auth0-deploy-cli 7.7.0 → 7.9.0

package/lib/tools/auth0/handlers/default.d.ts

@@ -0,0 +1,54 @@
+import { Asset, Assets, Auth0APIClient, CalculatedChanges } from '../../../types';
+import { ConfigFunction } from '../../../configFactory';
+export declare function order(value: any): (t: any, n: any, descriptor: any) => any;
+export default class APIHandler {
+    config: ConfigFunction;
+    id: string;
+    type: string;
+    updated: number;
+    created: number;
+    deleted: number;
+    existing: null | Asset | Asset[];
+    client: Auth0APIClient;
+    identifiers: string[];
+    objectFields: string[];
+    sensitiveFieldsToObfuscate: string[];
+    stripUpdateFields: string[];
+    stripCreateFields: string[];
+    name?: string;
+    functions: {
+        getAll: string;
+        update: string;
+        create: string;
+        delete: string;
+    };
+    constructor(options: {
+        id?: APIHandler['id'];
+        config: ConfigFunction;
+        type: APIHandler['type'];
+        client: Auth0APIClient;
+        objectFields?: APIHandler['objectFields'];
+        identifiers?: APIHandler['identifiers'];
+        stripUpdateFields?: APIHandler['stripUpdateFields'];
+        sensitiveFieldsToObfuscate?: APIHandler['sensitiveFieldsToObfuscate'];
+        stripCreateFields?: APIHandler['stripCreateFields'];
+        functions: {
+            getAll?: string;
+            update?: string;
+            create?: string;
+            delete?: string;
+        };
+    });
+    getClientFN(fn: string | Function): Function;
+    didDelete(item: Asset): void;
+    didCreate(item: Asset): void;
+    didUpdate(item: Asset): void;
+    objString(item: Asset): string;
+    getType(): Promise<Asset | Asset[] | null>;
+    load(): Promise<{
+        [key: string]: Asset | Asset[] | null;
+    }>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    validate(assets: Assets): Promise<void>;
+    processChanges(assets: Assets, changes: CalculatedChanges): Promise<void>;
+}

package/lib/tools/auth0/handlers/default.js

@@ -14,8 +14,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.order = void 0;
 const validationError_1 = __importDefault(require("../../validationError"));
-const logger_1 = __importDefault(require("../../logger"));
 const utils_1 = require("../../utils");
+const logger_1 = __importDefault(require("../../../logger"));
 const calculateChanges_1 = require("../../calculateChanges");
 function order(value) {
     return function decorator(t, n, descriptor) {
@@ -34,6 +34,8 @@ class APIHandler {
         this.identifiers = options.identifiers || ['id', 'name'];
         this.objectFields = options.objectFields || [];
         this.stripUpdateFields = [...(options.stripUpdateFields || []), this.id];
+        this.sensitiveFieldsToObfuscate = options.sensitiveFieldsToObfuscate || [];
+        this.stripCreateFields = options.stripCreateFields || [];
         this.functions = Object.assign({ getAll: 'getAll', create: 'create', delete: 'delete', update: 'update' }, (options.functions || {}));
         this.updated = 0;
         this.created = 0;
@@ -56,7 +58,7 @@ class APIHandler {
         logger_1.default.info(`Updated [${this.type}]: ${this.objString(item)}`);
     }
     objString(item) {
-        return (0, utils_1.dumpJSON)(item);
+        return (0, utils_1.convertJsonToString)(item);
     }
     getType() {
         return __awaiter(this, void 0, void 0, function* () {
@@ -68,7 +70,8 @@ class APIHandler {
         return __awaiter(this, void 0, void 0, function* () {
             // Load Asset from Tenant
             logger_1.default.info(`Retrieving ${this.type} data from Auth0`);
-            this.existing = yield this.getType();
+            const data = yield this.getType();
+            this.existing = (0, utils_1.obfuscateSensitiveValues)(data, this.sensitiveFieldsToObfuscate);
             return { [this.type]: this.existing };
         });
     }
@@ -76,13 +79,14 @@ class APIHandler {
         return __awaiter(this, void 0, void 0, function* () {
             const typeAssets = assets[this.type];
             // Do nothing if not set
-            if (!typeAssets)
+            if (!typeAssets) {
                 return {
                     del: [],
                     create: [],
                     conflicts: [],
                     update: [],
                 };
+            }
             const existing = yield this.getType();
             // Figure out what needs to be updated vs created
             return (0, calculateChanges_1.calculateChanges)({
@@ -106,7 +110,7 @@ class APIHandler {
             if (duplicateNames.length > 0) {
                 const formatted = duplicateNames.map((dups) => dups.map((d) => `${d.name}`));
                 throw new validationError_1.default(`There are multiple ${this.type} with the same name combinations
-      ${(0, utils_1.dumpJSON)(formatted)}.
+      ${(0, utils_1.convertJsonToString)(formatted)}.
        Names must be unique.`);
             }
             // Do not allow items with same id
@@ -114,7 +118,7 @@ class APIHandler {
             if (duplicateIDs.length > 0) {
                 const formatted = duplicateIDs.map((dups) => dups.map((d) => `${d[this.id]}`));
                 throw new validationError_1.default(`There are multiple ${this.type} for the following stage-order combinations
-      ${(0, utils_1.dumpJSON)(formatted)}.
+      ${(0, utils_1.convertJsonToString)(formatted)}.
        Only one rule must be defined for the same order number in a stage.`);
             }
         });
@@ -145,7 +149,7 @@ class APIHandler {
                         .addEachTask({
                         data: del || [],
                         generator: (delItem) => {
-                            const delFunction = this.getClientFN('delete');
+                            const delFunction = this.getClientFN(this.functions.delete);
                             return delFunction({ [this.id]: delItem[this.id] })
                                 .then(() => {
                                 this.didDelete(delItem);
@@ -164,10 +168,13 @@ class APIHandler {
                 .addEachTask({
                 data: conflicts || [],
                 generator: (updateItem) => {
-                    const updateFN = this.getClientFN('update');
+                    const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
-                    const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                    return updateFN(params, payload)
+                    const updatePayload = (() => {
+                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return updateFN(params, updatePayload)
                         .then((data) => this.didUpdate(data))
                         .catch((err) => {
                         throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
@@ -180,8 +187,12 @@ class APIHandler {
                 .addEachTask({
                 data: create || [],
                 generator: (createItem) => {
-                    const createFunction = this.getClientFN('create');
-                    return createFunction(createItem)
+                    const createFunction = this.getClientFN(this.functions.create);
+                    const createPayload = (() => {
+                        const strippedPayload = (0, utils_1.stripFields)(createItem, this.stripCreateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(strippedPayload, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return createFunction(createPayload)
                         .then((data) => {
                         this.didCreate(data);
                         this.created += 1;
@@ -197,10 +208,13 @@ class APIHandler {
                 .addEachTask({
                 data: update || [],
                 generator: (updateItem) => {
-                    const updateFN = this.getClientFN('update');
+                    const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
-                    const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                    return updateFN(params, payload)
+                    const updatePayload = (() => {
+                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return updateFN(params, updatePayload)
                         .then((data) => {
                         this.didUpdate(data);
                         this.updated += 1;

package/lib/tools/auth0/handlers/emailProvider.d.ts

@@ -0,0 +1,11 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+};
+export default class EmailProviderHandler extends DefaultHandler {
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset>;
+    objString(provider: any): string;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/emailTemplates.d.ts

@@ -0,0 +1,26 @@
+import DefaultHandler from './default';
+import { Assets, Asset } from '../../../types';
+export declare const supportedTemplates: string[];
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            template: {
+                type: string;
+                enum: string[];
+            };
+            body: {
+                type: string;
+                default: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class EmailTemplateHandler extends DefaultHandler {
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset>;
+    updateOrCreate(emailTemplate: any): Promise<void>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianFactorProviders.d.ts

@@ -0,0 +1,25 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                enum: string[];
+            };
+            provider: {
+                type: string;
+                enum: string[];
+            };
+        };
+        required: string[];
+    };
+};
+export default class GuardianFactorProvidersHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset[]>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianFactorTemplates.d.ts

@@ -0,0 +1,21 @@
+import DefaultHandler from './default';
+import { Assets, Asset } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                enum: string[];
+            };
+        };
+        required: string[];
+    };
+};
+export default class GuardianFactorTemplatesHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: any);
+    getType(): Promise<Asset[]>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianFactors.d.ts

@@ -0,0 +1,21 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                enum: string[];
+            };
+        };
+        required: string[];
+    };
+};
+export default class GuardianFactorsHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset[]>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianPhoneFactorMessageTypes.d.ts

@@ -0,0 +1,21 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        message_types: {
+            type: string;
+            items: {
+                type: string;
+                enum: string[];
+            };
+        };
+    };
+    additionalProperties: boolean;
+};
+export default class GuardianPhoneMessageTypesHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset[] | {}>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianPhoneFactorSelectedProvider.d.ts

@@ -0,0 +1,18 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        provider: {
+            type: string;
+            enum: string[];
+        };
+    };
+    additionalProperties: boolean;
+};
+export default class GuardianPhoneSelectedProviderHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: any);
+    getType(): Promise<{}>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/guardianPolicies.d.ts

@@ -0,0 +1,23 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        policies: {
+            type: string;
+            items: {
+                type: string;
+                enum: string[];
+            };
+        };
+    };
+    additionalProperties: boolean;
+};
+export default class GuardianPoliciesHandler extends DefaultHandler {
+    existing: {
+        policies: Asset[];
+    };
+    constructor(options: any);
+    getType(): Promise<GuardianPoliciesHandler['existing'] | {}>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/hooks.d.ts

@@ -0,0 +1,58 @@
+import DefaultHandler from './default';
+import { Asset, Assets, CalculatedChanges } from '../../../types';
+export declare const excludeSchema: {
+    type: string;
+    items: {
+        type: string;
+    };
+};
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        default: never[];
+        properties: {
+            script: {
+                type: string;
+                description: string;
+                default: string;
+            };
+            name: {
+                type: string;
+                description: string;
+                pattern: string;
+            };
+            enabled: {
+                type: string;
+                description: string;
+                default: boolean;
+            };
+            triggerId: {
+                type: string;
+                description: string;
+                enum: string[];
+            };
+            secrets: {
+                type: string;
+                description: string;
+                default: {};
+            };
+            dependencies: {
+                type: string;
+                default: {};
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class HooksHandler extends DefaultHandler {
+    existing: Asset[];
+    constructor(options: DefaultHandler);
+    objString(hook: any): string;
+    processSecrets(hooks: any): Promise<void>;
+    getType(reload: boolean): Promise<Asset[]>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    validate(assets: any): Promise<void>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/index.d.ts

@@ -0,0 +1,134 @@
+import APIHandler from './default';
+declare const _default: {
+    rules: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    rulesConfigs: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    hooks: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    pages: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    databases: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    clientGrants: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    resourceServers: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    clients: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    connections: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    tenant: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    emailProvider: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    emailTemplates: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianFactors: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianFactorProviders: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianFactorTemplates: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    migrations: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianPhoneFactorMessageTypes: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianPhoneFactorSelectedProvider: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    guardianPolicies: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    roles: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    actions: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    organizations: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    triggers: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    attackProtection: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    branding: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+    logStreams: {
+        default: typeof APIHandler;
+        excludeSchema?: any;
+        schema: any;
+    };
+};
+export default _default;

package/lib/tools/auth0/handlers/index.js

@@ -50,6 +50,7 @@ const actions = __importStar(require("./actions"));
 const triggers = __importStar(require("./triggers"));
 const organizations = __importStar(require("./organizations"));
 const attackProtection = __importStar(require("./attackProtection"));
+const logStreams = __importStar(require("./logStreams"));
 const auth0ApiHandlers = {
     rules,
     rulesConfigs,
@@ -78,5 +79,6 @@ const auth0ApiHandlers = {
     triggers,
     organizations,
     attackProtection,
+    logStreams,
 };
 exports.default = auth0ApiHandlers; // TODO: apply stronger types to schema properties

package/lib/tools/auth0/handlers/logStreams.d.ts

@@ -0,0 +1,40 @@
+import DefaultAPIHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            id: {
+                type: string;
+            };
+            type: {
+                type: string;
+            };
+            name: {
+                type: string;
+            };
+            status: {
+                type: string;
+                enum: string[];
+            };
+            sink: {
+                type: string;
+            };
+            filters: {
+                type: string;
+                items: {
+                    type: string;
+                };
+            };
+        };
+        required: string[];
+    };
+};
+export default class LogStreamsHandler extends DefaultAPIHandler {
+    existing: Asset[] | null;
+    constructor(config: DefaultAPIHandler);
+    objString(item: Asset): string;
+    getType(): Promise<Asset>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/logStreams.js

@@ -0,0 +1,77 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const default_1 = __importDefault(require("./default"));
+exports.schema = {
+    type: 'array',
+    items: {
+        type: 'object',
+        properties: {
+            id: { type: 'string' },
+            type: { type: 'string' },
+            name: { type: 'string' },
+            status: { type: 'string', enum: ['active', 'paused', 'suspended'] },
+            sink: { type: 'object' },
+            filters: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                },
+            },
+        },
+        required: ['name'],
+    },
+};
+class LogStreamsHandler extends default_1.default {
+    constructor(config) {
+        super(Object.assign(Object.assign({}, config), { type: 'logStreams', stripUpdateFields: ['type'], stripCreateFields: ['status', 'sink.awsPartnerEventSource'], sensitiveFieldsToObfuscate: ['sink.httpAuthorization'] }));
+    }
+    objString(item) {
+        return super.objString(item.name);
+    }
+    getType() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.existing) {
+                return this.existing;
+            }
+            const logStreams = yield this.client.logStreams.getAll({ paginate: false });
+            const nonSuspendedLogStreams = logStreams.filter((logStream) => logStream.status !== 'suspended');
+            this.existing = nonSuspendedLogStreams;
+            return nonSuspendedLogStreams;
+        });
+    }
+    processChanges(assets) {
+        const _super = Object.create(null, {
+            processChanges: { get: () => super.processChanges }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            const { logStreams } = assets;
+            // Do nothing if not set
+            if (!logStreams)
+                return;
+            // Figure out what needs to be updated vs created
+            const changes = yield this.calcChanges(assets).then((changes) => {
+                return Object.assign(Object.assign({}, changes), { update: changes.update.map((update) => {
+                        if (update.type === 'eventbridge' || update.type === 'eventgrid') {
+                            delete update.sink;
+                        }
+                        return update;
+                    }) });
+            });
+            yield _super.processChanges.call(this, assets, changes);
+        });
+    }
+}
+exports.default = LogStreamsHandler;