...unresolved, ...result];
 }
 exports.convertClientNamesToIds = convertClientNamesToIds;
@@ -60,7 +85,7 @@ function loadFileAndReplaceKeywords(file, mappings) {
     // Load file and replace keyword mappings
     const f = path_1.default.resolve(file);
     try {
-        fs_1.default.accessSync(f, fs_1.default.F_OK);
+        fs_1.default.accessSync(f, fs_1.constants.F_OK);
         if (mappings) {
             return keywordReplace(fs_1.default.readFileSync(f, 'utf8'), mappings);
         }
@@ -76,10 +101,10 @@ function flatten(list) {
     return list.reduce((a, b) => a.concat(Array.isArray(b) ? flatten(b) : b), []);
 }
 exports.flatten = flatten;
-function dumpJSON(obj, spacing = 0) {
+function convertJsonToString(obj, spacing = 0) {
     return JSON.stringify(obj, null, spacing);
 }
-exports.dumpJSON = dumpJSON;
+exports.convertJsonToString = convertJsonToString;
 function stripFields(obj, fields) {
     // Strip object fields supporting dot notation (ie: a.deep.field)
     const stripped = [];

package/lib/utils.js

@@ -10,18 +10,18 @@ const sanitize_filename_1 = __importDefault(require("sanitize-filename"));
 const dot_prop_1 = __importDefault(require("dot-prop"));
 const tools_1 = require("./tools");
 const logger_1 = __importDefault(require("./logger"));
-function isDirectory(f) {
+function isDirectory(filePath) {
     try {
-        return fs_extra_1.default.statSync(path_1.default.resolve(f)).isDirectory();
+        return fs_extra_1.default.statSync(path_1.default.resolve(filePath)).isDirectory();
     }
     catch (err) {
         return false;
     }
 }
 exports.isDirectory = isDirectory;
-function isFile(f) {
+function isFile(filePath) {
     try {
-        return fs_extra_1.default.statSync(path_1.default.resolve(f)).isFile();
+        return fs_extra_1.default.statSync(path_1.default.resolve(filePath)).isFile();
     }
     catch (err) {
         return false;
@@ -151,7 +151,8 @@ function clearTenantFlags(tenant) {
     }
 }
 exports.clearTenantFlags = clearTenantFlags;
-function ensureProp(obj, props, value = '') {
+function ensureProp(obj, props) {
+    const value = '';
     if (!dot_prop_1.default.has(obj, props)) {
         dot_prop_1.default.set(obj, props, value);
     }
@@ -159,8 +160,10 @@ function ensureProp(obj, props, value = '') {
 exports.ensureProp = ensureProp;
 function clearClientArrays(client) {
     const propsToClear = ['allowed_clients', 'allowed_logout_urls', 'allowed_origins', 'callbacks'];
+    //If designated properties are null, set them as empty arrays instead
     Object.keys(client).forEach((prop) => {
         if (propsToClear.indexOf(prop) >= 0 && !client[prop]) {
+            //TODO: understand why setting as empty array instead of deleting null prop. Ex: `delete client[prop]`
             client[prop] = [];
         }
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "7.7.0",
+  "version": "7.7.1",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {
@@ -44,6 +44,8 @@
     "nconf": "^0.11.0",
     "promise-pool-executor": "^1.1.1",
     "sanitize-filename": "^1.6.1",
+    "sinon": "^13.0.1",
+    "sinon-chai": "^3.7.0",
     "winston": "^2.3.0",
     "yargs": "^15.3.1"
   },