Fix: AUTH0_EXCLUDED_ options not respected during export (#1342)

* fix: apply AUTH0_EXCLUDED_CLIENTS filtering during export for clients and clientGrants

* fix: extend export exclusion filtering to rules, databases, connections, and resourceServers

Author: ankita10119

src/context/directory/handlers/clientGrants.ts

@@ -42,7 +42,7 @@ function parse(context: DirectoryContext): ParsedClientGrants {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { clientGrants } = context.assets;
+  let { clientGrants } = context.assets;
 
   if (!clientGrants) return; // Skip, nothing to dump
 
@@ -51,6 +51,8 @@ async function dump(context: DirectoryContext): Promise<void> {
 
   if (clientGrants.length === 0) return;
 
+  const excludedClientsByNames = (context.assets.exclude && context.assets.exclude.clients) || [];
+
   const allResourceServers = await paginate<ResourceServer>(
     context.mgmtClient.resourceServers.list,
     {
@@ -64,6 +66,18 @@ async function dump(context: DirectoryContext): Promise<void> {
     include_totals: true,
   });
 
+  // Filter out grants for excluded clients
+  if (excludedClientsByNames.length) {
+    const excludedClientIds = new Set(
+      allClients
+        .filter((c) => c.name !== undefined && excludedClientsByNames.includes(c.name))
+        .map((c) => c.client_id)
+    );
+    clientGrants = clientGrants.filter(
+      (grant: ClientGrant) => !excludedClientIds.has(grant.client_id)
+    );
+  }
+
   // Convert client_id to the client name for readability
   clientGrants.forEach((grant: ClientGrant) => {
     const dumpGrant = { ...grant };

src/context/directory/handlers/clients.ts

@@ -53,11 +53,17 @@ function parse(context: DirectoryContext): ParsedClients {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { clients } = context.assets;
+  let { clients } = context.assets;
   const { userAttributeProfiles, connectionProfiles } = context.assets;
 
   if (!clients) return; // Skip, nothing to dump
 
+  // Filter excluded clients
+  const excludedClients = (context.assets.exclude && context.assets.exclude.clients) || [];
+  if (excludedClients.length) {
+    clients = clients.filter((client) => !excludedClients.includes(client.name ?? ''));
+  }
+
   const clientsFolder = path.join(context.filePath, constants.CLIENTS_DIRECTORY);
   fs.ensureDirSync(clientsFolder);
 

src/context/directory/handlers/connections.ts

@@ -61,10 +61,17 @@ function parse(context: DirectoryContext): ParsedConnections {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { connections, clientsOrig } = context.assets;
+  let { connections } = context.assets;
+  const { clientsOrig } = context.assets;
 
   if (!connections) return; // Skip, nothing to dump
 
+  // Filter excluded connections
+  const excludedConnections = (context.assets.exclude && context.assets.exclude.connections) || [];
+  if (excludedConnections.length) {
+    connections = connections.filter((connection) => !excludedConnections.includes(connection.name));
+  }
+
   const connectionsFolder = path.join(context.filePath, constants.CONNECTIONS_DIRECTORY);
   fs.ensureDirSync(connectionsFolder);
 

src/context/directory/handlers/databases.ts

@@ -103,10 +103,16 @@ function parse(context: DirectoryContext): ParsedDatabases {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { databases } = context.assets;
+  let { databases } = context.assets;
 
   if (!databases) return; // Skip, nothing to dump
 
+  // Filter excluded databases
+  const excludedDatabases = (context.assets.exclude && context.assets.exclude.databases) || [];
+  if (excludedDatabases.length) {
+    databases = databases.filter((database) => !excludedDatabases.includes(database.name));
+  }
+
   const databasesFolder = path.join(context.filePath, constants.DATABASE_CONNECTIONS_DIRECTORY);
   fs.ensureDirSync(databasesFolder);
 

src/context/directory/handlers/resourceServers.ts

@@ -39,11 +39,20 @@ function parse(context: DirectoryContext): ParsedResourceServers {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { resourceServers } = context.assets;
+  let { resourceServers } = context.assets;
   let { clients } = context.assets;
 
   if (!resourceServers) return; // Skip, nothing to dump
 
+  // Filter excluded resource servers
+  const excludedResourceServers =
+    (context.assets.exclude && context.assets.exclude.resourceServers) || [];
+  if (excludedResourceServers.length) {
+    resourceServers = resourceServers.filter(
+      (resourceServer) => !excludedResourceServers.includes(resourceServer.name ?? '')
+    );
+  }
+
   const resourceServersFolder = path.join(context.filePath, constants.RESOURCE_SERVERS_DIRECTORY);
   fs.ensureDirSync(resourceServersFolder);
 

src/context/directory/handlers/rules.ts

@@ -36,10 +36,16 @@ function parse(context: DirectoryContext): ParsedRules {
 }
 
 async function dump(context: DirectoryContext): Promise<void> {
-  const { rules } = context.assets;
+  let { rules } = context.assets;
 
   if (!rules) return; // Skip, nothing to dump
 
+  // Filter excluded rules
+  const excludedRules = (context.assets.exclude && context.assets.exclude.rules) || [];
+  if (excludedRules.length) {
+    rules = rules.filter((rule) => !excludedRules.includes(rule.name));
+  }
+
   // Create Rules folder
   const rulesFolder = path.join(context.filePath, constants.RULES_DIRECTORY);
   fs.ensureDirSync(rulesFolder);

src/context/yaml/handlers/clientGrants.ts

@@ -20,7 +20,7 @@ async function parse(context: YAMLContext): Promise<ParsedClientGrants> {
 
 async function dump(context: YAMLContext): Promise<ParsedClientGrants> {
   let { clients } = context.assets;
-  const { clientGrants } = context.assets;
+  let { clientGrants } = context.assets;
 
   if (!clientGrants) return { clientGrants: null };
 
@@ -31,6 +31,17 @@ async function dump(context: YAMLContext): Promise<ParsedClientGrants> {
     });
   }
 
+  // Filter out grants for excluded clients
+  const excludedClientsByNames = (context.assets.exclude && context.assets.exclude.clients) || [];
+  if (excludedClientsByNames.length) {
+    const excludedClientIds = new Set(
+      (clients || [])
+        .filter((c) => c.name !== undefined && excludedClientsByNames.includes(c.name))
+        .map((c) => c.client_id)
+    );
+    clientGrants = clientGrants.filter((grant) => !excludedClientIds.has(grant.client_id));
+  }
+
   // Convert client_id to the client name for readability
   return {
     clientGrants: clientGrants.map((grant) => {

src/context/yaml/handlers/clients.ts

@@ -46,6 +46,12 @@ async function dump(context: YAMLContext): Promise<ParsedClients> {
 
   if (!clients) return { clients: null };
 
+  // Filter excluded clients
+  const excludedClients = (context.assets.exclude && context.assets.exclude.clients) || [];
+  if (excludedClients.length) {
+    clients = clients.filter((client) => !excludedClients.includes(client.name ?? ''));
+  }
+
   // map ids to names for user attribute profiles and connection profiles
   clients = clients.map((client) => {
     const userAttributeProfileId = client?.express_configuration?.user_attribute_profile_id;

src/context/yaml/handlers/connections.ts

@@ -64,10 +64,17 @@ const getFormattedOptions = (connection, clients) => {
 };
 
 async function dump(context: YAMLContext): Promise<ParsedConnections> {
-  const { connections, clients } = context.assets;
+  let { connections } = context.assets;
+  const { clients } = context.assets;
 
   if (!connections) return { connections: null };
 
+  // Filter excluded connections
+  const excludedConnections = (context.assets.exclude && context.assets.exclude.connections) || [];
+  if (excludedConnections.length) {
+    connections = connections.filter((connection) => !excludedConnections.includes(connection.name));
+  }
+
   return {
     connections: connections.map((connection) => {
       let dumpedConnection = {

src/context/yaml/handlers/databases.ts

@@ -37,10 +37,17 @@ async function parse(context: YAMLContext): Promise<ParsedDatabases> {
 }
 
 async function dump(context: YAMLContext): Promise<ParsedDatabases> {
-  const { databases, clients } = context.assets;
+  let { databases } = context.assets;
+  const { clients } = context.assets;
 
   if (!databases) return { databases: null };
 
+  // Filter excluded databases
+  const excludedDatabases = (context.assets.exclude && context.assets.exclude.databases) || [];
+  if (excludedDatabases.length) {
+    databases = databases.filter((database) => !excludedDatabases.includes(database.name));
+  }
+
   const sortCustomScripts = ([name1]: [string, Function], [name2]: [string, Function]): number => {
     if (name1 === name2) return 0;
     return name1 > name2 ? 1 : -1;