Skip to content

feat: managed connection inclusion #1242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
palashgdev wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

feat: managed connection inclusion #1242

palashgdev wants to merge 9 commits into from

Conversation

@palashgdev
Copy link
Contributor

@palashgdev palashgdev commented Dec 18, 2025
edited
Loading

🔧 Changes

This PR introduces the AUTH0_INCLUDED_CONNECTIONS configuration option to the Auth0 Deploy CLI. This allows for a "managed-only" approach to connection management, which is essential for environments where self-service or dynamic connections exist alongside managed infrastructure.

Key Improvements:

  • Explicit Inclusion: Users can now define exactly which connections the Deploy CLI is allowed to touch.
  • Self-Service SSO Support: Prevents the CLI from accidentally deleting or modifying connections created by customers via self-service portals.
  • Operation Scoping: This setting filters connections across all operations: export and import.

JSON Format

{
  "AUTH0_INCLUDED_CONNECTIONS": [
    "github",
    "google-oauth2",
    "Username-Password-Authentication"
  ]
}

Environment Variable

export AUTH0_INCLUDED_CONNECTIONS='["github","google-oauth2"]'

📚 References

Closes #1163
Enterprise Connections

🔬 Testing

Unit test added
E2E added

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@palashgdev palashgdev self-assigned this Dec 18, 2025
@codecov-commenter
Copy link

codecov-commenter commented Dec 18, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 91.30435% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.46%. Comparing base (592bf87) to head (fb42059).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
src/tools/auth0/schema.ts 50.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1242      +/-   ##
==========================================
+ Coverage   80.42%   80.46%   +0.03%     
==========================================
  Files         146      146              
  Lines        5772     5794      +22     
  Branches     1174     1183       +9     
==========================================
+ Hits         4642     4662      +20     
- Misses        645      646       +1     
- Partials      485      486       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

kushalshit27
kushalshit27 reviewed Dec 18, 2025
View reviewed changes
docs/configuring-the-deploy-cli.md Outdated

```json
{
"AUTH0_INCLUDED_CONNECTIONS": ["github", "google-oauth2", "Username-Password-Authentication"]
Copy link
Contributor

@kushalshit27 kushalshit27 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Username-Password-Authentication" comes under database resource type on deploy cli

Copy link
Contributor Author

@palashgdev palashgdev Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revised the documentation.

kushalshit27
kushalshit27 reviewed Dec 18, 2025
View reviewed changes
kushalshit27
kushalshit27 reviewed Dec 18, 2025
View reviewed changes
src/tools/auth0/handlers/connections.ts Outdated
};

const managedConnectionNames = this.config('AUTH0_INCLUDED_CONNECTIONS');
const filteredConnections = managedConnectionNames
Copy link
Contributor

@kushalshit27 kushalshit27 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check the logic on src/context/index.ts , similar logic AUTH0_EXCLUDED_CONNECTIONS, AUTH0_INCLUDED_CONNECTIONS can be applied

kushalshit27
kushalshit27 reviewed Dec 18, 2025
View reviewed changes
src/tools/auth0/handlers/connections.ts Outdated
conflicts: [],
};

const managedConnectionNames = this.config('AUTH0_INCLUDED_CONNECTIONS');
Copy link
Contributor

@kushalshit27 kushalshit27 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of using from config object, please use better to use similar approach AUTH0_EXCLUDED_CONNECTIONS

Copy link
Contributor Author

@palashgdev palashgdev Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used the same logic as AUTH0_EXCLUDED_CONNECTIONS.

@palashgdev palashgdev marked this pull request as ready for review December 19, 2025 10:35
@palashgdev palashgdev requested a review from a team as a code owner December 19, 2025 10:35
@kushalshit27
Copy link
Contributor

kushalshit27 commented Dec 19, 2025

Please mark it ready to review once the unit tests pass

@kushalshit27 kushalshit27 marked this pull request as draft December 19, 2025 10:43
@palashgdev palashgdev marked this pull request as ready for review December 19, 2025 12:09
kushalshit27
kushalshit27 requested changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@kushalshit27 kushalshit27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please point to where we are adding the validation restriction when AUTH0_INCLUDED_CONNECTIONS and AUTH0_EXCLUDED_CONNECTIONS together?

kushalshit27
kushalshit27 reviewed Dec 19, 2025
View reviewed changes
src/tools/auth0/handlers/connections.ts Outdated
if (includedConnections.length > 0 && filteredConnections.length !== connections.length) {
const excludedCount = connections.length - filteredConnections.length;
log.info(
`AUTH0_INCLUDED_CONNECTIONS is configured. Managing ${filteredConnections.length} connection(s), ignoring ${excludedCount} connection(s) not in the managed list.`
Copy link
Contributor

@kushalshit27 kushalshit27 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No ignoring, please add validation to ensure not to use both in the config file.

Copy link
Contributor Author

@palashgdev palashgdev Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented a validation check ensuring that AUTH0_INCLUDED_CONNECTIONS and AUTH0_EXCLUDED_CONNECTIONS are mutually exclusive.

kushalshit27
kushalshit27 reviewed Dec 19, 2025
View reviewed changes
src/tools/auth0/handlers/connections.ts Outdated
Comment on lines 368 to 373
if (includedConnections.length > 0 && filteredConnections.length !== connections.length) {
const excludedCount = connections.length - filteredConnections.length;
log.info(
`AUTH0_INCLUDED_CONNECTIONS is configured. Managing ${filteredConnections.length} connection(s), ignoring ${excludedCount} connection(s) not in the managed list.`
);
}
Copy link
Contributor

@kushalshit27 kushalshit27 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should not be part of src/tools/auth0/handlers/connections.ts

Copy link
Contributor Author

@palashgdev palashgdev Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented the validation check within the global context.

@kushalshit27 kushalshit27 changed the title fix: managed connection inclusion feat: managed connection inclusion Dec 22, 2025
@kushalshit27 kushalshit27 marked this pull request as draft December 22, 2025 09:18
kushalshit27
kushalshit27 requested changes Dec 22, 2025
View reviewed changes
Copy link
Contributor

@kushalshit27 kushalshit27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current code changes are not working. Please add instructions on how to test, ensuring that the changes are thoroughly tested before moving to 'PR ready to review'.

@palashgdev
fix: update AUTH0 connection handling to respect include list
fb42059 
- Adjusted logic to ensure 'enterprise-saml' is not marked for deletion when not in the include list.
- Modified tests to reflect that 'google-oauth2' should not be deleted if it's not in the include list.
- Updated behavior to only delete managed connections when assets are empty, preserving unmanaged ones.
- Ensured that unmanaged connections are ignored during updates, preventing unintended deletions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kushalshit27 kushalshit27 kushalshit27 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@palashgdev palashgdev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Managed connection inclusion

4 participants

@palashgdev @codecov-commenter @kushalshit27