Open DevinRiley opened 10 months ago
@DevinRiley Thanks for submitting this issue. I'm able to reproduce and I recognize the issue.
The problem here is the ordering that the client ID and client name happens with respect to keyword preservation. This exchange is what allows the client name to be expressed in the client_id
field and maintain tenant-agnostic configuration. Unfortunately, this happens after the keyword preservation step and so the algorithm isn't able to correctly match the remote client grant with your local client grant. So this is not an issue with keyword preservation itself.
I attempted to address this issue by moving the ID-name exchange closer to the root of the process but I'm incurring issues maintaining backwards compatibility. Specifically, I need to be able to preserve the ability to deploy client grants based on their names and IDs and preserve them on export. I'm particularly nervous about modifying these areas of code because we've had a number of issues pertaining to client grants recently and don't want to disturb the stability.
We will need more time to investigate a proper fix for this.
Possible workaround It's not elegant, but you're able to combine all the client grants data into its own keyword:
tenant.yaml
clientGrants: '@@CLIENT_GRANTS@@'
config.json
{
...
"AUTH0_KEYWORD_REPLACE_MAPPINGS": {
"CLIENT_GRANTS": [
{
"client_id": "API Explorer Application",
"audience": "https://you-tenant.us.auth0.com/api/v2/",
"scope": [
"read:foo",
"create:foo"
]
}
]
}
}
I have problem to preserve audience in clientGrant. I think It may be related to this. It is actually a big blocker for us to have smooth tenant deployment among environments.
I am having this issue as well. I was able to fix it by downgrading to 7.17.7
@willvedd, the suggested workaround doesn't appear to work for me?
I've applied it in other areas on the tenant.yaml (thanks!). But when i try to do the same with clientGrants I get an error in the export job: error: Problem exporting clientGrants
this seems to behave different to most other places wherein the keyword mapping preservation fails in that it actually fails the export rather than just ignoring the keyword mapping.
edit: using version 7.23.1
Checklist
Description
When I dump config to my
tenant.yml
file, it doesn't preserve keywords for my client grants. This appears to be related to this PR based on the caveat made in that PR description and my own testing between versions7.18.0
and7.19.0
Before:
Run
a0deploy dump -c=config-dev.json --format=yaml --output_folder=resources
After:
This is a problem for us because we deploy this tenant yaml to different environments and need the keyword replacements to work for each environment.
Expectation
I'd expect keywords to be preserved in the
tenant.yml
file.Reproduction
I have only encountered this on my actual tenant, but I believe you could reproduce by settings up multiple client grants that use the same
client_id
Deploy CLI version
7.19.0
Node version
14.19.3