DXCDT-84: Resource Exclusion #468
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 9 commits
March 31, 2022 12:32
willvedd
commented
Mar 31, 2022
| @@ -78,14 +78,17 @@ export default class DirectoryContext { | |||
| // Copy clients to be used by handlers which require converting client_id to the name | |||
| // Must copy as the client_id will be stripped if AUTH0_EXPORT_IDENTIFIERS is false | |||
| //@ts-ignore because assets haven't been typed yet TODO: type assets | |||
| this.assets.clientsOrig = [...this.assets.clients]; | |||
| this.assets.clientsOrig = [...this.assets.clients || []]; | |||
There was a problem hiding this comment.
Clients could theoretically be excluded and thus be empty so need to default to empty array.
willvedd
commented
Mar 31, 2022
|
|
||
| // Optionally Strip identifiers | ||
| if (!this.config.AUTH0_EXPORT_IDENTIFIERS) { | ||
| this.assets = stripIdentifiers(auth0, this.assets); | ||
| } | ||
|
|
||
| await Promise.all(Object.entries(handlers).map(async ([name, handler]) => { | ||
| await Promise.all(Object.entries(handlers).filter(([handlerName]: [AssetTypes, DirectoryHandler<any>]) => { |
There was a problem hiding this comment.
This array filter function is the primary mechanism for exclusion.
sergiught
approved these changes
Apr 1, 2022
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✏️ Changes
Introducing the initial implementation for resource exclusion. As proposed in #451 , this provides a mechanism for users to ignore entire resource types (organizations, connections, hooks, etc.). This mechanism functions bi-directionally and will completely omit all resources from being fetched, written to config-as-code and updating.
In practice, users will add a
AUTH0_EXCLUDEDproperty to their user-defined configuration file and list the resource types they wish to exclude from the purview of the tool.Example:
{ "AUTH0_DOMAIN": "test.us.auth0.com", "AUTH0_CLIENT_ID": "FOO", "AUTH0_CLIENT_SECRET": "foobarsecret", "AUTH0_EXCLUDED": [ "pages", "organizations", "clients" ] }The approach here is fairly naive but effective. Not all permutations of exclusions have been tested and because of inter-dependencies between resources, exclusions may lead to unexpected behavior. But it's expected to function under the vast majority of use cases.
🔗 References
🎯 Testing
I fought with the existing unit tests and was only able to add a unit test to the Auth0 class side. This test asserts that no excluded resources get fetched or pushed to Auth0. However, I had difficulty implementing
Regardless, this being a fairly wide-reaching concept, it probably isn't appropriate to unit test. Instead, we should have a broader set of integration that can better assert the behavior of this functionality.
Regardless, plenty of manual test were done on this to confirm that this works for both YAML and directory config types, and varying permutations of this configuration.