auth0-deploy-cli 8.22.0 → 8.23.0

package/lib/tools/auth0/handlers/themes.js

@@ -38,15 +38,6 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -54,98 +45,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
 const logger_1 = __importDefault(require("../../../logger"));
 const default_1 = __importStar(require("./default"));
-class ThemesHandler extends default_1.default {
-    constructor(options) {
-        super(Object.assign(Object.assign({}, options), { type: 'themes', id: 'themeId' }));
-    }
-    objString(theme) {
-        return theme.displayName || JSON.stringify(theme);
-    }
-    getType() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.existing) {
-                this.existing = yield this.getThemes();
-            }
-            return this.existing;
-        });
-    }
-    processChanges(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { themes } = assets;
-            // Non existing section means themes doesn't need to be processed
-            if (!themes) {
-                return;
-            }
-            // Empty array means themes should be deleted
-            if (themes.length === 0) {
-                return this.deleteThemes();
-            }
-            return this.updateThemes(themes);
-        });
-    }
-    deleteThemes() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.config('AUTH0_ALLOW_DELETE')) {
-                return;
-            }
-            // if theme exists we need to delete it
-            const currentThemes = yield this.getThemes();
-            if (currentThemes === null || currentThemes.length === 0) {
-                return;
-            }
-            const currentTheme = currentThemes[0];
-            yield this.client.branding.deleteTheme({ themeId: currentTheme.themeId });
-            this.deleted += 1;
-            this.didDelete(currentTheme);
-        });
-    }
-    updateThemes(themes) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (themes.length > 1) {
-                logger_1.default.warn('Only one theme is supported per tenant');
-            }
-            const currentThemes = yield this.getThemes();
-            const themeReqPayload = (() => {
-                // Removing themeId from update and create payloads, otherwise API will error
-                // Theme ID may be required to handle if `--export_ids=true`
-                const payload = themes[0];
-                //@ts-ignore to quell non-optional themeId property, but we know that it's ok to delete
-                delete payload.themeId;
-                return payload;
-            })();
-            if (currentThemes === null || currentThemes.length === 0) {
-                yield this.client.branding.createTheme(themeReqPayload);
-            }
-            else {
-                const currentTheme = currentThemes[0];
-                // if theme exists, overwrite it otherwise create it
-                yield this.client.branding.updateTheme({ themeId: currentTheme.themeId }, themeReqPayload);
-            }
-            this.updated += 1;
-            this.didUpdate(themes[0]);
-        });
-    }
-    getThemes() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const { data: theme } = yield this.client.branding.getDefaultTheme();
-                return [theme];
-            }
-            catch (err) {
-                if (err.statusCode === 404)
-                    return [];
-                if (err.statusCode === 400)
-                    return null;
-                // Errors other than 404 (theme doesn't exist) or 400 (no-code not enabled) shouldn't be expected
-                throw err;
-            }
-        });
-    }
-}
-exports.default = ThemesHandler;
-__decorate([
-    (0, default_1.order)('60') // Run after custom domains.
-], ThemesHandler.prototype, "processChanges", null);
 /**
  * Schema
  */
@@ -558,4 +457,89 @@ exports.schema = {
         type: 'object',
     },
 };
-//# sourceMappingURL=themes.js.map
+class ThemesHandler extends default_1.default {
+    constructor(options) {
+        super({
+            ...options,
+            type: 'themes',
+            id: 'themeId',
+        });
+    }
+    objString(theme) {
+        return theme.displayName || JSON.stringify(theme);
+    }
+    async getType() {
+        if (!this.existing) {
+            this.existing = await this.getThemes();
+        }
+        return this.existing;
+    }
+    async processChanges(assets) {
+        const { themes } = assets;
+        // Non existing section means themes doesn't need to be processed
+        if (!themes) {
+            return;
+        }
+        // Empty array means themes should be deleted
+        if (themes.length === 0) {
+            return this.deleteThemes();
+        }
+        return this.updateThemes(themes);
+    }
+    async deleteThemes() {
+        if (!this.config('AUTH0_ALLOW_DELETE')) {
+            return;
+        }
+        // if theme exists we need to delete it
+        const currentThemes = await this.getThemes();
+        if (currentThemes === null || currentThemes.length === 0) {
+            return;
+        }
+        const currentTheme = currentThemes[0];
+        await this.client.branding.themes.delete(currentTheme.themeId);
+        this.deleted += 1;
+        this.didDelete(currentTheme);
+    }
+    async updateThemes(themes) {
+        if (themes.length > 1) {
+            logger_1.default.warn('Only one theme is supported per tenant');
+        }
+        const currentThemes = await this.getThemes();
+        const themeReqPayload = (() => {
+            // Removing themeId from update and create payloads, otherwise API will error
+            // Theme ID may be required to handle if `--export_ids=true`
+            const payload = themes[0];
+            // @ts-ignore to quell non-optional themeId property, but we know that it's ok to delete
+            delete payload.themeId;
+            return payload;
+        })();
+        if (currentThemes === null || currentThemes.length === 0) {
+            await this.client.branding.themes.create(themeReqPayload);
+        }
+        else {
+            const currentTheme = currentThemes[0];
+            // if theme exists, overwrite it otherwise create it
+            await this.client.branding.themes.update(currentTheme.themeId, themeReqPayload);
+        }
+        this.updated += 1;
+        this.didUpdate(themes[0]);
+    }
+    async getThemes() {
+        try {
+            const theme = await this.client.branding.themes.getDefault();
+            return [theme];
+        }
+        catch (err) {
+            if (err.statusCode === 404)
+                return [];
+            if (err.statusCode === 400)
+                return null;
+            // Errors other than 404 (theme doesn't exist) or 400 (no-code not enabled) shouldn't be expected
+            throw err;
+        }
+    }
+}
+exports.default = ThemesHandler;
+__decorate([
+    (0, default_1.order)('60') // Run after custom domains.
+], ThemesHandler.prototype, "processChanges", null);

package/lib/tools/auth0/handlers/tokenExchangeProfiles.d.ts

@@ -0,0 +1,60 @@
+import { Management } from 'auth0';
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export type TokenExchangeProfile = Management.TokenExchangeProfileResponseContent;
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                description: string;
+            };
+            id: {
+                type: string;
+                description: string;
+            };
+            subject_token_type: {
+                type: string;
+                description: string;
+            };
+            action: {
+                type: string;
+                description: string;
+            };
+            type: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            created_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+            updated_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class TokenExchangeProfilesHandler extends DefaultHandler {
+    existing: TokenExchangeProfile[];
+    private actions;
+    constructor(config: DefaultHandler);
+    private sanitizeForExport;
+    private sanitizeForAPI;
+    getActions(): Promise<Asset[]>;
+    getType(): Promise<TokenExchangeProfile[]>;
+    processChanges(assets: Assets): Promise<void>;
+    createTokenExchangeProfile(profile: TokenExchangeProfile): Promise<TokenExchangeProfile>;
+    createTokenExchangeProfiles(creates: TokenExchangeProfile[]): Promise<void>;
+    updateTokenExchangeProfile(profile: TokenExchangeProfile): Promise<void>;
+    updateTokenExchangeProfiles(updates: TokenExchangeProfile[]): Promise<void>;
+    deleteTokenExchangeProfile(profile: TokenExchangeProfile): Promise<void>;
+    deleteTokenExchangeProfiles(data: TokenExchangeProfile[]): Promise<void>;
+}

package/lib/tools/auth0/handlers/tokenExchangeProfiles.js

@@ -0,0 +1,271 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const default_1 = __importStar(require("./default"));
+const client_1 = require("../client");
+const logger_1 = __importDefault(require("../../../logger"));
+exports.schema = {
+    type: 'array',
+    items: {
+        type: 'object',
+        properties: {
+            name: {
+                type: 'string',
+                description: 'The name of the token exchange profile',
+            },
+            id: {
+                type: 'string',
+                description: 'The unique identifier of the token exchange profile',
+            },
+            subject_token_type: {
+                type: 'string',
+                description: 'The URI representing the subject token type',
+            },
+            action: {
+                type: 'string',
+                description: 'The name of the action associated with this profile',
+            },
+            type: {
+                type: 'string',
+                enum: ['custom_authentication'],
+                description: 'The type of token exchange profile',
+            },
+            created_at: {
+                type: 'string',
+                format: 'date-time',
+                description: 'The timestamp when the profile was created',
+            },
+            updated_at: {
+                type: 'string',
+                format: 'date-time',
+                description: 'The timestamp when the profile was last updated',
+            },
+        },
+        required: ['name', 'subject_token_type', 'action', 'type'],
+    },
+};
+class TokenExchangeProfilesHandler extends default_1.default {
+    constructor(config) {
+        super({
+            ...config,
+            type: 'tokenExchangeProfiles',
+            id: 'id',
+            identifiers: ['id', 'name'],
+            // Only name and subject_token_type can be updated
+            stripUpdateFields: ['id', 'created_at', 'updated_at', 'action_id', 'type'],
+            stripCreateFields: ['id', 'created_at', 'updated_at'],
+        });
+    }
+    sanitizeForExport(profile, actions) {
+        if (profile.action_id) {
+            const action = actions?.find((a) => a.id === profile.action_id);
+            if (action) {
+                const { action_id, ...rest } = profile;
+                return { ...rest, action: action.name };
+            }
+            else {
+                logger_1.default.warn(`Token exchange profile "${profile.name}" references action with ID "${profile.action_id}" which was not found`);
+            }
+        }
+        return profile;
+    }
+    sanitizeForAPI(profile, actions) {
+        if (profile.action) {
+            const foundAction = actions?.find((a) => a.name === profile.action);
+            if (foundAction) {
+                const { action, ...rest } = profile;
+                return { ...rest, action_id: foundAction.id };
+            }
+            else {
+                throw new Error(`Token exchange profile "${profile.name}" references action "${profile.action}" which was not found`);
+            }
+        }
+        if (!profile.action_id) {
+            throw new Error(`Token exchange profile "${profile.name}" is missing action reference. ` +
+                `Expected "action" (name) or "action_id" (ID) field.`);
+        }
+        return profile;
+    }
+    async getActions() {
+        if (this.actions)
+            return this.actions;
+        this.actions = await (0, client_1.paginate)(this.client.actions.list, {
+            paginate: true,
+        });
+        return this.actions;
+    }
+    async getType() {
+        if (this.existing)
+            return this.existing;
+        try {
+            // Fetch all token exchange profiles
+            const profiles = await (0, client_1.paginate)(this.client.tokenExchangeProfiles.list, {
+                paginate: true,
+            });
+            // Fetch all actions to map action_id to action name
+            const actions = await this.getActions();
+            // Map action_id to action name for each profile
+            this.existing = profiles.map((profile) => this.sanitizeForExport(profile, actions));
+            return this.existing;
+        }
+        catch (err) {
+            if (err.statusCode === 403) {
+                logger_1.default.warn('Token Exchange Profiles feature is not available on this tenant. Please contact Auth0 support to enable this feature.');
+                return [];
+            }
+            throw err;
+        }
+    }
+    async processChanges(assets) {
+        const { tokenExchangeProfiles } = assets;
+        // Do nothing if not set
+        if (!tokenExchangeProfiles)
+            return;
+        // Fetch actions to resolve action names to IDs
+        const actions = await this.getActions();
+        // Map action names to action_ids before processing
+        const sanitizedProfiles = tokenExchangeProfiles.map((profile) => this.sanitizeForAPI(profile, actions));
+        // Create modified assets with sanitized profiles
+        const modifiedAssets = {
+            ...assets,
+            tokenExchangeProfiles: sanitizedProfiles,
+        };
+        // Calculate changes
+        const { del, update, create, conflicts } = await this.calcChanges(modifiedAssets);
+        logger_1.default.debug(`Start processChanges for tokenExchangeProfiles [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`);
+        // Process changes in order: delete, create, update
+        const changes = [{ del }, { create }, { update }];
+        await Promise.all(changes.map(async (change) => {
+            switch (true) {
+                case change.del && change.del.length > 0:
+                    await this.deleteTokenExchangeProfiles(change.del || []);
+                    break;
+                case change.create && change.create.length > 0:
+                    await this.createTokenExchangeProfiles(change.create);
+                    break;
+                case change.update && change.update.length > 0:
+                    if (change.update)
+                        await this.updateTokenExchangeProfiles(change.update);
+                    break;
+                default:
+                    break;
+            }
+        }));
+    }
+    async createTokenExchangeProfile(profile) {
+        const { id, created_at, updated_at, ...createParams } = profile;
+        const created = await this.client.tokenExchangeProfiles.create(createParams);
+        return created;
+    }
+    async createTokenExchangeProfiles(creates) {
+        await this.client.pool
+            .addEachTask({
+            data: creates || [],
+            generator: (item) => this.createTokenExchangeProfile(item)
+                .then((data) => {
+                this.didCreate(data);
+                this.created += 1;
+            })
+                .catch((err) => {
+                throw new Error(`Problem creating ${this.type} ${this.objString(item)}\n${err}`);
+            }),
+        })
+            .promise();
+    }
+    async updateTokenExchangeProfile(profile) {
+        const { id, created_at, updated_at, action_id, type, ...updateParams } = profile;
+        if (!id) {
+            throw new Error(`Cannot update token exchange profile "${profile.name}" - missing id`);
+        }
+        await this.client.tokenExchangeProfiles.update(id, updateParams);
+    }
+    async updateTokenExchangeProfiles(updates) {
+        await this.client.pool
+            .addEachTask({
+            data: updates || [],
+            generator: (item) => this.updateTokenExchangeProfile(item)
+                .then(() => {
+                this.didUpdate(item);
+                this.updated += 1;
+            })
+                .catch((err) => {
+                throw new Error(`Problem updating ${this.type} ${this.objString(item)}\n${err}`);
+            }),
+        })
+            .promise();
+    }
+    async deleteTokenExchangeProfile(profile) {
+        if (!profile.id) {
+            throw new Error(`Cannot delete token exchange profile "${profile.name}" - missing id`);
+        }
+        await this.client.tokenExchangeProfiles.delete(profile.id);
+    }
+    async deleteTokenExchangeProfiles(data) {
+        if (this.config('AUTH0_ALLOW_DELETE') === 'true' ||
+            this.config('AUTH0_ALLOW_DELETE') === true) {
+            await this.client.pool
+                .addEachTask({
+                data: data || [],
+                generator: (item) => this.deleteTokenExchangeProfile(item)
+                    .then(() => {
+                    this.didDelete(item);
+                    this.deleted += 1;
+                })
+                    .catch((err) => {
+                    throw new Error(`Problem deleting ${this.type} ${this.objString(item)}\n${err}`);
+                }),
+            })
+                .promise();
+        }
+        else {
+            logger_1.default.warn(`Detected the following tokenExchangeProfile should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
+      \n${data.map((i) => this.objString(i)).join('\n')}`);
+        }
+    }
+}
+exports.default = TokenExchangeProfilesHandler;
+__decorate([
+    (0, default_1.order)('65')
+], TokenExchangeProfilesHandler.prototype, "processChanges", null);