Export placeholders for encrypted `options.configuration` values for databases

larryaubstore commented 1 year ago

Checklist

[X] I have looked into the README and have not found a suitable solution or answer.
[X] I have looked into the documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have upgraded to the latest version of this tool and the issue still persists.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

Hi,

I've used the latest version which is 7.17.7 and I noticed that options.configuration are not exported.

For importation, I tried the format available returned with the Auth0 management api and it does not work:

{
  "options": {
      "passwordPolicy": "low",
      "password_complexity_options": {
          "min_length": 10
      },
      "disable_signup": false,
      "requires_username": false,
      "brute_force_protection": true,
      "enabledDatabaseCustomization": true,
      "import_mode": true,
      "customScripts": {
          "login": "login.js",
          "get_user": "get_user.js"
      },
      "configuration": {
          "TEST_CONFIG": "TEST"
      }
  },
  "strategy": "auth0",
  "name": "test",
  "is_domain_connection": false,
  "enabled_clients": [],
  "realms": ["test"]
}

Expectation

Import and export of the options.configuration should work.

Reproduction

To reproduce the export problem, export a database with values in options.configuration. To reproduce the import problem, export a database with values in options.configuration using Auth0 Management Api and try to import the configuration.

Deploy CLI version

7.17.7

Node version

v12.22.6

willvedd commented 1 year ago

The options.configuration property is intentionally omitted from export because it becomes encrypted when stored; the Management API cannot return the unencrypted values thereafter. If you GET your connection via the API you'll see something like this:

"configuration": {
        "TEST_CONFIG": "2.0$26efecff8162aff6c65696f034d4a8a1$b012dd920361da4c43f575a38c8e6695$0aae5717b1fc0a961eb79c90c9f2555d1dfb306d3d0c6dffc699ab53814ee9ba"
},

However, the options.configuration property will update the connection on import. If it is important to continually update these values, I'd recommend implementing a uni-directional workflow, otherwise you'll need to continually reconcile on export.

One thing that we could potentially explore in the future is to replace encrypted values with a designated placeholder to show that configurations exist, it would help visualize these values but doesn't seem like it would enable your intention of exporting the unencrypted values.

Hope that clears things up!

larryaubstore commented 1 year ago

Hi, thank you for your quick response. You're correct, the import is working, sorry my mistake.

I understand now why the values are not exported since they are secrets.

auth0 / auth0-deploy-cli