Excluding Resources From Management
In some cases, you may find it useful to exclude resources from being managed. This could be because your tenant has a large number of a particular resource and it’s operationally burdensome to manage them, or your development workflow only pertains to a specific subset of resources and you’d like to omit all other resources for performance. Regardless, there are several options available for excluding resources when using the Deploy CLI.
Excluding entire resources by type
For more complex tenants, you may find yourself wanting to omit entire resource types. For example:
Enterprise tenant with thousands of organizations, where managing all would be operationally burdensome.
CI/CD process only focuses on managing roles, and you want to exclude all others.
Feature development pertains to hook, and you want to temporarily exclude all others to optimize performance.
This type of exclusion is expressed by passing an array of resource names into the AUTH0_EXCLUDED
configuration property. This works bi-directionally (both when exporting from and importing to Auth0), regardless if the resource configuration files exist.
All supported resource values for exclusion: actions
, attackProtection
, branding
, clientGrants
, clients
, connections
, customDomains
, databases
, emailProvider
, emailTemplates
, guardianFactorProviders
, guardianFactorTemplates
, guardianFactors
, guardianPhoneFactorMessageTypes
, guardianPhoneFactorSelectedProvider
, guardianPolicies
, hooks
, logStreams
, migrations
, organizations
, pages
, prompts
, resourceServers
, roles
, rules
, rulesConfigs
, tenant
, triggers
.
Example
The following example shows how you could exclude clients, connections, databases, and organizations from being managed by the Deploy CLI.
{
"AUTH0_DOMAIN": "example-site.us.auth0.com",
"AUTH0_CLIENT_ID": "<YOUR_AUTH0_CLIENT_ID>",
"AUTH0_EXCLUDED": ["clients", "connections", "databases", "organizations"]
}
Was this helpful?
Excluding single resources by ID
Some resource types support exclusions of the individual resource by ID. This is useful if you work in a multi-environment context and wish to omit a production-specific resource from your lower-level environments.
This method is supported for rules, clients, databases, connections and resource servers with the AUTH0_EXCLUDED_RULES
, AUTH0_EXCLUDED_CLIENTS
, AUTH0_EXCLUDED_DATABASES
, AUTH0_EXCLUDED_CONNECTIONS
, AUTH0_EXCLUDED_RESOURCE_SERVERS
configuration values respectively.
Example
{
"AUTH0_DOMAIN": "example-site.us.auth0.com",
"AUTH0_CLIENT_ID": "<YOUR_AUTH0_CLIENT_ID>",
"AUTH0_EXCLUDED_CLIENTS": ["PdmQpGy72sHksV6ueVNZVrV4GDlDDm76"],
"AUTH0_EXCLUDED_CONNECTIONS": ["con_O1H3KyRMFP1IWRq3", "con_9avEYuj19ihqKBOs"]
}
Was this helpful?
Omission and empty states
In addition to excluding resources, which forcefully ignore configurations bi-directionally, the Auth0 Deploy CLI supports two similar concepts: omission and empty states.
Omission
Resource configuration that is absent, either intentionally or unintentionally, will be skipped during import. For example, if your resource configuration were deleted, it would be skipped during import and would not alter the state of the remote tenant.
There is no concept of omission for exporting. Unless specifically excluded, all your tenant configurations will be written to resource configuration files.
Example
roles: # roles configuration is not omitted
- name: Admin
description: Can read and write things
permissions: []
- name: Reader
description: Can only read things
permissions: []
# The omission of all other configurations means they'll be skipped over
Was this helpful?
Empty
Resource configuration that is explicitly defined as empty. For set-based configurations like hooks, organizations, and actions, setting these configurations to an empty set expresses an intentional emptying of those resources. This would signal a deletion, so long as the AUTH0_ALLOW_DELETE deletion configuration property is enabled. For non-set-based resource configuration like tenant and branding, the concept of emptiness does not apply, and will not trigger any deletions or removals.
Example of emptiness
hooks: [] # Empty hooks
connections: [] # Empty connections
tenant: {} # Effectively a no-op, emptiness does not apply to non-set resource config
Was this helpful?