Exclude Resources From Management
In some cases, you may find it useful to exclude resources from being managed. This could be because your tenant has a large number of a particular resource and it’s operationally burdensome to manage them, or your development workflow only pertains to a specific subset of resources and you’d like to omit all other resources for performance. Regardless, there are several options available for excluding resources when using the Deploy CLI.
Exclude entire resources by type
For more complex tenants, you may find yourself wanting to omit entire resource types. For example:
Enterprise tenant with thousands of organizations, where managing all would be operationally burdensome.
CI/CD process only focuses on managing roles, and you want to exclude all others.
Feature development pertains to hook, and you want to temporarily exclude all others to optimize performance.
This type of exclusion is expressed by passing an array of resource names into either the AUTH0_EXCLUDED
or AUTH0_INCLUDED_ONLY
configuration properties. The AUTH0_EXCLUDED
configuration property excludes only the resource types provided to it. Inversely, the AUTH0_INCLUDED_ONLY
property excludes all properties except the ones defined. Exclusion works bi-directionally, that is, both when export from Auth0 and importing to Auth0, regardless if resource configuration files exist or not.
All supported resource values for exclusion: actions
, attackProtection
, branding
, clientGrants
, clients
, connections
, customDomains
, databases
, emailProvider
, emailTemplates
, guardianFactorProviders
, guardianFactorTemplates
, guardianFactors
, guardianPhoneFactorMessageTypes
, guardianPhoneFactorSelectedProvider
, guardianPolicies
, logStreams
, migrations
, organizations
, pages
, prompts
, resourceServers
, roles
, tenant
, triggers
.
Exclusion example
The following example shows how to exclude clients
, connections
, databases
, and organizations
from being managed by the Deploy CLI.
{
"AUTH0_DOMAIN": "example-site.us.auth0.com",
"AUTH0_CLIENT_ID": "<YOUR_AUTH0_CLIENT_ID>",
"AUTH0_EXCLUDED": ["clients", "connections", "databases", "organizations"]
}
Was this helpful?
Inclusion example
The following example shows how to specify to only manage actions
, clients
and connections
by the Deploy CLI.
{
"AUTH0_DOMAIN": "example-site.us.auth0.com",
"AUTH0_CLIENT_ID": "<YOUR_AUTH0_CLIENT_ID>",
"AUTH0_INCLUDED_ONLY": ["actions", "clients", "connections"]
}
Was this helpful?
Exclude single resources by ID
Some resource types support exclusions of the individual resource by ID. This is useful if you work in a multi-environment context and wish to omit a production-specific resource from your lower-level environments.
This method is supported for rules, clients, databases, connections and resource servers with the AUTH0_EXCLUDED_RULES
, AUTH0_EXCLUDED_CLIENTS
, AUTH0_EXCLUDED_DATABASES
, AUTH0_EXCLUDED_CONNECTIONS
, AUTH0_EXCLUDED_RESOURCE_SERVERS
configuration values respectively.
Example
{
"AUTH0_DOMAIN": "example-site.us.auth0.com",
"AUTH0_CLIENT_ID": "<YOUR_AUTH0_CLIENT_ID>",
"AUTH0_EXCLUDED_CLIENTS": ["Your Application Name"],
"AUTH0_EXCLUDED_CONNECTIONS": ["con_O1H3KyRMFP1IWRq3", "con_9avEYuj19ihqKBOs"]
}
Was this helpful?
Omission and empty states
In addition to excluding resources, which forcefully ignore configurations bi-directionally, the Auth0 Deploy CLI supports two similar concepts: omission and empty states.
Omission
Resource configuration that is absent, either intentionally or unintentionally, will be skipped during import. For example, if your resource configuration were deleted, it would be skipped during import and would not alter the state of the remote tenant.
There is no concept of omission for exporting. Unless specifically excluded, all your tenant configurations will be written to resource configuration files.
Example
roles: # roles configuration is not omitted
- name: Admin
description: Can read and write things
permissions: []
- name: Reader
description: Can only read things
permissions: []
# The omission of all other configurations means they'll be skipped over
Was this helpful?
Empty
Resource configuration that is explicitly defined as empty. For set-based configurations like hooks, organizations, and actions, setting these configurations to an empty set expresses an intentional emptying of those resources. This would signal a deletion, so long as the AUTH0_ALLOW_DELETE deletion configuration property is enabled. To learn more about this property, read Configure the Deploy CLI.
For non-set-based resource configuration like tenant and branding, the concept of emptiness does not apply, and will not trigger any deletions or removals.
Example of emptiness
hooks: [] # Empty hooks
connections: [] # Empty connections
tenant: {} # Effectively a no-op, emptiness does not apply to non-set resource config
Was this helpful?