auth0-deploy-cli 8.22.0 → 8.23.1

package/lib/tools/auth0/handlers/themes.js

@@ -38,15 +38,6 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -54,98 +45,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
 const logger_1 = __importDefault(require("../../../logger"));
 const default_1 = __importStar(require("./default"));
-class ThemesHandler extends default_1.default {
-    constructor(options) {
-        super(Object.assign(Object.assign({}, options), { type: 'themes', id: 'themeId' }));
-    }
-    objString(theme) {
-        return theme.displayName || JSON.stringify(theme);
-    }
-    getType() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.existing) {
-                this.existing = yield this.getThemes();
-            }
-            return this.existing;
-        });
-    }
-    processChanges(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { themes } = assets;
-            // Non existing section means themes doesn't need to be processed
-            if (!themes) {
-                return;
-            }
-            // Empty array means themes should be deleted
-            if (themes.length === 0) {
-                return this.deleteThemes();
-            }
-            return this.updateThemes(themes);
-        });
-    }
-    deleteThemes() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.config('AUTH0_ALLOW_DELETE')) {
-                return;
-            }
-            // if theme exists we need to delete it
-            const currentThemes = yield this.getThemes();
-            if (currentThemes === null || currentThemes.length === 0) {
-                return;
-            }
-            const currentTheme = currentThemes[0];
-            yield this.client.branding.deleteTheme({ themeId: currentTheme.themeId });
-            this.deleted += 1;
-            this.didDelete(currentTheme);
-        });
-    }
-    updateThemes(themes) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (themes.length > 1) {
-                logger_1.default.warn('Only one theme is supported per tenant');
-            }
-            const currentThemes = yield this.getThemes();
-            const themeReqPayload = (() => {
-                // Removing themeId from update and create payloads, otherwise API will error
-                // Theme ID may be required to handle if `--export_ids=true`
-                const payload = themes[0];
-                //@ts-ignore to quell non-optional themeId property, but we know that it's ok to delete
-                delete payload.themeId;
-                return payload;
-            })();
-            if (currentThemes === null || currentThemes.length === 0) {
-                yield this.client.branding.createTheme(themeReqPayload);
-            }
-            else {
-                const currentTheme = currentThemes[0];
-                // if theme exists, overwrite it otherwise create it
-                yield this.client.branding.updateTheme({ themeId: currentTheme.themeId }, themeReqPayload);
-            }
-            this.updated += 1;
-            this.didUpdate(themes[0]);
-        });
-    }
-    getThemes() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const { data: theme } = yield this.client.branding.getDefaultTheme();
-                return [theme];
-            }
-            catch (err) {
-                if (err.statusCode === 404)
-                    return [];
-                if (err.statusCode === 400)
-                    return null;
-                // Errors other than 404 (theme doesn't exist) or 400 (no-code not enabled) shouldn't be expected
-                throw err;
-            }
-        });
-    }
-}
-exports.default = ThemesHandler;
-__decorate([
-    (0, default_1.order)('60') // Run after custom domains.
-], ThemesHandler.prototype, "processChanges", null);
 /**
  * Schema
  */
@@ -558,4 +457,89 @@ exports.schema = {
         type: 'object',
     },
 };
-//# sourceMappingURL=themes.js.map
+class ThemesHandler extends default_1.default {
+    constructor(options) {
+        super({
+            ...options,
+            type: 'themes',
+            id: 'themeId',
+        });
+    }
+    objString(theme) {
+        return theme.displayName || JSON.stringify(theme);
+    }
+    async getType() {
+        if (!this.existing) {
+            this.existing = await this.getThemes();
+        }
+        return this.existing;
+    }
+    async processChanges(assets) {
+        const { themes } = assets;
+        // Non existing section means themes doesn't need to be processed
+        if (!themes) {
+            return;
+        }
+        // Empty array means themes should be deleted
+        if (themes.length === 0) {
+            return this.deleteThemes();
+        }
+        return this.updateThemes(themes);
+    }
+    async deleteThemes() {
+        if (!this.config('AUTH0_ALLOW_DELETE')) {
+            return;
+        }
+        // if theme exists we need to delete it
+        const currentThemes = await this.getThemes();
+        if (currentThemes === null || currentThemes.length === 0) {
+            return;
+        }
+        const currentTheme = currentThemes[0];
+        await this.client.branding.themes.delete(currentTheme.themeId);
+        this.deleted += 1;
+        this.didDelete(currentTheme);
+    }
+    async updateThemes(themes) {
+        if (themes.length > 1) {
+            logger_1.default.warn('Only one theme is supported per tenant');
+        }
+        const currentThemes = await this.getThemes();
+        const themeReqPayload = (() => {
+            // Removing themeId from update and create payloads, otherwise API will error
+            // Theme ID may be required to handle if `--export_ids=true`
+            const payload = themes[0];
+            // @ts-ignore to quell non-optional themeId property, but we know that it's ok to delete
+            delete payload.themeId;
+            return payload;
+        })();
+        if (currentThemes === null || currentThemes.length === 0) {
+            await this.client.branding.themes.create(themeReqPayload);
+        }
+        else {
+            const currentTheme = currentThemes[0];
+            // if theme exists, overwrite it otherwise create it
+            await this.client.branding.themes.update(currentTheme.themeId, themeReqPayload);
+        }
+        this.updated += 1;
+        this.didUpdate(themes[0]);
+    }
+    async getThemes() {
+        try {
+            const theme = await this.client.branding.themes.getDefault();
+            return [theme];
+        }
+        catch (err) {
+            if (err.statusCode === 404)
+                return [];
+            if (err.statusCode === 400)
+                return null;
+            // Errors other than 404 (theme doesn't exist) or 400 (no-code not enabled) shouldn't be expected
+            throw err;
+        }
+    }
+}
+exports.default = ThemesHandler;
+__decorate([
+    (0, default_1.order)('60') // Run after custom domains.
+], ThemesHandler.prototype, "processChanges", null);

package/lib/tools/auth0/handlers/tokenExchangeProfiles.d.ts

@@ -0,0 +1,60 @@
+import { Management } from 'auth0';
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export type TokenExchangeProfile = Management.TokenExchangeProfileResponseContent;
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                description: string;
+            };
+            id: {
+                type: string;
+                description: string;
+            };
+            subject_token_type: {
+                type: string;
+                description: string;
+            };
+            action: {
+                type: string;
+                description: string;
+            };
+            type: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            created_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+            updated_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class TokenExchangeProfilesHandler extends DefaultHandler {
+    existing: TokenExchangeProfile[];
+    private actions;
+    constructor(config: DefaultHandler);
+    private sanitizeForExport;
+    private sanitizeForAPI;
+    getActions(): Promise<Asset[]>;
+    getType(): Promise<TokenExchangeProfile[]>;
+    processChanges(assets: Assets): Promise<void>;
+    createTokenExchangeProfile(profile: TokenExchangeProfile): Promise<TokenExchangeProfile>;
+    createTokenExchangeProfiles(creates: TokenExchangeProfile[]): Promise<void>;
+    updateTokenExchangeProfile(profile: TokenExchangeProfile): Promise<void>;
+    updateTokenExchangeProfiles(updates: TokenExchangeProfile[]): Promise<void>;
+    deleteTokenExchangeProfile(profile: TokenExchangeProfile): Promise<void>;
+    deleteTokenExchangeProfiles(data: TokenExchangeProfile[]): Promise<void>;
+}

package/lib/tools/auth0/handlers/tokenExchangeProfiles.js

@@ -0,0 +1,263 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const default_1 = __importStar(require("./default"));
+const client_1 = require("../client");
+const logger_1 = __importDefault(require("../../../logger"));
+exports.schema = {
+    type: 'array',
+    items: {
+        type: 'object',
+        properties: {
+            name: {
+                type: 'string',
+                description: 'The name of the token exchange profile',
+            },
+            id: {
+                type: 'string',
+                description: 'The unique identifier of the token exchange profile',
+            },
+            subject_token_type: {
+                type: 'string',
+                description: 'The URI representing the subject token type',
+            },
+            action: {
+                type: 'string',
+                description: 'The name of the action associated with this profile',
+            },
+            type: {
+                type: 'string',
+                enum: ['custom_authentication'],
+                description: 'The type of token exchange profile',
+            },
+            created_at: {
+                type: 'string',
+                format: 'date-time',
+                description: 'The timestamp when the profile was created',
+            },
+            updated_at: {
+                type: 'string',
+                format: 'date-time',
+                description: 'The timestamp when the profile was last updated',
+            },
+        },
+        required: ['name', 'subject_token_type', 'action', 'type'],
+    },
+};
+class TokenExchangeProfilesHandler extends default_1.default {
+    constructor(config) {
+        super({
+            ...config,
+            type: 'tokenExchangeProfiles',
+            id: 'id',
+            identifiers: ['id', 'name'],
+            // Only name and subject_token_type can be updated
+            stripUpdateFields: ['id', 'created_at', 'updated_at', 'action_id', 'type'],
+            stripCreateFields: ['id', 'created_at', 'updated_at'],
+        });
+    }
+    sanitizeForExport(profile, actions) {
+        if (profile.action_id) {
+            const action = actions?.find((a) => a.id === profile.action_id);
+            if (action) {
+                const { action_id, ...rest } = profile;
+                return { ...rest, action: action.name };
+            }
+            else {
+                logger_1.default.warn(`Token exchange profile "${profile.name}" references action with ID "${profile.action_id}" which was not found`);
+            }
+        }
+        return profile;
+    }
+    sanitizeForAPI(profile, actions) {
+        if (profile.action) {
+            const foundAction = actions?.find((a) => a.name === profile.action);
+            if (foundAction) {
+                const { action, ...rest } = profile;
+                return { ...rest, action_id: foundAction.id };
+            }
+            else {
+                throw new Error(`Token exchange profile "${profile.name}" references action "${profile.action}" which was not found`);
+            }
+        }
+        if (!profile.action_id) {
+            throw new Error(`Token exchange profile "${profile.name}" is missing action reference. ` +
+                `Expected "action" (name) or "action_id" (ID) field.`);
+        }
+        return profile;
+    }
+    async getActions() {
+        if (this.actions)
+            return this.actions;
+        this.actions = await (0, client_1.paginate)(this.client.actions.list, {
+            paginate: true,
+        });
+        return this.actions;
+    }
+    async getType() {
+        if (this.existing)
+            return this.existing;
+        try {
+            // Fetch all token exchange profiles
+            const profiles = await (0, client_1.paginate)(this.client.tokenExchangeProfiles.list, {
+                paginate: true,
+            });
+            // Fetch all actions to map action_id to action name
+            const actions = await this.getActions();
+            // Map action_id to action name for each profile
+            this.existing = profiles.map((profile) => this.sanitizeForExport(profile, actions));
+            return this.existing;
+        }
+        catch (err) {
+            if (err.statusCode === 403) {
+                logger_1.default.warn('Token Exchange Profiles feature is not available on this tenant. Please contact Auth0 support to enable this feature.');
+                return [];
+            }
+            throw err;
+        }
+    }
+    async processChanges(assets) {
+        const { tokenExchangeProfiles } = assets;
+        // Do nothing if not set
+        if (!tokenExchangeProfiles)
+            return;
+        // Fetch actions to resolve action names to IDs
+        const actions = await this.getActions();
+        // Map action names to action_ids before processing
+        const sanitizedProfiles = tokenExchangeProfiles.map((profile) => this.sanitizeForAPI(profile, actions));
+        // Create modified assets with sanitized profiles
+        const modifiedAssets = {
+            ...assets,
+            tokenExchangeProfiles: sanitizedProfiles,
+        };
+        // Calculate changes
+        const { del, update, create, conflicts } = await this.calcChanges(modifiedAssets);
+        logger_1.default.debug(`Start processChanges for tokenExchangeProfiles [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`);
+        // Process changes in order: delete, create, update
+        if (del.length > 0) {
+            await this.deleteTokenExchangeProfiles(del);
+        }
+        if (create.length > 0) {
+            await this.createTokenExchangeProfiles(create);
+        }
+        if (update.length > 0) {
+            await this.updateTokenExchangeProfiles(update);
+        }
+    }
+    async createTokenExchangeProfile(profile) {
+        const { id, created_at, updated_at, ...createParams } = profile;
+        const created = await this.client.tokenExchangeProfiles.create(createParams);
+        return created;
+    }
+    async createTokenExchangeProfiles(creates) {
+        await this.client.pool
+            .addEachTask({
+            data: creates || [],
+            generator: (item) => this.createTokenExchangeProfile(item)
+                .then((data) => {
+                this.didCreate(data);
+                this.created += 1;
+            })
+                .catch((err) => {
+                throw new Error(`Problem creating ${this.type} ${this.objString(item)}\n${err}`);
+            }),
+        })
+            .promise();
+    }
+    async updateTokenExchangeProfile(profile) {
+        const { id, created_at, updated_at, action_id, type, ...updateParams } = profile;
+        if (!id) {
+            throw new Error(`Cannot update token exchange profile "${profile.name}" - missing id`);
+        }
+        await this.client.tokenExchangeProfiles.update(id, updateParams);
+    }
+    async updateTokenExchangeProfiles(updates) {
+        await this.client.pool
+            .addEachTask({
+            data: updates || [],
+            generator: (item) => this.updateTokenExchangeProfile(item)
+                .then(() => {
+                this.didUpdate(item);
+                this.updated += 1;
+            })
+                .catch((err) => {
+                throw new Error(`Problem updating ${this.type} ${this.objString(item)}\n${err}`);
+            }),
+        })
+            .promise();
+    }
+    async deleteTokenExchangeProfile(profile) {
+        if (!profile.id) {
+            throw new Error(`Cannot delete token exchange profile "${profile.name}" - missing id`);
+        }
+        await this.client.tokenExchangeProfiles.delete(profile.id);
+    }
+    async deleteTokenExchangeProfiles(data) {
+        if (this.config('AUTH0_ALLOW_DELETE') === 'true' ||
+            this.config('AUTH0_ALLOW_DELETE') === true) {
+            await this.client.pool
+                .addEachTask({
+                data: data || [],
+                generator: (item) => this.deleteTokenExchangeProfile(item)
+                    .then(() => {
+                    this.didDelete(item);
+                    this.deleted += 1;
+                })
+                    .catch((err) => {
+                    throw new Error(`Problem deleting ${this.type} ${this.objString(item)}\n${err}`);
+                }),
+            })
+                .promise();
+        }
+        else {
+            logger_1.default.warn(`Detected the following tokenExchangeProfile should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
+      \n${data.map((i) => this.objString(i)).join('\n')}`);
+        }
+    }
+}
+exports.default = TokenExchangeProfilesHandler;
+__decorate([
+    (0, default_1.order)('65')
+], TokenExchangeProfilesHandler.prototype, "processChanges", null);

package/lib/tools/auth0/handlers/triggers.js

@@ -38,15 +38,6 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -79,81 +70,74 @@ function isActionsDisabled(err) {
 }
 class TriggersHandler extends default_1.default {
     constructor(options) {
-        super(Object.assign(Object.assign({}, options), { type: 'triggers', id: 'name' }));
+        super({
+            ...options,
+            type: 'triggers',
+            id: 'name',
+        });
     }
-    getType() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.existing) {
-                return this.existing;
-            }
-            // in case client version does not support actions
-            if (!this.client.actions || typeof this.client.actions.getAllTriggers !== 'function') {
-                return [];
-            }
-            const triggerBindings = {};
-            try {
-                const res = yield this.client.actions.getAllTriggers();
-                const triggers = (0, lodash_1.default)(res.data.triggers).map('id').uniq().value();
-                for (let i = 0; i < triggers.length; i++) {
-                    const triggerId = triggers[i];
-                    let bindings;
-                    try {
-                        const { data } = yield this.client.actions.getTriggerBindings({
-                            triggerId: triggerId,
-                        });
-                        bindings = data === null || data === void 0 ? void 0 : data.bindings;
-                    }
-                    catch (err) {
-                        logger_1.default.warn(`${err.message} (trigger: ${triggerId}). Skipping this trigger and continuing.`);
-                        continue;
-                    }
-                    if (bindings && bindings.length > 0) {
-                        triggerBindings[triggerId] = bindings.map((binding) => ({
-                            action_name: binding.action.name,
-                            display_name: binding.display_name,
-                        }));
-                    }
+    async getType() {
+        if (this.existing) {
+            return this.existing;
+        }
+        const triggerBindings = {};
+        try {
+            const res = await this.client.actions.triggers.list();
+            const triggers = (0, lodash_1.default)(res?.triggers).map('id').uniq().value();
+            for (let i = 0; i < triggers.length; i++) {
+                const triggerId = triggers[i];
+                let bindings;
+                try {
+                    const { data } = await this.client.actions.triggers.bindings.list(triggerId);
+                    bindings = data;
                 }
-                this.existing = triggerBindings;
-                return this.existing;
-            }
-            catch (err) {
-                if (err.statusCode === 404 || err.statusCode === 501) {
-                    return [];
+                catch (err) {
+                    logger_1.default.warn(`${err.message} (trigger: ${triggerId}). Skipping this trigger and continuing.`);
+                    bindings = null;
                 }
-                if (isActionsDisabled(err)) {
-                    logger_1.default.info('Skipping triggers because Actions is not enabled.');
-                    return {};
+                if (bindings && bindings.length > 0) {
+                    triggerBindings[triggerId] = bindings.map((binding) => ({
+                        action_name: binding.action.name,
+                        display_name: binding.display_name,
+                    }));
                 }
-                throw err;
             }
-        });
+            this.existing = triggerBindings;
+            return this.existing;
+        }
+        catch (err) {
+            if (err.statusCode === 404 || err.statusCode === 501) {
+                return [];
+            }
+            if (isActionsDisabled(err)) {
+                logger_1.default.info('Skipping triggers because Actions is not enabled.');
+                return {};
+            }
+            throw err;
+        }
     }
-    processChanges(assets) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // No API to delete or create triggers, we can only update.
-            const { triggers } = assets;
-            // Do nothing if not set
-            if (!triggers)
-                return;
-            yield (0, utils_1.sleep)(2000); // Delay to allow newly-deployed actions to register in backend
-            yield Promise.all(Object.entries(triggers).map((_a) => __awaiter(this, [_a], void 0, function* ([name, data]) {
-                const bindings = data.map((binding) => ({
-                    ref: {
-                        type: 'action_name',
-                        value: binding.action_name,
-                    },
-                    display_name: binding.display_name,
-                }));
-                yield this.client.actions.updateTriggerBindings({ triggerId: name }, { bindings });
-                this.didUpdate({ trigger_id: name });
-                this.updated += 1;
-            })));
-        });
+    async processChanges(assets) {
+        // No API to delete or create triggers, we can only update.
+        const { triggers } = assets;
+        // Do nothing if not set
+        if (!triggers)
+            return;
+        await (0, utils_1.sleep)(2000); // Delay to allow newly-deployed actions to register in backend
+        await Promise.all(Object.entries(triggers).map(async ([name, data]) => {
+            const bindings = data.map((binding) => ({
+                ref: {
+                    type: 'action_name',
+                    value: binding.action_name,
+                },
+                display_name: binding.display_name,
+            }));
+            await this.client.actions.triggers.bindings.updateMany(name, { bindings });
+            this.didUpdate({ trigger_id: name });
+            this.updated += 1;
+        }));
     }
 }
 exports.default = TriggersHandler;
 __decorate([
     (0, default_1.order)('80')
 ], TriggersHandler.prototype, "processChanges", null);
-//# sourceMappingURL=triggers.js.map