auth0-deploy-cli 8.22.0 → 8.23.1

package/lib/tools/auth0/handlers/default.js

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -28,6 +19,50 @@ function order(value) {
         return descriptor;
     };
 }
+// Retry configuration constants
+const DEFAULT_MAX_RETRIES = 3;
+const DEFAULT_INITIAL_DELAY_MS = 1000; // 1 second
+const DEFAULT_MAX_DELAY_MS = 30000; // 30 seconds
+/**
+ * Executes a function with exponential backoff retry logic for rate limit errors (429).
+ *
+ * @param fn - The function to execute with retry logic
+ * @param options - Configuration options for retry behavior
+ * @returns Promise that resolves with the function result or rejects after max retries
+ */
+async function retryWithExponentialBackoff(fn, options = {}) {
+    const { maxRetries = DEFAULT_MAX_RETRIES, initialDelay = DEFAULT_INITIAL_DELAY_MS, maxDelay = DEFAULT_MAX_DELAY_MS, onRetry = () => { }, } = options;
+    let lastError;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (error) {
+            lastError = error;
+            // Only retry on rate limit errors (429)
+            const isRateLimitError = error?.statusCode === 429 ||
+                error?.message?.includes('429') ||
+                error?.message?.includes('Too Many Requests') ||
+                error?.message?.includes('TooManyRequestsError') ||
+                error?.message?.includes('Global limit has been reached');
+            if (!isRateLimitError || attempt === maxRetries) {
+                throw error;
+            }
+            // Calculate delay with exponential backoff and jitter
+            const exponentialDelay = initialDelay * 2 ** attempt;
+            const jitter = Math.random() * 1000; // 0-1s randomization to prevent thundering herd
+            const delay = Math.min(exponentialDelay + jitter, maxDelay);
+            // Check for Retry-After header (if available in error response)
+            const retryAfter = error?.rawResponse?.headers?.get('retry-after');
+            const finalDelay = retryAfter ? parseInt(retryAfter, 10) * 1000 : delay;
+            onRetry(error, attempt + 1, finalDelay);
+            await new Promise((resolve) => {
+                setTimeout(resolve, finalDelay);
+            });
+        }
+    }
+    throw lastError;
+}
 class APIHandler {
     constructor(options) {
         this.config = options.config;
@@ -40,7 +75,13 @@ class APIHandler {
         this.stripUpdateFields = [...(options.stripUpdateFields || []), this.id];
         this.sensitiveFieldsToObfuscate = options.sensitiveFieldsToObfuscate || [];
         this.stripCreateFields = options.stripCreateFields || [];
-        this.functions = Object.assign({ getAll: 'getAll', create: 'create', delete: 'delete', update: 'update' }, (options.functions || {}));
+        this.functions = {
+            list: 'list',
+            create: 'create',
+            delete: 'delete',
+            update: 'update',
+            ...(options.functions || {}),
+        };
         this.updated = 0;
         this.created = 0;
         this.deleted = 0;
@@ -57,7 +98,7 @@ class APIHandler {
     }
     didCreate(item) {
         if (typeof item === 'object' && item instanceof auth0_1.JSONApiResponse) {
-            logger_1.default.info(`Created [${this.type}]: ${this.objString(item === null || item === void 0 ? void 0 : item.data)}`);
+            logger_1.default.info(`Created [${this.type}]: ${this.objString(item?.data)}`);
         }
         else {
             logger_1.default.info(`Created [${this.type}]: ${this.objString(item)}`);
@@ -65,7 +106,7 @@ class APIHandler {
     }
     didUpdate(item) {
         if (typeof item === 'object' && item instanceof auth0_1.JSONApiResponse) {
-            logger_1.default.info(`Updated [${this.type}]: ${this.objString(item === null || item === void 0 ? void 0 : item.data)}`);
+            logger_1.default.info(`Updated [${this.type}]: ${this.objString(item?.data)}`);
         }
         else {
             logger_1.default.info(`Updated [${this.type}]: ${this.objString(item)}`);
@@ -74,181 +115,179 @@ class APIHandler {
     objString(item) {
         return (0, utils_1.convertJsonToString)(item);
     }
-    getType() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Each type to impl how to get the existing as its not consistent across the mgnt api.
-            throw new Error(`Must implement getType for type ${this.type}`);
-        });
-    }
-    load() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Load Asset from Tenant
-            const data = yield (() => __awaiter(this, void 0, void 0, function* () {
-                const { data, hadSufficientScopes, requiredScopes } = yield (0, utils_1.detectInsufficientScopeError)(this.getType.bind(this));
-                if (!hadSufficientScopes) {
-                    logger_1.default.warn(`Cannot retrieve ${this.type} due to missing scopes: ${requiredScopes}`);
-                    return null;
-                }
-                logger_1.default.info(`Retrieving ${this.type} data from Auth0`);
-                return data;
-            }))();
-            this.existing = (0, utils_1.obfuscateSensitiveValues)(data, this.sensitiveFieldsToObfuscate);
-            return { [this.type]: this.existing };
-        });
+    async getType() {
+        // Each type to impl how to get the existing as its not consistent across the mgnt api.
+        throw new Error(`Must implement getType for type ${this.type}`);
     }
-    calcChanges(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const typeAssets = assets[this.type];
-            // Do nothing if not set
-            if (!typeAssets) {
-                return {
-                    del: [],
-                    create: [],
-                    conflicts: [],
-                    update: [],
-                };
+    async load() {
+        // Load Asset from Tenant
+        const data = await (async () => {
+            const { data, hadSufficientScopes, requiredScopes } = await (0, utils_1.detectInsufficientScopeError)(this.getType.bind(this));
+            if (!hadSufficientScopes) {
+                logger_1.default.warn(`Cannot retrieve ${this.type} due to missing scopes: ${requiredScopes}`);
+                return null;
             }
-            const existing = yield this.getType();
-            // Figure out what needs to be updated vs created
-            return (0, calculateChanges_1.calculateChanges)({
-                handler: this,
-                assets: typeAssets,
-                allowDelete: !!this.config('AUTH0_ALLOW_DELETE'),
-                //@ts-ignore TODO: investigate what happens when `existing` is null
-                existing,
-                identifiers: this.identifiers,
-            });
+            logger_1.default.info(`Retrieving ${this.type} data from Auth0`);
+            return data;
+        })();
+        this.existing = (0, utils_1.obfuscateSensitiveValues)(data, this.sensitiveFieldsToObfuscate);
+        return { [this.type]: this.existing };
+    }
+    async calcChanges(assets) {
+        const typeAssets = assets[this.type];
+        // Do nothing if not set
+        if (!typeAssets) {
+            return {
+                del: [],
+                create: [],
+                conflicts: [],
+                update: [],
+            };
+        }
+        const existing = await this.getType();
+        // Figure out what needs to be updated vs created
+        return (0, calculateChanges_1.calculateChanges)({
+            handler: this,
+            assets: typeAssets,
+            allowDelete: !!this.config('AUTH0_ALLOW_DELETE'),
+            //@ts-ignore TODO: investigate what happens when `existing` is null
+            existing,
+            identifiers: this.identifiers,
         });
     }
-    validate(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Ensure no duplication in id and name
-            const typeAssets = assets[this.type];
-            // Do nothing if not set
-            if (!Array.isArray(typeAssets))
-                return;
-            // Do not allow items with same name
-            const duplicateNames = (0, utils_1.duplicateItems)(typeAssets, 'name');
-            if (duplicateNames.length > 0) {
-                const formatted = duplicateNames.map((dups) => dups.map((d) => `${d.name}`));
-                throw new validationError_1.default(`There are multiple ${this.type} with the same name combinations
+    async validate(assets) {
+        // Ensure no duplication in id and name
+        const typeAssets = assets[this.type];
+        // Do nothing if not set
+        if (!Array.isArray(typeAssets))
+            return;
+        // Do not allow items with same name
+        const duplicateNames = (0, utils_1.duplicateItems)(typeAssets, 'name');
+        if (duplicateNames.length > 0) {
+            const formatted = duplicateNames.map((dups) => dups.map((d) => `${d.name}`));
+            throw new validationError_1.default(`There are multiple ${this.type} with the same name combinations
       ${(0, utils_1.convertJsonToString)(formatted)}.
        Names must be unique.`);
-            }
-            // Do not allow items with same id
-            const duplicateIDs = (0, utils_1.duplicateItems)(typeAssets, this.id);
-            if (duplicateIDs.length > 0) {
-                const formatted = duplicateIDs.map((dups) => dups.map((d) => `${d[this.id]}`));
-                throw new validationError_1.default(`There are multiple ${this.type} for the following stage-order combinations
+        }
+        // Do not allow items with same id
+        const duplicateIDs = (0, utils_1.duplicateItems)(typeAssets, this.id);
+        if (duplicateIDs.length > 0) {
+            const formatted = duplicateIDs.map((dups) => dups.map((d) => `${d[this.id]}`));
+            throw new validationError_1.default(`There are multiple ${this.type} for the following stage-order combinations
       ${(0, utils_1.convertJsonToString)(formatted)}.
        Only one rule must be defined for the same order number in a stage.`);
-            }
-        });
+        }
     }
-    processChanges(assets, changes) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!changes) {
-                changes = yield this.calcChanges(assets);
-            }
-            const del = changes.del || [];
-            const update = changes.update || [];
-            const create = changes.create || [];
-            const conflicts = changes.conflicts || [];
-            logger_1.default.debug(`Start processChanges for ${this.type} [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`);
-            // Process Deleted
-            if (del.length > 0) {
-                const allowDelete = this.config('AUTH0_ALLOW_DELETE') === 'true' || this.config('AUTH0_ALLOW_DELETE') === true;
-                const byExtension = this.config('EXTENSION_SECRET') &&
-                    (this.type === 'rules' || this.type === 'resourceServers');
-                const shouldDelete = allowDelete || byExtension;
-                if (!shouldDelete) {
-                    logger_1.default.warn(`Detected the following ${this.type} should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
+    async processChanges(assets, changes) {
+        if (!changes) {
+            changes = await this.calcChanges(assets);
+        }
+        const del = changes.del || [];
+        const update = changes.update || [];
+        const create = changes.create || [];
+        const conflicts = changes.conflicts || [];
+        logger_1.default.debug(`Start processChanges for ${this.type} [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`);
+        // Set retry configuration from config
+        const retryConfig = {
+            maxRetries: this.config('AUTH0_MAX_RETRIES') || DEFAULT_MAX_RETRIES,
+            initialDelay: this.config('AUTH0_RETRY_INITIAL_DELAY_MS') || DEFAULT_INITIAL_DELAY_MS,
+            maxDelay: this.config('AUTH0_RETRY_MAX_DELAY_MS') || DEFAULT_MAX_DELAY_MS,
+            onRetry: (error, attempt, delay) => {
+                logger_1.default.warn(`Rate limit hit for [${this.type}]. Retrying attempt ${attempt}/${retryConfig.maxRetries} after ${Math.round(delay / 1000)}s...`);
+            },
+        };
+        // Process Deleted
+        if (del.length > 0) {
+            const allowDelete = this.config('AUTH0_ALLOW_DELETE') === 'true' || this.config('AUTH0_ALLOW_DELETE') === true;
+            const byExtension = this.config('EXTENSION_SECRET') &&
+                (this.type === 'rules' || this.type === 'resourceServers');
+            const shouldDelete = allowDelete || byExtension;
+            if (!shouldDelete) {
+                logger_1.default.warn(`Detected the following ${this.type} should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
         \n${changes.del.map((i) => this.objString(i)).join('\n')}
          `);
-                }
-                else {
-                    yield this.client.pool
-                        .addEachTask({
-                        data: del || [],
-                        generator: (delItem) => {
-                            const delFunction = this.getClientFN(this.functions.delete);
-                            return delFunction({ [this.id]: delItem[this.id] })
-                                .then(() => {
-                                this.didDelete(delItem);
-                                this.deleted += 1;
-                            })
-                                .catch((err) => {
-                                throw new Error(`Problem deleting ${this.type} ${this.objString(delItem)}\n${err}`);
-                            });
-                        },
-                    })
-                        .promise();
-                }
             }
-            // Process Renaming Entries Temp due to conflicts in names
-            yield this.client.pool
-                .addEachTask({
-                data: conflicts || [],
-                generator: (updateItem) => {
-                    const updateFN = this.getClientFN(this.functions.update);
-                    const params = { [this.id]: updateItem[this.id] };
-                    const updatePayload = (() => {
-                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
-                    })();
-                    return updateFN(params, updatePayload)
-                        .then((data) => this.didUpdate(data))
-                        .catch((err) => {
-                        throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
-                    });
-                },
-            })
-                .promise();
-            // Process Creations
-            yield this.client.pool
-                .addEachTask({
-                data: create || [],
-                generator: (createItem) => {
-                    const createFunction = this.getClientFN(this.functions.create);
-                    const createPayload = (() => {
-                        const strippedPayload = (0, utils_1.stripFields)(createItem, this.stripCreateFields);
-                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(strippedPayload, this.sensitiveFieldsToObfuscate);
-                    })();
-                    return createFunction(createPayload)
-                        .then((data) => {
-                        this.didCreate(data);
-                        this.created += 1;
+            else {
+                await this.client.pool
+                    .addEachTask({
+                    data: del || [],
+                    generator: (delItem) => retryWithExponentialBackoff(() => {
+                        const delFunction = this.getClientFN(this.functions.delete);
+                        return delFunction(delItem[this.id]);
+                    }, retryConfig)
+                        .then(() => {
+                        this.didDelete(delItem);
+                        this.deleted += 1;
                     })
                         .catch((err) => {
-                        throw new Error(`Problem creating ${this.type} ${this.objString(createItem)}\n${err}`);
-                    });
-                },
+                        throw new Error(`Problem deleting ${this.type} ${this.objString(delItem)}\n${err}`);
+                    }),
+                })
+                    .promise();
+            }
+        }
+        // Process Renaming Entries Temp due to conflicts in names
+        await this.client.pool
+            .addEachTask({
+            data: conflicts || [],
+            generator: (updateItem) => retryWithExponentialBackoff(() => {
+                const updateFN = this.getClientFN(this.functions.update);
+                const params = { [this.id]: updateItem[this.id] };
+                const updatePayload = (() => {
+                    const data = (0, utils_1.stripFields)({ ...updateItem }, this.stripUpdateFields);
+                    return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                })();
+                return updateFN(params, updatePayload);
+            }, retryConfig)
+                .then((data) => this.didUpdate(data))
+                .catch((err) => {
+                throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
+            }),
+        })
+            .promise();
+        // Process Creations
+        await this.client.pool
+            .addEachTask({
+            data: create || [],
+            generator: (createItem) => retryWithExponentialBackoff(() => {
+                const createFunction = this.getClientFN(this.functions.create);
+                const createPayload = (() => {
+                    const strippedPayload = (0, utils_1.stripFields)(createItem, this.stripCreateFields);
+                    return (0, utils_1.stripObfuscatedFieldsFromPayload)(strippedPayload, this.sensitiveFieldsToObfuscate);
+                })();
+                return createFunction(createPayload);
+            }, retryConfig)
+                .then((data) => {
+                this.didCreate(data);
+                this.created += 1;
             })
-                .promise();
-            // Process Updates and strip fields not allowed in updates
-            yield this.client.pool
-                .addEachTask({
-                data: update || [],
-                generator: (updateItem) => {
-                    const updateFN = this.getClientFN(this.functions.update);
-                    const params = { [this.id]: updateItem[this.id] };
-                    const updatePayload = (() => {
-                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
-                    })();
-                    return updateFN(params, updatePayload)
-                        .then((data) => {
-                        this.didUpdate(data);
-                        this.updated += 1;
-                    })
-                        .catch((err) => {
-                        throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
-                    });
-                },
+                .catch((err) => {
+                throw new Error(`Problem creating ${this.type} ${this.objString(createItem)}\n${err}`);
+            }),
+        })
+            .promise();
+        // Process Updates and strip fields not allowed in updates
+        await this.client.pool
+            .addEachTask({
+            data: update || [],
+            generator: (updateItem) => retryWithExponentialBackoff(() => {
+                const updateFN = this.getClientFN(this.functions.update);
+                const params = { [this.id]: updateItem[this.id] };
+                const updatePayload = (() => {
+                    const data = (0, utils_1.stripFields)({ ...updateItem }, this.stripUpdateFields);
+                    return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                })();
+                return updateFN(params, updatePayload);
+            }, retryConfig)
+                .then((data) => {
+                this.didUpdate(data);
+                this.updated += 1;
             })
-                .promise();
-        });
+                .catch((err) => {
+                throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
+            }),
+        })
+            .promise();
     }
 }
 exports.default = APIHandler;
-//# sourceMappingURL=default.js.map

package/lib/tools/auth0/handlers/emailProvider.js

@@ -38,15 +38,6 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
 const lodash_1 = require("lodash");
@@ -56,61 +47,59 @@ exports.schema = { type: 'object' };
 const defaultFields = ['name', 'enabled', 'credentials', 'settings', 'default_from_address'];
 class EmailProviderHandler extends default_1.default {
     constructor(options) {
-        super(Object.assign(Object.assign({}, options), { type: 'emailProvider' }));
-    }
-    getType() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const { data } = yield this.client.emails.get({
-                    include_fields: true,
-                    fields: defaultFields.join(','),
-                });
-                return data;
-            }
-            catch (err) {
-                if (err.statusCode === 404)
-                    return {};
-                throw err;
-            }
+        super({
+            ...options,
+            type: 'emailProvider',
         });
     }
+    async getType() {
+        try {
+            const emailProvider = await this.client.emails.provider.get({
+                include_fields: true,
+                fields: defaultFields.join(','),
+            });
+            return emailProvider;
+        }
+        catch (err) {
+            if (err.statusCode === 404)
+                return {};
+            throw err;
+        }
+    }
     objString(provider) {
         return super.objString({ name: provider.name, enabled: provider.enabled });
     }
-    processChanges(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { emailProvider } = assets;
-            if (!emailProvider)
-                return;
-            const existing = yield this.getType();
-            // HTTP DELETE on emails/provider is not supported, as this is not part of our vNext SDK.
-            if (Object.keys(emailProvider).length === 0) {
-                if (this.config('AUTH0_ALLOW_DELETE') === true) {
-                    // await this.client.emails.delete(); is not supported
-                    if ((0, lodash_1.isEmpty)(existing.credentials)) {
-                        delete existing.credentials;
-                    }
-                    const updated = yield this.client.emails.update(existing);
-                    this.updated += 1;
-                    this.didUpdate(updated);
+    async processChanges(assets) {
+        const { emailProvider } = assets;
+        if (!emailProvider)
+            return;
+        const existing = await this.getType();
+        // HTTP DELETE on emails/provider is not supported, as this is not part of our vNext SDK.
+        if (Object.keys(emailProvider).length === 0) {
+            if (this.config('AUTH0_ALLOW_DELETE') === true) {
+                // await this.client.emails.delete(); is not supported
+                if ((0, lodash_1.isEmpty)(existing.credentials)) {
+                    delete existing.credentials;
                 }
-                return;
-            }
-            if (existing.name) {
-                const updated = yield this.client.emails.update(emailProvider);
+                const updated = await this.client.emails.provider.update(existing);
                 this.updated += 1;
                 this.didUpdate(updated);
             }
-            else {
-                const created = yield this.client.emails.configure(emailProvider);
-                this.created += 1;
-                this.didCreate(created);
-            }
-        });
+            return;
+        }
+        if (existing.name) {
+            const updated = await this.client.emails.provider.update(emailProvider);
+            this.updated += 1;
+            this.didUpdate(updated);
+        }
+        else {
+            const created = await this.client.emails.provider.create(emailProvider);
+            this.created += 1;
+            this.didCreate(created);
+        }
     }
 }
 exports.default = EmailProviderHandler;
 __decorate([
     (0, default_1.order)('60')
 ], EmailProviderHandler.prototype, "processChanges", null);
-//# sourceMappingURL=emailProvider.js.map

package/lib/tools/auth0/handlers/emailTemplates.d.ts

@@ -20,6 +20,7 @@ export declare const schema: {
 };
 export default class EmailTemplateHandler extends DefaultHandler {
     constructor(options: DefaultHandler);
+    objString(item: any): string;
     getType(): Promise<Asset>;
     updateOrCreate(emailTemplate: any): Promise<void>;
     processChanges(assets: Assets): Promise<void>;