Attack Protection configuration via auth0-deploy-cli

Charles.Miller · October 30, 2023, 6:41pm

I’m trying to resolve an issue we’re having with auth0 deploy cli. The following section of our YAML configuration is giving an error:

attackProtection:
  breachedPasswordDetection:
    enabled: true
    shields:
      - admin_notification
      - user_notification
      - block
    admin_notification_frequency:
      - weekly
    method: standard
    stage:
      pre-user-registration:
        shields:
          - block

The resulting error is:

2023-10-30T18:20:11.554Z - info: Updated [attackProtection]: {"breached-password-protection":{"enabled":true}}

/opt/hostedtoolcache/node/20.9.0/x64/lib/node_modules/auth0-deploy-cli/node_modules/rest-facade/src/Client.js:166
    throw new ArgumentError('The data must be an object or a serialized json');
          ^
ArgumentError: The data must be an object or a serialized json
    at Client.patch (/opt/hostedtoolcache/node/20.9.0/x64/lib/node_modules/auth0-deploy-cli/node_modules/rest-facade/src/Client.js:166:11)
    at Proxy._request (/opt/hostedtoolcache/node/20.9.0/x64/lib/node_modules/auth0-deploy-cli/node_modules/auth0/src/Auth0RestClient.js:55:37)
    at /opt/hostedtoolcache/node/20.9.0/x64/lib/node_modules/auth0-deploy-cli/node_modules/auth0/src/Auth0RestClient.js:42:23
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

We’re using Node.js v20.9.0 and Auth0-deploy-cli 7.19

I’ve looked the management API documentation Here and data appears to match the request body in YAML form.

One of the things I have tried is to change breachedPasswordDetection to breach-password-detection, I got a very different error saying it was an unknown parameter. So it the deploy-cli appears to believe the original YAML is correct.

2023-10-30T18:17:59.588Z - error: Problem running command import
2023-10-30T18:17:59.589Z - error: Schema validation failed loading [
    {
        "keyword": "additionalProperties",
        "dataPath": ".attackProtection",
        "schemaPath": "#/properties/attackProtection/additionalProperties",
        "params": {
            "additionalProperty": "breached-password-detection"
        },
        "message": "should NOT have additional properties"
    }
]
##[error]Bash exited with code '1'.

Any help or insights for resolving this issue would be greatly appreciated. I’m starting to think the issue might be in deploy-cli itself because I’m running out of ideas to try.

bilal2 · March 7, 2024, 10:22am

I am also getting this error while using Auth0 Deploy CLI. I’ve set environment variables like AUTH0_DOMAIN etc. and AUTH0_KEYWORD_REPLACE_MAPPINGS as serialized Json also as mentioned here Link . Then I am using Keyword Replacement to use the values set inside the AUTH0_KEYWORD_REPLACE_MAPPINGS json environment variable. But when I run the **a0deploy import … ** command, I am getting the errors as:

Wherever I use like callbacks: @@APP_CALLBACKS@@ , I get error as : YAMLException: bad indentation of a mapping entry
When I use ##SECRET_VALUE##, I get error as:
Schema validation failed loading [
{
“keyword”: “type”,
“dataPath”: “.actions[2].secrets[0].value”,
“schemaPath”: “#/properties/actions/items/properties/secrets/items/properties/value/type”,
“params”: {
“type”: “string”
},
“message”: “should be string”
}
]

Any help would be appreciated.