The auth0 import will always read all the organizations in the tenant and generate a change plan, regardless of whether the organizations entry is in the tenant yaml or not.
For many other resources, the behavior is to skip the deployment of a particular resource if the corresponding entry is not in the tenant yaml.
Objective
To be able to skip organizations when importing (deploying) to auth0.
We are an enterprise user and we manage the organizations in a tenant programmatically so we want to skip checking/deploying organizations when deploying to auth0.
First, filing an issue on the Github repo for the Auth0-deploy-cli is generally the best way to get additional assistance on this.
In this case, I’d be more than happy to help.
I have just tested the Auth0-deploy-cli and excluded the organizations in my tenant.yaml file and was able to skip the import for the organization settings. In other words, it did not override any of my existing organization settings on my tenant.
If this is an issue you have observed, could you please try either excluding the organizations or specifying organizations: [] in your tenant.yaml file and see how that works?
Thanks for your reply. My objective is to skip the organization part at all, rather than having a0deploy to find out the difference but decide not to update because of the “no delete flag”.
Currently, both excluding the organizations or specifying organizations: [] mean we want to have zero organizations in my tenant, meaning that if there are any organizations in the tenant, a0deploy will attempt to delete them if “no delete flag” is not specified.
What I would like to achieve is to be able to skip organizations at all, meaning that a0deploy shouldn’t even read the tenant’s organizations and shouldn’t try to find the difference.
With the way you are overriding your entire tenant with the Auth0 deploy CLI, I recommend exporting your tenant with the organizations first. Then copy and paste the organization code into the previous tenant.yaml file, and import it that way. From doing so, you will override with the same existing organization settings.
The alternative is to set "AUTH0_ALLOW_DELETE": false in your config.json file and specify organizations:[] which will skip the import and leave any existing organizations configurations on your tenant untouched.
Please let me know if you need further clarification or have any questions.
We don’t want to let a0deploy manage all the organizations since the creation of the organizations is dynamic and managed programmatically in our backend.
We also don’t want to let a0deploy to even read the organizations and generate a warning for each of them when setting "AUTH0_ALLOW_DELETE": false and providing an empty organizations. This is because the number of orgs can potentially be a lot and we don’t want to leave the org ids in our deployment log.
