From 8997be23f3dd45fbd3e7805a74d84e28e4594bce Mon Sep 17 00:00:00 2001 From: Huston Franklin Date: Sun, 25 Jun 2023 15:20:06 -0600 Subject: [PATCH 01/10] feat: Add config-manager push managed-objects --- .../config-manager-push-managed-objects.ts | 59 + .../config-manager-push.ts | 2 + .../FrConfigManagedObjectsOps.ts | 76 +- ...-manager-push-managed-objects.test.js.snap | 67 + .../config-manager-push.test.js.snap | 1 + ...onfig-manager-push-managed-objects.test.js | 10 + ...ager-push-managed-objects.e2e.test.js.snap | 5 + ...g-manager-push-managed-objects.e2e.test.js | 79 + .../application/application.json | 331 +++++ .../assignment/assignment.json | 254 ++++ .../forgeops/managed-objects/group/group.json | 111 ++ .../organization/organization.json | 395 +++++ .../forgeops/managed-objects/role/role.json | 244 ++++ .../testObject/testObject.json | 186 +++ .../testObject/testObject.onCreate.js | 1 + .../testObject/testObject.onUpdate.js | 1 + .../testObject/testObject.onValidate.js | 1 + .../testObject/testObject.postCreate.js | 1 + .../testObject/testObject.postDelete.js | 1 + .../testObject/testObject.testObj.onStore.js | 1 + .../forgeops/managed-objects/user/user.json | 1281 +++++++++++++++++ .../am_1076162899/recording.har | 631 ++++++++ .../oauth2_393036114/recording.har | 289 ++++ .../openidm_3290118515/recording.har | 167 +++ .../am_1076162899/recording.har | 631 ++++++++ .../oauth2_393036114/recording.har | 289 ++++ .../openidm_3290118515/recording.har | 316 ++++ 27 files changed, 5429 insertions(+), 1 deletion(-) create mode 100644 src/cli/config-manager/config-manager-push/config-manager-push-managed-objects.ts create mode 100644 test/client_cli/en/__snapshots__/config-manager-push-managed-objects.test.js.snap create mode 100644 test/client_cli/en/config-manager-push-managed-objects.test.js create mode 100644 test/e2e/__snapshots__/config-manager-push-managed-objects.e2e.test.js.snap create mode 100644 test/e2e/config-manager-push-managed-objects.e2e.test.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/application/application.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/assignment/assignment.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/group/group.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/organization/organization.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/role/role.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.json create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onCreate.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onUpdate.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onValidate.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postCreate.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postDelete.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.testObj.onStore.js create mode 100644 test/e2e/exports/fr-config-manager/forgeops/managed-objects/user/user.json create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/oauth2_393036114/recording.har create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/am_1076162899/recording.har create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/oauth2_393036114/recording.har create mode 100644 test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/openidm_3290118515/recording.har diff --git a/src/cli/config-manager/config-manager-push/config-manager-push-managed-objects.ts b/src/cli/config-manager/config-manager-push/config-manager-push-managed-objects.ts new file mode 100644 index 000000000..f56bff29e --- /dev/null +++ b/src/cli/config-manager/config-manager-push/config-manager-push-managed-objects.ts @@ -0,0 +1,59 @@ +import { frodo } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { configManagerImportManagedObjects } from '../../../configManagerOps/FrConfigManagedObjectsOps'; +import { getTokens } from '../../../ops/AuthenticateOps'; +import { printMessage, verboseMessage } from '../../../utils/Console'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; + +export default function setup() { + const program = new FrodoCommand( + 'frodo config-manager push managed-objects', + [], + deploymentTypes + ); + + program + .description('Import managed objects.') + .addOption( + new Option( + '-n, --name ', + 'Managed object name; imports only the specified managed object.' + ) + ) + .action(async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + + if (await getTokens(false, true, deploymentTypes)) { + verboseMessage('Importing managed objects'); + const outcome = await configManagerImportManagedObjects(options.name); + if (!outcome) process.exitCode = 1; + } + // unrecognized combination of options or no options + else { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exitCode = 1; + } + }); + + return program; +} diff --git a/src/cli/config-manager/config-manager-push/config-manager-push.ts b/src/cli/config-manager/config-manager-push/config-manager-push.ts index 3685fddc3..68f1318d0 100644 --- a/src/cli/config-manager/config-manager-push/config-manager-push.ts +++ b/src/cli/config-manager/config-manager-push/config-manager-push.ts @@ -5,6 +5,7 @@ import Endpoints from './config-manager-push-endpoints'; import InternalRoles from './config-manager-push-internal-roles'; import Kba from './config-manager-push-kba'; import Locales from './config-manager-push-locales'; +import ManagedObjects from './config-manager-push-managed-objects'; import PasswordPolicy from './config-manager-push-password-policy'; import Schedules from './config-manager-push-schedules'; import TermsAndConditions from './config-manager-push-terms-and-conditions'; @@ -25,6 +26,7 @@ export default function setup() { program.addCommand(InternalRoles().name('internal-roles')); program.addCommand(EmailTemplates().name('email-templates')); program.addCommand(Schedules().name('schedules')); + program.addCommand(ManagedObjects().name('managed-objects')); return program; } diff --git a/src/configManagerOps/FrConfigManagedObjectsOps.ts b/src/configManagerOps/FrConfigManagedObjectsOps.ts index 8f077b3ef..97d8fef88 100644 --- a/src/configManagerOps/FrConfigManagedObjectsOps.ts +++ b/src/configManagerOps/FrConfigManagedObjectsOps.ts @@ -1,10 +1,13 @@ import { frodo } from '@rockcarver/frodo-lib'; import { IdObjectSkeletonInterface } from '@rockcarver/frodo-lib/types/api/ApiTypes'; +import fs from 'fs'; +import path from 'path'; import { extractFrConfigDataToFile } from '../utils/Config'; import { printError } from '../utils/Console'; -const { readConfigEntity } = frodo.idm.config; +const { readConfigEntity, importConfigEntities, importSubConfigEntity } = + frodo.idm.config; const { getFilePath, saveTextToFile } = frodo.utils; const { stringify } = frodo.utils.json; @@ -110,3 +113,74 @@ function processManagedObjects(managedObjects, targetDir, name) { printError(err); } } + +/** + * Helper that recursively reads in extracted files and stores them back in the managed object + * @param obj The managed object configuration + * @param managedObjectDirectory The directory where the managed object resides + */ +function getExtractedFiles(obj: any, managedObjectDirectory: string): void { + if (!obj || typeof obj !== 'object') return; + for (const key of Object.keys(obj)) { + const value = obj[key]; + if (value?.type === 'text/javascript' && value.file) { + const scriptPath = path.join(managedObjectDirectory, value.file); + if (fs.existsSync(scriptPath)) { + value.source = fs.readFileSync(scriptPath, { encoding: 'utf-8' }); + delete value.file; + } + } else if (typeof value === 'object') { + getExtractedFiles(value, managedObjectDirectory); + } + } +} + +/** + * Helper that returns the import data for a managed object given the file where it is saved + * @param file The file where the managed object is saved + * @returns The managed object data from the file, including data from any extracted files + */ +function getManagedObjectImportData(file: string): object { + const readManagedObject = fs.readFileSync(file, 'utf-8'); + const importData = JSON.parse(readManagedObject); + const managedObjectDirectory = path.dirname(file); + getExtractedFiles(importData, managedObjectDirectory); + return importData; +} + +/** + * Import an IDM managed object in the fr-config-manager format. + * @param {string} objectName Optional managed object name. If not specified, imports all the managed objects. + * @return {Promise} a promise that resolves to true if successful, false otherwise + */ +export async function configManagerImportManagedObjects( + objectName?: string +): Promise { + try { + if (objectName) { + const filePath = getFilePath( + `managed-objects/${objectName}/${objectName}.json` + ); + const importData = getManagedObjectImportData(filePath) as any; + await importSubConfigEntity('managed', importData); + } else { + const managedObjectsPath = getFilePath('managed-objects'); + const managedObjectsFiles = fs.readdirSync(managedObjectsPath, 'utf-8'); + const importManagedObjectData = { + idm: { managed: { _id: 'managed', objects: [] } }, + }; + for (const managedObjectsFile of managedObjectsFiles) { + const filePath = getFilePath( + `managed-objects/${managedObjectsFile}/${managedObjectsFile}.json` + ); + const importData = getManagedObjectImportData(filePath); + importManagedObjectData.idm.managed.objects.push(importData); + } + await importConfigEntities(importManagedObjectData); + } + return true; + } catch (error) { + printError(error, `Error exporting config entity endpoints`); + } + return false; +} diff --git a/test/client_cli/en/__snapshots__/config-manager-push-managed-objects.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push-managed-objects.test.js.snap new file mode 100644 index 000000000..1b0dd812f --- /dev/null +++ b/test/client_cli/en/__snapshots__/config-manager-push-managed-objects.test.js.snap @@ -0,0 +1,67 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`CLI help interface for 'config-manager push managed-objects' should be expected english 1`] = ` +"Usage: frodo config-manager push managed-objects [options] [host] [realm] [username] [password] + +Import managed objects. + +Arguments: + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. + +Options: + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Managed object name; imports only the specified managed object. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. + FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. + FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. + FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +" +`; diff --git a/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap index 048639ef4..afaa50a58 100644 --- a/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap @@ -17,6 +17,7 @@ Commands: internal-roles Import internal roles. kba Import kba configuration. locales Import custom locales objects. + managed-objects Import managed objects. password-policy Import password-policy objects. schedules Import schedules. terms-and-conditions Import terms and conditions. diff --git a/test/client_cli/en/config-manager-push-managed-objects.test.js b/test/client_cli/en/config-manager-push-managed-objects.test.js new file mode 100644 index 000000000..1c12db036 --- /dev/null +++ b/test/client_cli/en/config-manager-push-managed-objects.test.js @@ -0,0 +1,10 @@ +import cp from 'child_process'; +import { promisify } from 'util'; + +const exec = promisify(cp.exec); +const CMD = 'frodo config-manager push managed-objects --help'; +const { stdout } = await exec(CMD); + +test("CLI help interface for 'config-manager push managed-objects' should be expected english", async () => { + expect(stdout).toMatchSnapshot(); +}); \ No newline at end of file diff --git a/test/e2e/__snapshots__/config-manager-push-managed-objects.e2e.test.js.snap b/test/e2e/__snapshots__/config-manager-push-managed-objects.e2e.test.js.snap new file mode 100644 index 000000000..bd46dcd88 --- /dev/null +++ b/test/e2e/__snapshots__/config-manager-push-managed-objects.e2e.test.js.snap @@ -0,0 +1,5 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`frodo config-manager push managed-objects "frodo config-manager push managed-objects -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import the managed-objects into forgeops" 1`] = `""`; + +exports[`frodo config-manager push managed-objects "frodo config-manager push managed-objects -n testObject -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import a specific managed-object by name into forgeops" 1`] = `""`; diff --git a/test/e2e/config-manager-push-managed-objects.e2e.test.js b/test/e2e/config-manager-push-managed-objects.e2e.test.js new file mode 100644 index 000000000..e4b7c11ec --- /dev/null +++ b/test/e2e/config-manager-push-managed-objects.e2e.test.js @@ -0,0 +1,79 @@ +/** + * Follow this process to write e2e tests for the CLI project: + * + * 1. Test if all the necessary mocks for your tests already exist. + * In mock mode, run the command you want to test with the same arguments + * and parameters exactly as you want to test it, for example: + * + * $ FRODO_MOCK=1 frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t! + * + * If your command completes without errors and with the expected results, + * all the required mocks already exist and you are good to write your + * test and skip to step #4. + * + * If, however, your command fails and you see errors like the one below, + * you know you need to record the mock responses first: + * + * [Polly] [adapter:node-http] Recording for the following request is not found and `recordIfMissing` is `false`. + * + * 2. Record mock responses for your exact command. + * In mock record mode, run the command you want to test with the same arguments + * and parameters exactly as you want to test it, for example: + * + * $ FRODO_MOCK=record frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t! + * + * Wait until you see all the Polly instances (mock recording adapters) have + * shutdown before you try to run step #1 again. + * Messages like these indicate mock recording adapters shutting down: + * + * Polly instance 'conn/4' stopping in 3s... + * Polly instance 'conn/4' stopping in 2s... + * Polly instance 'conn/save/3' stopping in 3s... + * Polly instance 'conn/4' stopping in 1s... + * Polly instance 'conn/save/3' stopping in 2s... + * Polly instance 'conn/4' stopped. + * Polly instance 'conn/save/3' stopping in 1s... + * Polly instance 'conn/save/3' stopped. + * + * 3. Validate your freshly recorded mock responses are complete and working. + * Re-run the exact command you want to test in mock mode (see step #1). + * + * 4. Write your test. + * Make sure to use the exact command including number of arguments and params. + * + * 5. Commit both your test and your new recordings to the repository. + * Your tests are likely going to reside outside the frodo-lib project but + * the recordings must be committed to the frodo-lib project. + */ + +/* +// ForgeOps +FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://nightly.gcp.forgeops.com/am frodo config-manager push managed-objects -D test/e2e/exports/fr-config-manager/forgeops -m forgeops +FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://nightly.gcp.forgeops.com/am frodo config-manager push managed-objects -n testObject -D test/e2e/exports/fr-config-manager/forgeops -m forgeops +*/ + +import cp from 'child_process'; +import { promisify } from 'util'; +import { getEnv, removeAnsiEscapeCodes } from './utils/TestUtils'; +import { forgeops_connection as fc } from './utils/TestConfig'; + +const exec = promisify(cp.exec); + +process.env['FRODO_MOCK'] = '1'; +const forgeopsEnv = getEnv(fc); + +const allDirectory = "test/e2e/exports/fr-config-manager/forgeops"; + +describe('frodo config-manager push managed-objects', () => { + test(`"frodo config-manager push managed-objects -D ${allDirectory} -m forgeops": should import the managed-objects into forgeops"`, async () => { + const CMD = `frodo config-manager push managed-objects -D ${allDirectory} -m forgeops`; + const { stdout } = await exec(CMD, forgeopsEnv); + expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); + }); + + test(`"frodo config-manager push managed-objects -n testObject -D ${allDirectory} -m forgeops": should import a specific managed-object by name into forgeops"`, async () => { + const CMD = `frodo config-manager push managed-objects -n testObject -D ${allDirectory} -m forgeops`; + const { stdout } = await exec(CMD, forgeopsEnv); + expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); + }); +}); \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/application/application.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/application/application.json new file mode 100644 index 000000000..108ac9b54 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/application/application.json @@ -0,0 +1,331 @@ +{ + "name": "application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members" + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string" + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true + }, + "members": { + "description": "Members directly granted an application", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "propName": "_id", + "required": false, + "type": "string" + }, + "_uniqueId": { + "description": "Unique identifier", + "type": "string" + } + }, + "title": "Application Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Application Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members" + ], + "policies": [ + { + "policyId": "unique" + } + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "domain": { + "type": "string" + }, + "federatedDomain": { + "type": "string" + }, + "idpLocation": { + "type": "string" + }, + "idpLoginUrl": { + "type": "string" + }, + "idpPrivateId": { + "type": "string" + }, + "key": { + "type": "string" + }, + "oidcId": { + "type": "string" + }, + "pfApcId": { + "type": "string" + }, + "pfIdpAdapterId": { + "type": "string" + }, + "pfPolicyId": { + "type": "string" + }, + "pfSigningCertId": { + "type": "string" + }, + "pfSpConnectionId": { + "type": "string" + }, + "spLocation": { + "type": "string" + }, + "spPrivate": { + "type": "string" + }, + "spPrivateId": { + "type": "string" + } + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Application", + "type": "object" + } +} \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/assignment/assignment.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/assignment/assignment.json new file mode 100644 index 000000000..e9b5b0b16 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/assignment/assignment.json @@ -0,0 +1,254 @@ +{ + "attributeEncryption": {}, + "name": "assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight" + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value" + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string" + }, + "name": { + "description": "Name", + "type": "string" + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string" + }, + "value": { + "description": "Value", + "type": "string" + } + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object" + }, + "notifyRelationships": [ + "roles", + "members" + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string" + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists" + } + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + }, + "_uniqueId": { + "description": "Unique identifier", + "type": "string" + } + }, + "title": "Assignment Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members" + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null" + ], + "viewable": true + } + }, + "required": [ + "name", + "description", + "mapping" + ], + "title": "Assignment", + "type": "object" + } +} \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/group/group.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/group/group.json new file mode 100644 index 000000000..aee387bf0 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/group/group.json @@ -0,0 +1,111 @@ +{ + "name": "group", + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members" + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Group Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Group Name", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Group", + "viewable": true + } +} \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/organization/organization.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/organization/organization.json new file mode 100644 index 000000000..943d5821d --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/organization/organization.json @@ -0,0 +1,395 @@ +{ + "name": "organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs" + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "admins" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "owners" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members" + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Organization", + "type": "object" + } +} \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/role/role.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/role/role.json new file mode 100644 index 000000000..8f2e55673 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/role/role.json @@ -0,0 +1,244 @@ +{ + "name": "role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints" + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "applications": { + "description": "Role Applications", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Assignments Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Role Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique" + } + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration" + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string" + } + }, + "required": [ + "duration" + ], + "title": "Temporal Constraints Items", + "type": "object" + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Role", + "type": "object" + } +} \ No newline at end of file diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.json new file mode 100644 index 000000000..6f2e779fe --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.json @@ -0,0 +1,186 @@ +{ + "name": "testObject", + "onCreate": { + "file": "testObject.onCreate.js", + "globals": { + "test": null + }, + "type": "text/javascript" + }, + "onRead": { + "globals": {}, + "source": "//groovy export", + "type": "groovy" + }, + "onSync": { + "globals": { + "test": 8 + }, + "source": "//test", + "type": "groovy" + }, + "onUpdate": { + "file": "testObject.onUpdate.js", + "globals": { + "test": [ + "test" + ] + }, + "type": "text/javascript" + }, + "onValidate": { + "file": "testObject.onValidate.js", + "globals": { + "test": "test" + }, + "type": "text/javascript" + }, + "postCreate": { + "file": "testObject.postCreate.js", + "globals": { + "test": null + }, + "type": "text/javascript" + }, + "postDelete": { + "file": "testObject.postDelete.js", + "globals": { + "test": "test" + }, + "type": "text/javascript" + }, + "postUpdate": { + "globals": { + "test": 1 + }, + "source": "//test", + "type": "groovy" + }, + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "test", + "icon": "fa-anchor", + "mat-icon": "", + "order": [ + "testObj", + "testString" + ], + "properties": { + "testObj": { + "description": null, + "isVirtual": false, + "nullable": false, + "onRetrieve": { + "globals": { + "four": false, + "one": null, + "three": 3, + "two": "number" + }, + "source": "//second", + "type": "groovy" + }, + "onStore": { + "file": "testObject.testObj.onStore.js", + "globals": { + "test": {} + }, + "type": "text/javascript" + }, + "onValidate": { + "globals": { + "test": null + }, + "source": "//groovy script test", + "type": "groovy" + }, + "order": [ + "testObject", + "testString" + ], + "properties": { + "testObject": { + "description": null, + "isVirtual": false, + "onRetrieve": { + "globals": { + "test": null + }, + "source": "//test", + "type": "text/javascript" + }, + "onStore": { + "globals": { + "test": null + }, + "source": "//test", + "type": "groovy" + }, + "order": [], + "properties": {}, + "required": [], + "searchable": false, + "title": "test", + "type": "object", + "userEditable": true, + "viewable": true + }, + "testString": { + "description": null, + "format": null, + "isVirtual": false, + "onRetrieve": { + "globals": { + "test": 1 + }, + "source": "//test", + "type": "groovy" + }, + "onStore": { + "globals": { + "test": [ + "test", + 1, + false + ] + }, + "source": "//test", + "type": "text/javascript" + }, + "searchable": false, + "title": "test", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [], + "searchable": false, + "title": "TestObj", + "type": "object", + "userEditable": true, + "viewable": true + }, + "testString": { + "description": null, + "format": null, + "isVirtual": false, + "onStore": { + "globals": { + "test": null + }, + "source": "//test", + "type": "groovy" + }, + "searchable": false, + "title": "test", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [], + "title": "Test", + "type": "object" + } +} diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onCreate.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onCreate.js new file mode 100644 index 000000000..d29038fa8 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onCreate.js @@ -0,0 +1 @@ +// test script diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onUpdate.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onUpdate.js new file mode 100644 index 000000000..0ae040b69 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onUpdate.js @@ -0,0 +1 @@ +//test diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onValidate.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onValidate.js new file mode 100644 index 000000000..0ae040b69 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.onValidate.js @@ -0,0 +1 @@ +//test diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postCreate.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postCreate.js new file mode 100644 index 000000000..12341cb2e --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postCreate.js @@ -0,0 +1 @@ +// another test diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postDelete.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postDelete.js new file mode 100644 index 000000000..0ae040b69 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.postDelete.js @@ -0,0 +1 @@ +//test diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.testObj.onStore.js b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.testObj.onStore.js new file mode 100644 index 000000000..0ae040b69 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/testObject/testObject.testObj.onStore.js @@ -0,0 +1 @@ +//test diff --git a/test/e2e/exports/fr-config-manager/forgeops/managed-objects/user/user.json b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/user/user.json new file mode 100644 index 000000000..69f300f11 --- /dev/null +++ b/test/e2e/exports/fr-config-manager/forgeops/managed-objects/user/user.json @@ -0,0 +1,1281 @@ +{ + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync" + }, + "meta": { + "property": "_meta", + "resourceCollection": "internal/usermeta", + "trackedProperties": [ + "createDate", + "lastChanged" + ] + }, + "name": "user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "assignedDashboard", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "activeDate", + "inactiveDate", + "ownerOfApp", + "passwordLastChangedTime", + "passwordExpirationTime", + "devicePrintProfiles", + "deviceProfiles", + "oathDeviceProfiles", + "pushDeviceProfiles", + "webauthnDeviceProfiles" + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + } + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": false, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "activeDate": { + "description": "Active Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime" + } + ], + "searchable": false, + "title": "Active Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string" + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false + }, + "applications": { + "description": "Applications", + "isPersonal": false, + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_id": { + "propName": "_id", + "required": false, + "type": "string" + }, + "_uniqueId": { + "description": "Unique identifier", + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Application Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_accountType": { + "description": "Account type", + "type": "string" + }, + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + }, + "_uniqueId": { + "description": "Unique identifier", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Authorization Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate" + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime" + } + ], + "searchable": false, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mapping": { + "description": "Mapping", + "searchable": false, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "mapping", + "consentDate" + ], + "title": "Consented Mappings Item", + "type": "object" + }, + "title": "Consented Mappings Items", + "type": "array" + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": false, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "devicePrintProfiles": { + "description": "Device Print Profiles Information", + "isPersonal": false, + "items": { + "title": "Profile", + "type": "string" + }, + "searchable": false, + "title": "Device Print Profiles", + "type": "array", + "userEditable": true, + "viewable": true + }, + "deviceProfiles": { + "description": "Device Profiles", + "isPersonal": false, + "items": { + "title": "Profile", + "type": "string" + }, + "searchable": false, + "title": "Device Profiles", + "type": "array", + "userEditable": true, + "viewable": true + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Application Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "*" + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments" + ], + [ + "assignments" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups" + ] + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles" + ] + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Groups Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/group", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Group", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "inactiveDate": { + "description": "Inactive Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime" + } + ], + "searchable": false, + "title": "Inactive Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId" + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string" + }, + "customQuestion": { + "description": "Custom question", + "type": "string" + }, + "questionId": { + "description": "Question ID", + "type": "string" + } + }, + "required": [], + "title": "KBA Info Items", + "type": "object" + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp" + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "title": "Effective Assignments", + "type": "array" + }, + "timestamp": { + "description": "Timestamp", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime" + } + ], + "type": "string" + } + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format" + } + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Manager _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "memberOfOrg" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false + }, + "oathDeviceProfiles": { + "description": "Oath Device Profiles", + "isPersonal": false, + "items": { + "title": "Profile", + "type": "string" + }, + "searchable": false, + "title": "Oath Device Profiles", + "type": "array", + "userEditable": true, + "viewable": true + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "policies": [ + { + "params": { + "minLength": 8 + }, + "policyId": "minimum-length" + }, + { + "params": { + "numCaps": 1 + }, + "policyId": "at-least-X-capitals" + }, + { + "params": { + "numNums": 1 + }, + "policyId": "at-least-X-numbers" + }, + { + "params": { + "disallowedFields": [ + "userName", + "givenName", + "sn" + ] + }, + "policyId": "cannot-contain-others" + } + ], + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "passwordExpirationTime": { + "description": "Password Expiration Time", + "searchable": true, + "title": "Password Expiration Time", + "type": "string", + "userEditable": false, + "viewable": true + }, + "passwordLastChangedTime": { + "description": "Password Last Changed Time", + "searchable": true, + "title": "Password Last Changed Time", + "type": "string", + "userEditable": false, + "viewable": true + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing" + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean" + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean" + } + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": false, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "pushDeviceProfiles": { + "description": "Push Device Profiles", + "isPersonal": false, + "items": { + "title": "Profile", + "type": "string" + }, + "searchable": false, + "title": "Push Device Profiles", + "type": "array", + "userEditable": true, + "viewable": true + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Direct Reports Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "searchable": true, + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "userName": { + "description": "Username", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-username" + }, + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + }, + { + "params": { + "minLength": 1 + }, + "policyId": "minimum-length" + }, + { + "params": { + "maxLength": 255 + }, + "policyId": "maximum-length" + } + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "webauthnDeviceProfiles": { + "description": "Web AuthN Device Profiles", + "isPersonal": false, + "items": { + "title": "Profile", + "type": "string" + }, + "searchable": false, + "title": "Web AuthN Device Profiles", + "type": "array", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "userName", + "givenName", + "sn", + "mail" + ], + "title": "User", + "type": "object", + "viewable": true + } +} \ No newline at end of file diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/am_1076162899/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/am_1076162899/recording.har new file mode 100644 index 000000000..c4268aa7d --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/am_1076162899/recording.har @@ -0,0 +1,631 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_D_m/am", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "ccd7a5defd0fdeaa986a2b54642d911a", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "resource=1.1" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 370, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/serverinfo/*" + }, + "response": { + "bodySize": 587, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 587, + "text": "{\"_id\":\"*\",\"_rev\":\"2075994313\",\"domains\":[],\"protectedUserAttributes\":[\"telephoneNumber\",\"mail\"],\"cookieName\":\"iPlanetDirectoryPro\",\"secureCookie\":true,\"forgotPassword\":\"false\",\"forgotUsername\":\"false\",\"kbaEnabled\":\"false\",\"selfRegistration\":\"false\",\"lang\":\"en-US\",\"successfulUserRegistrationDestination\":\"default\",\"socialImplementations\":[],\"referralsEnabled\":\"false\",\"zeroPageLogin\":{\"enabled\":false,\"refererWhitelist\":[],\"allowedWithoutReferer\":true},\"realm\":\"/\",\"xuiUserSessionValidationEnabled\":true,\"fileBasedConfiguration\":true,\"userIdAttributes\":[],\"nodeDesignerXuiEnabled\":true}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "587" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "resource=1.1" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "etag", + "value": "\"2075994313\"" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 631, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.279Z", + "time": 9, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 9 + } + }, + { + "_id": "9f5671275c36a1c0090d0df26ce0e93f", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 2, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "resource=2.0, protocol=1.0" + }, + { + "name": "x-openam-username", + "value": "amadmin" + }, + { + "name": "x-openam-password", + "value": "41ghjnKpNFAFU/HXw82HbFbitYNOOJ0g" + }, + { + "name": "content-length", + "value": "2" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 497, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{}" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/realms/root/authenticate" + }, + "response": { + "bodySize": 167, + "content": { + "mimeType": "application/json", + "size": 167, + "text": "{\"tokenId\":\"\",\"successUrl\":\"/am/console\",\"realm\":\"/\"}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + }, + { + "httpOnly": true, + "name": "iPlanetDirectoryPro", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + }, + { + "httpOnly": true, + "name": "amlbcookie", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "content-length", + "value": "167" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "iPlanetDirectoryPro=; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "amlbcookie=; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "private" + }, + { + "name": "content-api-version", + "value": "resource=2.1" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 693, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.294Z", + "time": 20, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 20 + } + }, + { + "_id": "6a3744385d3fd7416ea7089e610fa7e7", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 128, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "resource=4.0" + }, + { + "name": "content-length", + "value": "128" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 424, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"tokenId\":\"\"}" + }, + "queryString": [ + { + "name": "_action", + "value": "getSessionInfo" + } + ], + "url": "https://platform.dev.trivir.com/am/json/realms/root/sessions/?_action=getSessionInfo" + }, + "response": { + "bodySize": 291, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 291, + "text": "{\"username\":\"amadmin\",\"universalId\":\"id=amadmin,ou=user,ou=am-config\",\"realm\":\"/\",\"latestAccessTime\":\"2026-03-27T18:59:24Z\",\"maxIdleExpirationTime\":\"2026-03-27T19:29:24Z\",\"maxSessionExpirationTime\":\"2026-03-27T20:59:23Z\",\"properties\":{\"AMCtxId\":\"2290f5e0-a308-4911-9d82-33600d3abf08-25584\"}}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "291" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "private" + }, + { + "name": "content-api-version", + "value": "resource=4.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 610, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.321Z", + "time": 4, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 4 + } + }, + { + "_id": "6125d0328ad0dcaee55f73fd8b22ca14", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "resource=1.0" + }, + { + "name": "cookie", + "value": "iPlanetDirectoryPro=" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 520, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/serverinfo/version" + }, + "response": { + "bodySize": 257, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 257, + "text": "{\"_id\":\"version\",\"_rev\":\"-466575464\",\"version\":\"8.0.1\",\"fullVersion\":\"ForgeRock Access Management 8.0.1 Build b59bc0908346197b0c33afcb9e733d0400feeea1 (2025-April-15 11:37)\",\"revision\":\"b59bc0908346197b0c33afcb9e733d0400feeea1\",\"date\":\"2025-April-15 11:37\"}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "257" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "resource=1.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "etag", + "value": "\"-466575464\"" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 631, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.333Z", + "time": 5, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 5 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/oauth2_393036114/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/oauth2_393036114/recording.har new file mode 100644 index 000000000..4aaa4c14e --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/oauth2_393036114/recording.har @@ -0,0 +1,289 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_D_m/oauth2", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "a684e2f67fd67a4263878c3124af167a", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 365, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/x-www-form-urlencoded" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "cookie", + "value": "iPlanetDirectoryPro=" + }, + { + "name": "content-length", + "value": "365" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 565, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/x-www-form-urlencoded", + "params": [], + "text": "redirect_uri=https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html&scope=fr:idm:* openid&response_type=code&client_id=idm-admin-ui&csrf=7yIwoReO-zgRcpbQaWDJGXwXYvU.*AAJTSQACMDIAAlNLABx2dHI4a29UQU5oUFpRbmxzUmZSYytIWDlXUUk9AAR0eXBlAANDVFMAAlMxAAIwMQ..*&decision=allow&code_challenge=qpYrXUbR_8zGRVjdj0jB7RIjhuMsT1OfkSw9OhySQvQ&code_challenge_method=S256" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/oauth2/authorize" + }, + "response": { + "bodySize": 0, + "content": { + "mimeType": "text/plain", + "size": 0 + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + }, + { + "expires": "1970-01-01T00:00:00.000Z", + "httpOnly": true, + "name": "OAUTH_REQUEST_ATTRIBUTES", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-length", + "value": "0" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "OAUTH_REQUEST_ATTRIBUTES=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "location", + "value": "https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html?code=BNYwW0qQhtO_WGnKSZo8g0Ng1AY&iss=https%3A%2F%2Fplatform.dev.trivir.com%2Fam%2Foauth2&client_id=idm-admin-ui" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 673, + "httpVersion": "HTTP/1.1", + "redirectURL": "https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html?code=BNYwW0qQhtO_WGnKSZo8g0Ng1AY&iss=https%3A%2F%2Fplatform.dev.trivir.com%2Fam%2Foauth2&client_id=idm-admin-ui", + "status": 302, + "statusText": "Found" + }, + "startedDateTime": "2026-03-27T18:59:25.347Z", + "time": 16, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 16 + } + }, + { + "_id": "ff75519a93ccab829f8ee8cf5e92b49f", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 224, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/x-www-form-urlencoded" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "accept-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "content-length", + "value": "224" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 424, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/x-www-form-urlencoded", + "params": [], + "text": "client_id=idm-admin-ui&redirect_uri=https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html&grant_type=authorization_code&code=BNYwW0qQhtO_WGnKSZo8g0Ng1AY&code_verifier=Fo4t1zVjWrikia1fIHK--Z8elfebyHB64yKQMueFmM0" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/oauth2/access_token" + }, + "response": { + "bodySize": 1249, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 1249, + "text": "{\"access_token\":\"\",\"scope\":\"openid fr:idm:*\",\"id_token\":\"\",\"token_type\":\"Bearer\",\"expires_in\":239}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "1249" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 405, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.371Z", + "time": 31, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 31 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/openidm_3290118515/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/openidm_3290118515/recording.har new file mode 100644 index 000000000..2e40f4cee --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_D_m_314327836/openidm_3290118515/recording.har @@ -0,0 +1,167 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_D_m/openidm", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "7322535748e88337224313514e419364", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 42604, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-30" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-785ab35c-42c5-412a-9064-81faaa60246d" + }, + { + "name": "authorization", + "value": "Bearer " + }, + { + "name": "content-length", + "value": "42604" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 412, + "httpVersion": "HTTP/1.1", + "method": "PUT", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"_id\":\"managed\",\"objects\":[{\"name\":\"application\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"icon\":\"fa-folder\",\"order\":[\"name\",\"description\",\"url\",\"icon\",\"mappingNames\",\"owners\",\"roles\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Application ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"authoritative\":{\"description\":\"Is this an authoritative application\",\"searchable\":false,\"title\":\"Authoritative\",\"type\":\"boolean\",\"viewable\":false},\"connectorId\":{\"description\":\"Id of the connector associated with the application\",\"searchable\":false,\"title\":\"Connector ID\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"description\":{\"description\":\"Application Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"icon\":{\"searchable\":true,\"title\":\"Icon\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mappingNames\":{\"description\":\"Names of the sync mappings used by an application with provisioning configured.\",\"items\":{\"title\":\"Mapping Name Items\",\"type\":\"string\"},\"searchable\":true,\"title\":\"Sync Mapping Names\",\"type\":\"array\",\"viewable\":true},\"members\":{\"description\":\"Members directly granted an application\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items\",\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Application Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"title\":\"Application Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Application name\",\"notifyRelationships\":[\"roles\",\"members\"],\"policies\":[{\"policyId\":\"unique\"}],\"returnByDefault\":true,\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"owners\":{\"description\":\"Application Owners\",\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"ownerOfApp\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Roles granting users the application\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ssoEntities\":{\"description\":\"SSO Entity Id\",\"properties\":{\"domain\":{\"type\":\"string\"},\"federatedDomain\":{\"type\":\"string\"},\"idpLocation\":{\"type\":\"string\"},\"idpLoginUrl\":{\"type\":\"string\"},\"idpPrivateId\":{\"type\":\"string\"},\"key\":{\"type\":\"string\"},\"oidcId\":{\"type\":\"string\"},\"pfApcId\":{\"type\":\"string\"},\"pfIdpAdapterId\":{\"type\":\"string\"},\"pfPolicyId\":{\"type\":\"string\"},\"pfSigningCertId\":{\"type\":\"string\"},\"pfSpConnectionId\":{\"type\":\"string\"},\"spLocation\":{\"type\":\"string\"},\"spPrivate\":{\"type\":\"string\"},\"spPrivateId\":{\"type\":\"string\"}},\"searchable\":false,\"title\":\"SSO Entity Id\",\"type\":\"object\",\"userEditable\":false,\"viewable\":false},\"templateName\":{\"description\":\"Name of the template the application was created from\",\"searchable\":false,\"title\":\"Template Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"templateVersion\":{\"description\":\"The template version\",\"searchable\":false,\"title\":\"Template Version\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"uiConfig\":{\"description\":\"UI Config\",\"isPersonal\":false,\"properties\":{},\"searchable\":false,\"title\":\"UI Config\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"url\":{\"searchable\":true,\"title\":\"Url\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Application\",\"type\":\"object\"}},{\"attributeEncryption\":{},\"name\":\"assignment\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"A role assignment\",\"icon\":\"fa-key\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment\",\"mat-icon\":\"vpn_key\",\"order\":[\"_id\",\"name\",\"description\",\"type\",\"mapping\",\"attributes\",\"linkQualifiers\",\"roles\",\"members\",\"condition\",\"weight\"],\"properties\":{\"_id\":{\"description\":\"The assignment ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"attributes\":{\"description\":\"The attributes operated on by this assignment.\",\"items\":{\"order\":[\"assignmentOperation\",\"unassignmentOperation\",\"name\",\"value\"],\"properties\":{\"assignmentOperation\":{\"description\":\"Assignment operation\",\"type\":\"string\"},\"name\":{\"description\":\"Name\",\"type\":\"string\"},\"unassignmentOperation\":{\"description\":\"Unassignment operation\",\"type\":\"string\"},\"value\":{\"description\":\"Value\",\"type\":\"string\"}},\"required\":[],\"title\":\"Assignment Attributes Items\",\"type\":\"object\"},\"notifyRelationships\":[\"roles\",\"members\"],\"title\":\"Assignment Attributes\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this assignment\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The assignment description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"linkQualifiers\":{\"description\":\"Conditional link qualifiers to restrict this assignment to.\",\"items\":{\"title\":\"Link Qualifiers Items\",\"type\":\"string\"},\"title\":\"Link Qualifiers\",\"type\":\"array\",\"viewable\":true},\"mapping\":{\"description\":\"The name of the mapping this assignment applies to\",\"policies\":[{\"policyId\":\"mapping-exists\"}],\"searchable\":true,\"title\":\"Mapping\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Assignment Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Assignment Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Assignment Members Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignment Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The assignment name, used for display purposes.\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"roles\":{\"description\":\"Managed Roles\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Managed Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Managed Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"type\":{\"description\":\"The type of object this assignment represents\",\"title\":\"Type\",\"type\":\"string\",\"viewable\":true},\"weight\":{\"description\":\"The weight of the assignment.\",\"notifyRelationships\":[\"roles\",\"members\"],\"searchable\":false,\"title\":\"Weight\",\"type\":[\"number\",\"null\"],\"viewable\":true}},\"required\":[\"name\",\"description\",\"mapping\"],\"title\":\"Assignment\",\"type\":\"object\"}},{\"name\":\"group\",\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-group\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group\",\"mat-icon\":\"group\",\"order\":[\"_id\",\"name\",\"description\",\"condition\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Group ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"condition\":{\"description\":\"A filter for conditionally assigned members\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"Group Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"members\":{\"description\":\"Group Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Group Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"groups\",\"reverseRelationship\":true,\"title\":\"Group Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Group Name\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Group\",\"viewable\":true}},{\"name\":\"organization\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"An organization or tenant, whose resources are managed by organizational admins.\",\"icon\":\"fa-building\",\"mat-icon\":\"domain\",\"order\":[\"name\",\"description\",\"owners\",\"admins\",\"members\",\"parent\",\"children\",\"adminIDs\",\"ownerIDs\",\"parentAdminIDs\",\"parentOwnerIDs\",\"parentIDs\"],\"properties\":{\"adminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"admin ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"admins\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Admin user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"admins\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"adminOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Administrators\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"children\":{\"description\":\"Child Organizations\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"parent\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Child Organizations\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"description\":{\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"members\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"memberOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"ownerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"owner ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"owners\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Owner user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"owners\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"ownerOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owner\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"parent\":{\"description\":\"Parent Organization\",\"notifyRelationships\":[\"children\",\"members\"],\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"returnByDefault\":false,\"reversePropertyName\":\"children\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Parent Organization\",\"type\":\"relationship\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"parentAdminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent admins\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"adminIDs\",\"parentAdminIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent admins\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"parent org ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"parent org ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentOwnerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent owners\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"ownerIDs\",\"parentOwnerIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Organization\",\"type\":\"object\"}},{\"name\":\"role\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"\",\"icon\":\"fa-check-square-o\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role\",\"mat-icon\":\"assignment_ind\",\"order\":[\"_id\",\"name\",\"description\",\"members\",\"assignments\",\"applications\",\"condition\",\"temporalConstraints\"],\"properties\":{\"_id\":{\"description\":\"Role ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"applications\":{\"description\":\"Role Applications\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Application Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"viewable\":false},\"assignments\":{\"description\":\"Managed Assignments\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Assignments Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Managed Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"returnByDefault\":false,\"title\":\"Managed Assignments\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this role\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The role description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Role Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Role Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Members Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Role Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The role name, used for display purposes.\",\"policies\":[{\"policyId\":\"unique\"}],\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"temporalConstraints\":{\"description\":\"An array of temporal constraints for a role\",\"isTemporalConstraint\":true,\"items\":{\"order\":[\"duration\"],\"properties\":{\"duration\":{\"description\":\"Duration\",\"type\":\"string\"}},\"required\":[\"duration\"],\"title\":\"Temporal Constraints Items\",\"type\":\"object\"},\"notifyRelationships\":[\"members\"],\"returnByDefault\":true,\"title\":\"Temporal Constraints\",\"type\":\"array\",\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Role\",\"type\":\"object\"}},{\"name\":\"testObject\",\"onCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// test script\\n\"},\"onRead\":{\"globals\":{},\"source\":\"//groovy export\",\"type\":\"groovy\"},\"onSync\":{\"globals\":{\"test\":8},\"source\":\"//test\",\"type\":\"groovy\"},\"onUpdate\":{\"globals\":{\"test\":[\"test\"]},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// another test\\n\"},\"postDelete\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postUpdate\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"test\",\"icon\":\"fa-anchor\",\"mat-icon\":\"\",\"order\":[\"testObj\",\"testString\"],\"properties\":{\"testObj\":{\"description\":null,\"isVirtual\":false,\"nullable\":false,\"onRetrieve\":{\"globals\":{\"four\":false,\"one\":null,\"three\":3,\"two\":\"number\"},\"source\":\"//second\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":{}},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":null},\"source\":\"//groovy script test\",\"type\":\"groovy\"},\"order\":[\"testObject\",\"testString\"],\"properties\":{\"testObject\":{\"description\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"text/javascript\"},\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"order\":[],\"properties\":{},\"required\":[],\"searchable\":false,\"title\":\"test\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":[\"test\",1,false]},\"source\":\"//test\",\"type\":\"text/javascript\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"searchable\":false,\"title\":\"TestObj\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"title\":\"Test\",\"type\":\"object\"}},{\"lastSync\":{\"effectiveAssignmentsProperty\":\"effectiveAssignments\",\"lastSyncProperty\":\"lastSync\"},\"meta\":{\"property\":\"_meta\",\"resourceCollection\":\"internal/usermeta\",\"trackedProperties\":[\"createDate\",\"lastChanged\"]},\"name\":\"user\",\"notifications\":{},\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-user\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User\",\"mat-icon\":\"people\",\"order\":[\"_id\",\"userName\",\"password\",\"givenName\",\"cn\",\"sn\",\"mail\",\"profileImage\",\"description\",\"accountStatus\",\"telephoneNumber\",\"postalAddress\",\"city\",\"postalCode\",\"country\",\"stateProvince\",\"assignedDashboard\",\"roles\",\"assignments\",\"groups\",\"applications\",\"manager\",\"authzRoles\",\"reports\",\"effectiveRoles\",\"effectiveAssignments\",\"effectiveGroups\",\"effectiveApplications\",\"lastSync\",\"kbaInfo\",\"preferences\",\"consentedMappings\",\"ownerOfOrg\",\"adminOfOrg\",\"memberOfOrg\",\"memberOfOrgIDs\",\"activeDate\",\"inactiveDate\",\"ownerOfApp\",\"passwordLastChangedTime\",\"passwordExpirationTime\",\"devicePrintProfiles\",\"deviceProfiles\",\"oathDeviceProfiles\",\"pushDeviceProfiles\",\"webauthnDeviceProfiles\"],\"properties\":{\"_id\":{\"description\":\"User ID\",\"isPersonal\":false,\"policies\":[{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"}],\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"accountStatus\":{\"default\":\"active\",\"description\":\"Status\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Status\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"activeDate\":{\"description\":\"Active Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Active Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"adminOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"admins\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Administer\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"aliasList\":{\"description\":\"List of identity aliases used primarily to record social IdP subjects for this user\",\"isVirtual\":false,\"items\":{\"title\":\"User Alias Names Items\",\"type\":\"string\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"User Alias Names List\",\"type\":\"array\",\"userEditable\":true,\"viewable\":false},\"applications\":{\"description\":\"Applications\",\"isPersonal\":false,\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Application Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"assignedDashboard\":{\"description\":\"List of items to click on for this user\",\"isVirtual\":true,\"items\":{\"title\":\"Assigned Dashboard Items\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"searchable\":false,\"title\":\"Assigned Dashboard\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"assignments\":{\"description\":\"Assignments\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"authzRoles\":{\"description\":\"Authorization Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Authorization Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Internal Role\",\"path\":\"internal/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"authzMembers\",\"reverseRelationship\":true,\"title\":\"Authorization Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Authorization Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"city\":{\"description\":\"City\",\"isPersonal\":false,\"title\":\"City\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"cn\":{\"default\":\"{{givenName}} {{sn}}\",\"description\":\"Common Name\",\"isPersonal\":true,\"scope\":\"private\",\"searchable\":false,\"title\":\"Common Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"consentedMappings\":{\"description\":\"Consented Mappings\",\"isPersonal\":false,\"isVirtual\":false,\"items\":{\"items\":{\"order\":[\"mapping\",\"consentDate\"],\"properties\":{\"consentDate\":{\"description\":\"Consent Date\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Consent Date\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mapping\":{\"description\":\"Mapping\",\"searchable\":false,\"title\":\"Mapping\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"mapping\",\"consentDate\"],\"title\":\"Consented Mappings Item\",\"type\":\"object\"},\"title\":\"Consented Mappings Items\",\"type\":\"array\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Consented Mappings\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"country\":{\"description\":\"Country\",\"isPersonal\":false,\"title\":\"Country\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"description\":{\"description\":\"Description\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Description\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"devicePrintProfiles\":{\"description\":\"Device Print Profiles Information\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Print Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"deviceProfiles\":{\"description\":\"Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"effectiveApplications\":{\"description\":\"Effective Applications\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Application Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"returnByDefault\":true,\"title\":\"Effective Applications\",\"type\":\"array\",\"viewable\":false},\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"*\"],\"referencedRelationshipFields\":[[\"roles\",\"assignments\"],[\"assignments\"]]},\"returnByDefault\":true,\"title\":\"Effective Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveGroups\":{\"description\":\"Effective Groups\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Groups Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"groups\"]},\"returnByDefault\":true,\"title\":\"Effective Groups\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveRoles\":{\"description\":\"Effective Roles\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Roles Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"roles\"]},\"returnByDefault\":true,\"title\":\"Effective Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"givenName\":{\"description\":\"First Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"First Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"groups\":{\"description\":\"Groups\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Groups Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Group\",\"path\":\"managed/group\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Groups Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":false,\"returnByDefault\":false,\"title\":\"Group\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"inactiveDate\":{\"description\":\"Inactive Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Inactive Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"kbaInfo\":{\"description\":\"KBA Info\",\"isPersonal\":true,\"items\":{\"order\":[\"answer\",\"customQuestion\",\"questionId\"],\"properties\":{\"answer\":{\"description\":\"Answer\",\"type\":\"string\"},\"customQuestion\":{\"description\":\"Custom question\",\"type\":\"string\"},\"questionId\":{\"description\":\"Question ID\",\"type\":\"string\"}},\"required\":[],\"title\":\"KBA Info Items\",\"type\":\"object\"},\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"lastSync\":{\"description\":\"Last Sync timestamp\",\"isPersonal\":false,\"order\":[\"effectiveAssignments\",\"timestamp\"],\"properties\":{\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"title\":\"Effective Assignments\",\"type\":\"array\"},\"timestamp\":{\"description\":\"Timestamp\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"type\":\"string\"}},\"required\":[],\"scope\":\"private\",\"searchable\":false,\"title\":\"Last Sync timestamp\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"mail\":{\"description\":\"Email Address\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-email-address-format\"}],\"searchable\":true,\"title\":\"Email Address\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"manager\":{\"description\":\"Manager\",\"isPersonal\":false,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Manager _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"reports\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Manager\",\"type\":\"relationship\",\"usageDescription\":\"\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"memberOfOrg\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":false,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations to which I Belong\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"memberOfOrgIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"org identifiers\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"memberOfOrg\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"MemberOfOrgIDs\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"oathDeviceProfiles\":{\"description\":\"Oath Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Oath Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"ownerOfApp\":{\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Applications I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ownerOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"password\":{\"description\":\"Password\",\"isPersonal\":false,\"isProtected\":true,\"policies\":[{\"params\":{\"minLength\":8},\"policyId\":\"minimum-length\"},{\"params\":{\"numCaps\":1},\"policyId\":\"at-least-X-capitals\"},{\"params\":{\"numNums\":1},\"policyId\":\"at-least-X-numbers\"},{\"params\":{\"disallowedFields\":[\"userName\",\"givenName\",\"sn\"]},\"policyId\":\"cannot-contain-others\"}],\"scope\":\"private\",\"searchable\":false,\"title\":\"Password\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"passwordExpirationTime\":{\"description\":\"Password Expiration Time\",\"searchable\":true,\"title\":\"Password Expiration Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"passwordLastChangedTime\":{\"description\":\"Password Last Changed Time\",\"searchable\":true,\"title\":\"Password Last Changed Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"postalAddress\":{\"description\":\"Address 1\",\"isPersonal\":true,\"title\":\"Address 1\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"postalCode\":{\"description\":\"Postal Code\",\"isPersonal\":false,\"title\":\"Postal Code\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"preferences\":{\"description\":\"Preferences\",\"isPersonal\":false,\"order\":[\"updates\",\"marketing\"],\"properties\":{\"marketing\":{\"description\":\"Send me special offers and services\",\"type\":\"boolean\"},\"updates\":{\"description\":\"Send me news and updates\",\"type\":\"boolean\"}},\"required\":[],\"searchable\":false,\"title\":\"Preferences\",\"type\":\"object\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"profileImage\":{\"description\":\"Profile Image\",\"isPersonal\":true,\"searchable\":false,\"title\":\"Profile Image\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"pushDeviceProfiles\":{\"description\":\"Push Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Push Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"reports\":{\"description\":\"Direct Reports\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Direct Reports Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"manager\",\"reverseRelationship\":true,\"title\":\"Direct Reports Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Direct Reports\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Provisioning Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Role\",\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Provisioning Roles Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Provisioning Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"sn\":{\"description\":\"Last Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"Last Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"stateProvince\":{\"description\":\"State/Province\",\"isPersonal\":false,\"title\":\"State/Province\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"telephoneNumber\":{\"description\":\"Telephone Number\",\"isPersonal\":true,\"pattern\":\"^\\\\+?([0-9\\\\- \\\\(\\\\)])*$\",\"searchable\":true,\"title\":\"Telephone Number\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"userName\":{\"description\":\"Username\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-username\"},{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"},{\"params\":{\"minLength\":1},\"policyId\":\"minimum-length\"},{\"params\":{\"maxLength\":255},\"policyId\":\"maximum-length\"}],\"searchable\":true,\"title\":\"Username\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"webauthnDeviceProfiles\":{\"description\":\"Web AuthN Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Web AuthN Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"userName\",\"givenName\",\"sn\",\"mail\"],\"title\":\"User\",\"type\":\"object\",\"viewable\":true}}]}" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/openidm/config/managed" + }, + "response": { + "bodySize": 42604, + "content": { + "mimeType": "application/json;charset=utf-8", + "size": 42604, + "text": "{\"_id\":\"managed\",\"objects\":[{\"name\":\"application\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"icon\":\"fa-folder\",\"order\":[\"name\",\"description\",\"url\",\"icon\",\"mappingNames\",\"owners\",\"roles\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Application ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"authoritative\":{\"description\":\"Is this an authoritative application\",\"searchable\":false,\"title\":\"Authoritative\",\"type\":\"boolean\",\"viewable\":false},\"connectorId\":{\"description\":\"Id of the connector associated with the application\",\"searchable\":false,\"title\":\"Connector ID\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"description\":{\"description\":\"Application Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"icon\":{\"searchable\":true,\"title\":\"Icon\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mappingNames\":{\"description\":\"Names of the sync mappings used by an application with provisioning configured.\",\"items\":{\"title\":\"Mapping Name Items\",\"type\":\"string\"},\"searchable\":true,\"title\":\"Sync Mapping Names\",\"type\":\"array\",\"viewable\":true},\"members\":{\"description\":\"Members directly granted an application\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items\",\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Application Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"title\":\"Application Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Application name\",\"notifyRelationships\":[\"roles\",\"members\"],\"policies\":[{\"policyId\":\"unique\"}],\"returnByDefault\":true,\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"owners\":{\"description\":\"Application Owners\",\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"ownerOfApp\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Roles granting users the application\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ssoEntities\":{\"description\":\"SSO Entity Id\",\"properties\":{\"domain\":{\"type\":\"string\"},\"federatedDomain\":{\"type\":\"string\"},\"idpLocation\":{\"type\":\"string\"},\"idpLoginUrl\":{\"type\":\"string\"},\"idpPrivateId\":{\"type\":\"string\"},\"key\":{\"type\":\"string\"},\"oidcId\":{\"type\":\"string\"},\"pfApcId\":{\"type\":\"string\"},\"pfIdpAdapterId\":{\"type\":\"string\"},\"pfPolicyId\":{\"type\":\"string\"},\"pfSigningCertId\":{\"type\":\"string\"},\"pfSpConnectionId\":{\"type\":\"string\"},\"spLocation\":{\"type\":\"string\"},\"spPrivate\":{\"type\":\"string\"},\"spPrivateId\":{\"type\":\"string\"}},\"searchable\":false,\"title\":\"SSO Entity Id\",\"type\":\"object\",\"userEditable\":false,\"viewable\":false},\"templateName\":{\"description\":\"Name of the template the application was created from\",\"searchable\":false,\"title\":\"Template Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"templateVersion\":{\"description\":\"The template version\",\"searchable\":false,\"title\":\"Template Version\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"uiConfig\":{\"description\":\"UI Config\",\"isPersonal\":false,\"properties\":{},\"searchable\":false,\"title\":\"UI Config\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"url\":{\"searchable\":true,\"title\":\"Url\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Application\",\"type\":\"object\"}},{\"attributeEncryption\":{},\"name\":\"assignment\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"A role assignment\",\"icon\":\"fa-key\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment\",\"mat-icon\":\"vpn_key\",\"order\":[\"_id\",\"name\",\"description\",\"type\",\"mapping\",\"attributes\",\"linkQualifiers\",\"roles\",\"members\",\"condition\",\"weight\"],\"properties\":{\"_id\":{\"description\":\"The assignment ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"attributes\":{\"description\":\"The attributes operated on by this assignment.\",\"items\":{\"order\":[\"assignmentOperation\",\"unassignmentOperation\",\"name\",\"value\"],\"properties\":{\"assignmentOperation\":{\"description\":\"Assignment operation\",\"type\":\"string\"},\"name\":{\"description\":\"Name\",\"type\":\"string\"},\"unassignmentOperation\":{\"description\":\"Unassignment operation\",\"type\":\"string\"},\"value\":{\"description\":\"Value\",\"type\":\"string\"}},\"required\":[],\"title\":\"Assignment Attributes Items\",\"type\":\"object\"},\"notifyRelationships\":[\"roles\",\"members\"],\"title\":\"Assignment Attributes\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this assignment\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The assignment description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"linkQualifiers\":{\"description\":\"Conditional link qualifiers to restrict this assignment to.\",\"items\":{\"title\":\"Link Qualifiers Items\",\"type\":\"string\"},\"title\":\"Link Qualifiers\",\"type\":\"array\",\"viewable\":true},\"mapping\":{\"description\":\"The name of the mapping this assignment applies to\",\"policies\":[{\"policyId\":\"mapping-exists\"}],\"searchable\":true,\"title\":\"Mapping\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Assignment Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Assignment Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Assignment Members Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignment Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The assignment name, used for display purposes.\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"roles\":{\"description\":\"Managed Roles\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Managed Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Managed Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"type\":{\"description\":\"The type of object this assignment represents\",\"title\":\"Type\",\"type\":\"string\",\"viewable\":true},\"weight\":{\"description\":\"The weight of the assignment.\",\"notifyRelationships\":[\"roles\",\"members\"],\"searchable\":false,\"title\":\"Weight\",\"type\":[\"number\",\"null\"],\"viewable\":true}},\"required\":[\"name\",\"description\",\"mapping\"],\"title\":\"Assignment\",\"type\":\"object\"}},{\"name\":\"group\",\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-group\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group\",\"mat-icon\":\"group\",\"order\":[\"_id\",\"name\",\"description\",\"condition\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Group ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"condition\":{\"description\":\"A filter for conditionally assigned members\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"Group Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"members\":{\"description\":\"Group Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Group Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"groups\",\"reverseRelationship\":true,\"title\":\"Group Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Group Name\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Group\",\"viewable\":true}},{\"name\":\"organization\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"An organization or tenant, whose resources are managed by organizational admins.\",\"icon\":\"fa-building\",\"mat-icon\":\"domain\",\"order\":[\"name\",\"description\",\"owners\",\"admins\",\"members\",\"parent\",\"children\",\"adminIDs\",\"ownerIDs\",\"parentAdminIDs\",\"parentOwnerIDs\",\"parentIDs\"],\"properties\":{\"adminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"admin ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"admins\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Admin user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"admins\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"adminOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Administrators\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"children\":{\"description\":\"Child Organizations\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"parent\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Child Organizations\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"description\":{\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"members\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"memberOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"ownerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"owner ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"owners\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Owner user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"owners\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"ownerOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owner\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"parent\":{\"description\":\"Parent Organization\",\"notifyRelationships\":[\"children\",\"members\"],\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"returnByDefault\":false,\"reversePropertyName\":\"children\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Parent Organization\",\"type\":\"relationship\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"parentAdminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent admins\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"adminIDs\",\"parentAdminIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent admins\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"parent org ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"parent org ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentOwnerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent owners\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"ownerIDs\",\"parentOwnerIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Organization\",\"type\":\"object\"}},{\"name\":\"role\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"\",\"icon\":\"fa-check-square-o\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role\",\"mat-icon\":\"assignment_ind\",\"order\":[\"_id\",\"name\",\"description\",\"members\",\"assignments\",\"applications\",\"condition\",\"temporalConstraints\"],\"properties\":{\"_id\":{\"description\":\"Role ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"applications\":{\"description\":\"Role Applications\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Application Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"viewable\":false},\"assignments\":{\"description\":\"Managed Assignments\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Assignments Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Managed Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"returnByDefault\":false,\"title\":\"Managed Assignments\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this role\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The role description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Role Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Role Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Members Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Role Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The role name, used for display purposes.\",\"policies\":[{\"policyId\":\"unique\"}],\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"temporalConstraints\":{\"description\":\"An array of temporal constraints for a role\",\"isTemporalConstraint\":true,\"items\":{\"order\":[\"duration\"],\"properties\":{\"duration\":{\"description\":\"Duration\",\"type\":\"string\"}},\"required\":[\"duration\"],\"title\":\"Temporal Constraints Items\",\"type\":\"object\"},\"notifyRelationships\":[\"members\"],\"returnByDefault\":true,\"title\":\"Temporal Constraints\",\"type\":\"array\",\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Role\",\"type\":\"object\"}},{\"name\":\"testObject\",\"onCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// test script\\n\"},\"onRead\":{\"globals\":{},\"source\":\"//groovy export\",\"type\":\"groovy\"},\"onSync\":{\"globals\":{\"test\":8},\"source\":\"//test\",\"type\":\"groovy\"},\"onUpdate\":{\"globals\":{\"test\":[\"test\"]},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// another test\\n\"},\"postDelete\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postUpdate\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"test\",\"icon\":\"fa-anchor\",\"mat-icon\":\"\",\"order\":[\"testObj\",\"testString\"],\"properties\":{\"testObj\":{\"description\":null,\"isVirtual\":false,\"nullable\":false,\"onRetrieve\":{\"globals\":{\"four\":false,\"one\":null,\"three\":3,\"two\":\"number\"},\"source\":\"//second\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":{}},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":null},\"source\":\"//groovy script test\",\"type\":\"groovy\"},\"order\":[\"testObject\",\"testString\"],\"properties\":{\"testObject\":{\"description\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"text/javascript\"},\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"order\":[],\"properties\":{},\"required\":[],\"searchable\":false,\"title\":\"test\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":[\"test\",1,false]},\"source\":\"//test\",\"type\":\"text/javascript\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"searchable\":false,\"title\":\"TestObj\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"title\":\"Test\",\"type\":\"object\"}},{\"lastSync\":{\"effectiveAssignmentsProperty\":\"effectiveAssignments\",\"lastSyncProperty\":\"lastSync\"},\"meta\":{\"property\":\"_meta\",\"resourceCollection\":\"internal/usermeta\",\"trackedProperties\":[\"createDate\",\"lastChanged\"]},\"name\":\"user\",\"notifications\":{},\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-user\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User\",\"mat-icon\":\"people\",\"order\":[\"_id\",\"userName\",\"password\",\"givenName\",\"cn\",\"sn\",\"mail\",\"profileImage\",\"description\",\"accountStatus\",\"telephoneNumber\",\"postalAddress\",\"city\",\"postalCode\",\"country\",\"stateProvince\",\"assignedDashboard\",\"roles\",\"assignments\",\"groups\",\"applications\",\"manager\",\"authzRoles\",\"reports\",\"effectiveRoles\",\"effectiveAssignments\",\"effectiveGroups\",\"effectiveApplications\",\"lastSync\",\"kbaInfo\",\"preferences\",\"consentedMappings\",\"ownerOfOrg\",\"adminOfOrg\",\"memberOfOrg\",\"memberOfOrgIDs\",\"activeDate\",\"inactiveDate\",\"ownerOfApp\",\"passwordLastChangedTime\",\"passwordExpirationTime\",\"devicePrintProfiles\",\"deviceProfiles\",\"oathDeviceProfiles\",\"pushDeviceProfiles\",\"webauthnDeviceProfiles\"],\"properties\":{\"_id\":{\"description\":\"User ID\",\"isPersonal\":false,\"policies\":[{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"}],\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"accountStatus\":{\"default\":\"active\",\"description\":\"Status\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Status\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"activeDate\":{\"description\":\"Active Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Active Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"adminOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"admins\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Administer\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"aliasList\":{\"description\":\"List of identity aliases used primarily to record social IdP subjects for this user\",\"isVirtual\":false,\"items\":{\"title\":\"User Alias Names Items\",\"type\":\"string\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"User Alias Names List\",\"type\":\"array\",\"userEditable\":true,\"viewable\":false},\"applications\":{\"description\":\"Applications\",\"isPersonal\":false,\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Application Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"assignedDashboard\":{\"description\":\"List of items to click on for this user\",\"isVirtual\":true,\"items\":{\"title\":\"Assigned Dashboard Items\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"searchable\":false,\"title\":\"Assigned Dashboard\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"assignments\":{\"description\":\"Assignments\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"authzRoles\":{\"description\":\"Authorization Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Authorization Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Internal Role\",\"path\":\"internal/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"authzMembers\",\"reverseRelationship\":true,\"title\":\"Authorization Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Authorization Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"city\":{\"description\":\"City\",\"isPersonal\":false,\"title\":\"City\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"cn\":{\"default\":\"{{givenName}} {{sn}}\",\"description\":\"Common Name\",\"isPersonal\":true,\"scope\":\"private\",\"searchable\":false,\"title\":\"Common Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"consentedMappings\":{\"description\":\"Consented Mappings\",\"isPersonal\":false,\"isVirtual\":false,\"items\":{\"items\":{\"order\":[\"mapping\",\"consentDate\"],\"properties\":{\"consentDate\":{\"description\":\"Consent Date\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Consent Date\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mapping\":{\"description\":\"Mapping\",\"searchable\":false,\"title\":\"Mapping\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"mapping\",\"consentDate\"],\"title\":\"Consented Mappings Item\",\"type\":\"object\"},\"title\":\"Consented Mappings Items\",\"type\":\"array\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Consented Mappings\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"country\":{\"description\":\"Country\",\"isPersonal\":false,\"title\":\"Country\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"description\":{\"description\":\"Description\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Description\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"devicePrintProfiles\":{\"description\":\"Device Print Profiles Information\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Print Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"deviceProfiles\":{\"description\":\"Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"effectiveApplications\":{\"description\":\"Effective Applications\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Application Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"returnByDefault\":true,\"title\":\"Effective Applications\",\"type\":\"array\",\"viewable\":false},\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"*\"],\"referencedRelationshipFields\":[[\"roles\",\"assignments\"],[\"assignments\"]]},\"returnByDefault\":true,\"title\":\"Effective Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveGroups\":{\"description\":\"Effective Groups\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Groups Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"groups\"]},\"returnByDefault\":true,\"title\":\"Effective Groups\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveRoles\":{\"description\":\"Effective Roles\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Roles Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"roles\"]},\"returnByDefault\":true,\"title\":\"Effective Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"givenName\":{\"description\":\"First Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"First Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"groups\":{\"description\":\"Groups\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Groups Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Group\",\"path\":\"managed/group\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Groups Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":false,\"returnByDefault\":false,\"title\":\"Group\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"inactiveDate\":{\"description\":\"Inactive Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Inactive Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"kbaInfo\":{\"description\":\"KBA Info\",\"isPersonal\":true,\"items\":{\"order\":[\"answer\",\"customQuestion\",\"questionId\"],\"properties\":{\"answer\":{\"description\":\"Answer\",\"type\":\"string\"},\"customQuestion\":{\"description\":\"Custom question\",\"type\":\"string\"},\"questionId\":{\"description\":\"Question ID\",\"type\":\"string\"}},\"required\":[],\"title\":\"KBA Info Items\",\"type\":\"object\"},\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"lastSync\":{\"description\":\"Last Sync timestamp\",\"isPersonal\":false,\"order\":[\"effectiveAssignments\",\"timestamp\"],\"properties\":{\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"title\":\"Effective Assignments\",\"type\":\"array\"},\"timestamp\":{\"description\":\"Timestamp\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"type\":\"string\"}},\"required\":[],\"scope\":\"private\",\"searchable\":false,\"title\":\"Last Sync timestamp\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"mail\":{\"description\":\"Email Address\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-email-address-format\"}],\"searchable\":true,\"title\":\"Email Address\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"manager\":{\"description\":\"Manager\",\"isPersonal\":false,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Manager _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"reports\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Manager\",\"type\":\"relationship\",\"usageDescription\":\"\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"memberOfOrg\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":false,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations to which I Belong\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"memberOfOrgIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"org identifiers\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"memberOfOrg\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"MemberOfOrgIDs\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"oathDeviceProfiles\":{\"description\":\"Oath Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Oath Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"ownerOfApp\":{\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Applications I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ownerOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"password\":{\"description\":\"Password\",\"isPersonal\":false,\"isProtected\":true,\"policies\":[{\"params\":{\"minLength\":8},\"policyId\":\"minimum-length\"},{\"params\":{\"numCaps\":1},\"policyId\":\"at-least-X-capitals\"},{\"params\":{\"numNums\":1},\"policyId\":\"at-least-X-numbers\"},{\"params\":{\"disallowedFields\":[\"userName\",\"givenName\",\"sn\"]},\"policyId\":\"cannot-contain-others\"}],\"scope\":\"private\",\"searchable\":false,\"title\":\"Password\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"passwordExpirationTime\":{\"description\":\"Password Expiration Time\",\"searchable\":true,\"title\":\"Password Expiration Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"passwordLastChangedTime\":{\"description\":\"Password Last Changed Time\",\"searchable\":true,\"title\":\"Password Last Changed Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"postalAddress\":{\"description\":\"Address 1\",\"isPersonal\":true,\"title\":\"Address 1\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"postalCode\":{\"description\":\"Postal Code\",\"isPersonal\":false,\"title\":\"Postal Code\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"preferences\":{\"description\":\"Preferences\",\"isPersonal\":false,\"order\":[\"updates\",\"marketing\"],\"properties\":{\"marketing\":{\"description\":\"Send me special offers and services\",\"type\":\"boolean\"},\"updates\":{\"description\":\"Send me news and updates\",\"type\":\"boolean\"}},\"required\":[],\"searchable\":false,\"title\":\"Preferences\",\"type\":\"object\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"profileImage\":{\"description\":\"Profile Image\",\"isPersonal\":true,\"searchable\":false,\"title\":\"Profile Image\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"pushDeviceProfiles\":{\"description\":\"Push Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Push Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"reports\":{\"description\":\"Direct Reports\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Direct Reports Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"manager\",\"reverseRelationship\":true,\"title\":\"Direct Reports Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Direct Reports\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Provisioning Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Role\",\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Provisioning Roles Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Provisioning Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"sn\":{\"description\":\"Last Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"Last Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"stateProvince\":{\"description\":\"State/Province\",\"isPersonal\":false,\"title\":\"State/Province\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"telephoneNumber\":{\"description\":\"Telephone Number\",\"isPersonal\":true,\"pattern\":\"^\\\\+?([0-9\\\\- \\\\(\\\\)])*$\",\"searchable\":true,\"title\":\"Telephone Number\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"userName\":{\"description\":\"Username\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-username\"},{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"},{\"params\":{\"minLength\":1},\"policyId\":\"minimum-length\"},{\"params\":{\"maxLength\":255},\"policyId\":\"maximum-length\"}],\"searchable\":true,\"title\":\"Username\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"webauthnDeviceProfiles\":{\"description\":\"Web AuthN Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Web AuthN Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"userName\",\"givenName\",\"sn\",\"mail\"],\"title\":\"User\",\"type\":\"object\",\"viewable\":true}}]}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/openidm", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Fri, 27 Mar 2026 18:59:24 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=utf-8" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/openidm; Secure; HttpOnly" + }, + { + "name": "vary", + "value": "Origin" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "DENY" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 644, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-27T18:59:25.420Z", + "time": 35, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 35 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/am_1076162899/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/am_1076162899/recording.har new file mode 100644 index 000000000..740bde91b --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/am_1076162899/recording.har @@ -0,0 +1,631 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_n_D_m/am", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "ccd7a5defd0fdeaa986a2b54642d911a", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "resource=1.1" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 370, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/serverinfo/*" + }, + "response": { + "bodySize": 587, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 587, + "text": "{\"_id\":\"*\",\"_rev\":\"2075994313\",\"domains\":[],\"protectedUserAttributes\":[\"telephoneNumber\",\"mail\"],\"cookieName\":\"iPlanetDirectoryPro\",\"secureCookie\":true,\"forgotPassword\":\"false\",\"forgotUsername\":\"false\",\"kbaEnabled\":\"false\",\"selfRegistration\":\"false\",\"lang\":\"en-US\",\"successfulUserRegistrationDestination\":\"default\",\"socialImplementations\":[],\"referralsEnabled\":\"false\",\"zeroPageLogin\":{\"enabled\":false,\"refererWhitelist\":[],\"allowedWithoutReferer\":true},\"realm\":\"/\",\"xuiUserSessionValidationEnabled\":true,\"fileBasedConfiguration\":true,\"userIdAttributes\":[],\"nodeDesignerXuiEnabled\":true}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "587" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "resource=1.1" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "etag", + "value": "\"2075994313\"" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 631, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.056Z", + "time": 39, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 39 + } + }, + { + "_id": "9f5671275c36a1c0090d0df26ce0e93f", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 2, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "resource=2.0, protocol=1.0" + }, + { + "name": "x-openam-username", + "value": "amadmin" + }, + { + "name": "x-openam-password", + "value": "41ghjnKpNFAFU/HXw82HbFbitYNOOJ0g" + }, + { + "name": "content-length", + "value": "2" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 497, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{}" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/realms/root/authenticate" + }, + "response": { + "bodySize": 167, + "content": { + "mimeType": "application/json", + "size": 167, + "text": "{\"tokenId\":\"\",\"successUrl\":\"/am/console\",\"realm\":\"/\"}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + }, + { + "httpOnly": true, + "name": "iPlanetDirectoryPro", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + }, + { + "httpOnly": true, + "name": "amlbcookie", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "content-length", + "value": "167" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "iPlanetDirectoryPro=; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "amlbcookie=; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "private" + }, + { + "name": "content-api-version", + "value": "resource=2.1" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 692, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.103Z", + "time": 33, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 33 + } + }, + { + "_id": "6a3744385d3fd7416ea7089e610fa7e7", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 128, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "resource=4.0" + }, + { + "name": "content-length", + "value": "128" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 424, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"tokenId\":\"\"}" + }, + "queryString": [ + { + "name": "_action", + "value": "getSessionInfo" + } + ], + "url": "https://platform.dev.trivir.com/am/json/realms/root/sessions/?_action=getSessionInfo" + }, + "response": { + "bodySize": 290, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 290, + "text": "{\"username\":\"amadmin\",\"universalId\":\"id=amadmin,ou=user,ou=am-config\",\"realm\":\"/\",\"latestAccessTime\":\"2026-03-30T16:59:04Z\",\"maxIdleExpirationTime\":\"2026-03-30T17:29:04Z\",\"maxSessionExpirationTime\":\"2026-03-30T18:59:03Z\",\"properties\":{\"AMCtxId\":\"d9827ef5-6bcc-4305-82e6-b8df93f734be-1943\"}}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "290" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "private" + }, + { + "name": "content-api-version", + "value": "resource=4.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 610, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.146Z", + "time": 10, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 10 + } + }, + { + "_id": "6125d0328ad0dcaee55f73fd8b22ca14", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "resource=1.0" + }, + { + "name": "cookie", + "value": "iPlanetDirectoryPro=" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 520, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://platform.dev.trivir.com/am/json/serverinfo/version" + }, + "response": { + "bodySize": 257, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 257, + "text": "{\"_id\":\"version\",\"_rev\":\"-466575464\",\"version\":\"8.0.1\",\"fullVersion\":\"ForgeRock Access Management 8.0.1 Build b59bc0908346197b0c33afcb9e733d0400feeea1 (2025-April-15 11:37)\",\"revision\":\"b59bc0908346197b0c33afcb9e733d0400feeea1\",\"date\":\"2025-April-15 11:37\"}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "257" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "resource=1.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "etag", + "value": "\"-466575464\"" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 631, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.165Z", + "time": 9, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 9 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/oauth2_393036114/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/oauth2_393036114/recording.har new file mode 100644 index 000000000..6edaee0ca --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/oauth2_393036114/recording.har @@ -0,0 +1,289 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_n_D_m/oauth2", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "a684e2f67fd67a4263878c3124af167a", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 365, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/x-www-form-urlencoded" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "cookie", + "value": "iPlanetDirectoryPro=" + }, + { + "name": "content-length", + "value": "365" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 565, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/x-www-form-urlencoded", + "params": [], + "text": "redirect_uri=https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html&scope=fr:idm:* openid&response_type=code&client_id=idm-admin-ui&csrf=pcHjRZOjGm3F0y2bwwflgkRNyTs.*AAJTSQACMDIAAlNLABxJb0JEcWFPcGNqRGU3dk5QSUxBOGRPQzQ5ZG89AAR0eXBlAANDVFMAAlMxAAIwMQ..*&decision=allow&code_challenge=K4je4x7lJaF_3o8z3gNHGjiDl7W9l-g4WhgTqk8FE7g&code_challenge_method=S256" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/oauth2/authorize" + }, + "response": { + "bodySize": 0, + "content": { + "mimeType": "text/plain", + "size": 0 + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + }, + { + "expires": "1970-01-01T00:00:00.000Z", + "httpOnly": true, + "name": "OAUTH_REQUEST_ATTRIBUTES", + "path": "/", + "sameSite": "none", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-length", + "value": "0" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "OAUTH_REQUEST_ATTRIBUTES=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Secure; HttpOnly; SameSite=none" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "location", + "value": "https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html?code=XYv2nfRpJSETy8EC7e2aHKThXuM&iss=https%3A%2F%2Fplatform.dev.trivir.com%2Fam%2Foauth2&client_id=idm-admin-ui" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 673, + "httpVersion": "HTTP/1.1", + "redirectURL": "https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html?code=XYv2nfRpJSETy8EC7e2aHKThXuM&iss=https%3A%2F%2Fplatform.dev.trivir.com%2Fam%2Foauth2&client_id=idm-admin-ui", + "status": 302, + "statusText": "Found" + }, + "startedDateTime": "2026-03-30T16:59:04.183Z", + "time": 23, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 23 + } + }, + { + "_id": "ff75519a93ccab829f8ee8cf5e92b49f", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 224, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/x-www-form-urlencoded" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "accept-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "content-length", + "value": "224" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 424, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/x-www-form-urlencoded", + "params": [], + "text": "client_id=idm-admin-ui&redirect_uri=https://platform.dev.trivir.com/platform/appAuthHelperRedirect.html&grant_type=authorization_code&code=XYv2nfRpJSETy8EC7e2aHKThXuM&code_verifier=VE7uFYDaO79hyRBhM6TAEKlzfageCSsCmfQGe9DYYjg" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/am/oauth2/access_token" + }, + "response": { + "bodySize": 1247, + "content": { + "mimeType": "application/json;charset=UTF-8", + "size": 1247, + "text": "{\"access_token\":\"\",\"scope\":\"openid fr:idm:*\",\"id_token\":\"\",\"token_type\":\"Bearer\",\"expires_in\":239}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/am", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=UTF-8" + }, + { + "name": "content-length", + "value": "1247" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/am; Secure; HttpOnly" + }, + { + "name": "x-frame-options", + "value": "SAMEORIGIN" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 405, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.215Z", + "time": 58, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 58 + } + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/openidm_3290118515/recording.har b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/openidm_3290118515/recording.har new file mode 100644 index 000000000..1bdcc3e04 --- /dev/null +++ b/test/e2e/mocks/config-manager_4167095917/push_2272264157/managed-objects_1198917719/0_n_D_m_1348920437/openidm_3290118515/recording.har @@ -0,0 +1,316 @@ +{ + "log": { + "_recordingName": "config-manager/push/managed-objects/0_n_D_m/openidm", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.6" + }, + "entries": [ + { + "_id": "a691ccd864d3d6bd4cec893c7df77b9c", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "authorization", + "value": "Bearer " + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 389, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://platform.dev.trivir.com/openidm/config/managed" + }, + "response": { + "bodySize": 7106, + "content": { + "encoding": "base64", + "mimeType": "application/json;charset=utf-8", + "size": 7106, + "text": "[\"H4sIAAAAAAAA/w==\",\"7T1pc9w2sn8Fxbcf9piJkpfaqn3z5ZUiOVtTm1haW/FulaWXgkjMiDGHpHlInlXpv7/GRQLEwWOow44/JB7h7G50N7obDfA++DWOglWwwynekihYBNn1bySsymD1/j5IcFm93adhsLoPyGYD5fEtOS7LeJvuSFqV50WWk6LawwC2ahhNjqC0bAZ9WAQ7UmE6eN5W/8rKFkFByqwuQnKSJQkdOUuhMk4rUqQ4OapLUoiGVYHDDyQSM8SEgh6EBcEVOYX/BBAnNzilCF7BrCneERiMjgG1aVbFmzjEdAroew8NyvCG7Bhgf5A/g5uqyldHR7+VWbrkhd9kxfYoKvCmWn77/ZFouAjikIG6wUsxASNwXaQr2pc3W0HX1Qb+R4os/LACyNM42q3EKqxwHq9+4Z13uFqKEXOS5QnFJysiqAMs6dotGB6vKUqLIMdleQfV8HMLa5GK4jCF/5UpGy5OaLsi28QJWe9gOvgzImVYxDkj8iLAYZjVafW2wlVN17AiCclvspS8rnfXDKg8KyucHEcRLBJtEcawdLL4JIvYnHSMghZDYUVgeW7jNKQ1mHEIiU5xeXOdYQZtkSWkbOok92yLrM5ZcZ4nzRItBLdSSHBd3fznjehckDwrWMeGG2WVgz2b4r/LmdqG+pQN1y6CD9d4nW4yRkayIQUBtBgVoCWMS6KfAdw43dKy7C4lxdnmrNhSYKNdnMo/doQS0/LX+pRhzIAQDByn2p9iUIBQWfKfWia/iDVmePUpjwuGiKiIyG0cwoqANJ1zRiiV0qYgw9XNabcwr0uz8I5c04VIOxVXCynYTCrvua6519htFVBGR+tTimZ5TgqQEZwEqw1OSkJZChaByzRoCVzgHRsIROc6jiKSAsYFE/gjJtms+X5NBS7EKUj2EhalwnG6DKEhEBHGDx4ArpLgAoquQZ7kVNU+p1qhrIAuWyZWwGOnGqhC2F5FcaV1vY3JnVLw0JUhhvMG10kFg/Cl7EjdKmjEzUIFG7RxRf9qu80CflXUHPqG24zlOmZ1SLAiLARoKCiO4O+Ks1fvMraLdIuTOFo2fV0rI3DVp54V4VYyAeG4IpzN2Nawf0uSTYuJztCgAOi/OiwwIK0415paJYEWvua7EdflBflYxwXsU3aufHhoSvg+zUpsWyXbva8JLEEAWOE0/g8W6p0jxVGnSqK6aff/o0xv+7EmoMKpwMUkiZigsc3zSlT9GCcV3YoCOhhV9aB//0H2tOHVA13NgtwCLxC5/QtcGbm5xmbVb0jCFe1NnEvABJqFWrXgDMP4Uqycwllsugo22h/2p1La+gVIpU6J1uiYwhaXFdteBBC4KPB+ODMlMS5/giFM4aGlKNugGFQXALBHrC0pEYwcobyId7iIkz2qMlSQEHQ3KrMwxglaR+eorLlphkDoUHUTs17MwCjfxUVVK/LWcLDEkinZYzoZomsAiLIWBn9NIqExOEO+h3p8lS2aU913Te2j78oWVWMVXsHrM8muUO4XrKOpH1klYsNa6DtV8qFnncYgdWvbHspqBFuBrBbmzFM0h0LtwFAVWKs8QFOIhh59wa2jPoUhd4kWri6X9ykTF+9bhi5t/H2IwWAYxW7lQZGiKiIEYD4gQNOjEDhtDH1wLKZDzXxujcDW7yRLNzHbHTdAw4qkqoTwSRpjODpjHPajwQltC3UBm3bvWzdAJfTV4n2ngJp6PjvBQG6yKle8BVPSNVdiupe30p0en06bZ5JVLJZ6qIrU8X7TOD0II1Wk0KbIdlAm5kZC0dhUmaFiO8ZwnTNXDlEfH0QUo7sYGDwFLieoI8WzKudtgV19/06r0AXvKTWkVujS9fo4Ou6CSNwBegSVL0SCud8l9IQKxJxiLu+osxIjNgnwrEB+YsqoIAnUTKF/MGGm7pesVYjVCoxlN1Hrxm0ms20crYTMvnFoEj7HviEVVBv/MJkd6rJCmLZIRkIOUSFqsOWx1FQzR6OlPn+ddJgaUMTYsqTPIMdrEYVlALSi3ARnC148mxQznvh5lCi76DSjSFula0bRZkFVg21OeKjVIn0SMNFiSnik65NJSFI9gnV/3wSXHx7Q/X2ZPjwY8ayTbLcDwogItAovn6UMMwYgOL23PKDjsej0wUzUBpnYZnzWpK5sgpQYrk3TuT3u5kcTpd/xodoIMQtgGcFRtdIFmC/sNk+MrTORn9QOfpEIG1j83FDCA0HbaMLkD6oj7SF9B11lwZmeMPVnbxdD+qfFUqwcOEGruMIr8ljGwmHyvManW5pGM6oXDY4uWOqQY2Pjet9ZITYPUCyQ00aItUKyGaInR1R2nfgYrrroajNZvLhbZh8bk+ug24tpM8sT4HUQRvZTPgOxV7IZGhB37I25WEfr6o5W33TCLk8bXTE0l25fOQnTWQxT/1gPYn2E742NjKG728ObQPc/jyO6ggijufr3OJKPdyY96yBOvj1L0JyNH0h9Ps4EwlspK5MDRpGuQeVQqjlc7nYmn5s8gmZW12UyyTgvjqLYKMfGJFibhWLQ6se4KCuPf6DsATpwWscZd/WtQxJa/p8e1tj6ZGiGsAkf/4sO7L6o0KziD6hq7UnDMGxiM5K6FcUv50TOrvj7AzBtPVvLC7ID3qEJZiksAwbDtnxFrelQOTTti9pIms0Yp9GSswyWWovaZ0mY6U4+Z8qMzIIzMP7HD8dI5MeZWt2MjuC0vGOHF2FdVtnunzUp2yNl9hMQN4IlopcZ85ajGQLfGd70f1k9+tjObzsIlQAZ3eXALm2hRCWU8IOklXuHn9H1V7N5OyfLUINoFaJcVVZ4l9vZslk1Rz5l291YsQMN/wON+lFW9IOKiAHihUKiA+NwfWwyKkZqX0SdEsMNN5YobC4PLUZt4q8p4H7sCe2/xLz/UlCvq8Q6pmhnyhkNPplGbIlTyvxim2r+7C2p2UwfQacDrB5py4hs944pI9JZLJaMkvOuJrqX6fjTpTZr3GPKeOPVklnshs2YTVazgWwcqySNuxJV5811e/48VSl2z5GoOszMfZZM1SpDdzdxeIPW6AeSZOqBybgcp87VA8pWvQEKoL6SefJIWWOc03IMtRWFrD/apsmHJ8zhk+buRYxxNJXbp+XuhKFyz6ANesrYuWPCKQF05QqKqoc+Q63zUnJcGUXn0TQTdIsaxgeNcnaXTlUnyo2nr1cpHn+HmpFtZr9KcQAXNRcZDa153l5xtMbWgT4VrBxdd5tH0lwh28XpTyTd0iX7m0Seuyr0/seu3i0TXv2wULul9e4E0yjxd3onXEF78MCW/16GOAf0ktLs+breeXumNTc39I5RXOIkye5I9OMQ+1cfvXMNLgPvQF6BG+NcKlSf9Z6c446ic9VR2xCJ24xu19HTaWQKUYcru3ct3eAyp1w0HQGwrdtEkLWruma8jFeg76zOfLM7KK1m9L+V+8ImBVkdEpeJPSkpesM5oVMu95rgaTd/fZGyOqdKlt9aLj6QisJlBMfaKtPPJ2kEPj4qc8JugmUbmLhEGEoBC2rLKTbcdZaBLknptinndQ6Ykjs+TAthdxQzIOXREBpFhoWdBq6DclfdshCsFsmr7P6DRANmvfMc3NNoNvOitAk8tHlSD8Ax4RQPQIZNzGwgYJewQm+asMojHXkKAL6miZtxOX0JDj6afAFBuvbFhwHnjTb0x5w7+o8QDf6e8SyxsKeVmLd3goOyEYrHvcNRaNc3vuYiPF0uwou45qXfCpFqYu5LIaMyEFx0GaMVxmQjyNCmX5NYxXpGbVJajrmZZzEh6UrtN6ORrb8NZIoorT5S3g7yOAJG2xnB7D6BZB4KywaoeSTJcjZKQ+AFbf5/l5d/+d8/vv92+T+Xl0t0efnHy8s/Xf3pz3/weoeWOWZEsdmsDdyoTk9dHOM/761lVz2icdjzPQtHGKcTV/GGcXb4k+z233/9a6cj/qR19B5PK8SZcTEcDyoZS/Mvco3oRbTXT+pF+GYd70roTqbHaBRJCVc68S3OpjHBvXzyTWxCnvfdGvOGve6mvPb2X0H3hlugvvUGbcIPy/JjjQuyzCabZ2LvVF59a/PEf41T9kCf/vqbYD79Cbd2c9TfFui8o6bu3pW5nw18wIvCzA0TD884to6x77+wubqXMb7QF19e1GmWL4GieX6v1w7rLt9YK4yvsDqDcuwrTojnt9PG3nHxvhrys/BbHPlt09XG1xc+RgjjbMlPkZl/OEOk5elfyhghxE7E55Vjv0zaxcgpmvIme7PhmYyDFE8XbRjd2oeVhOEQlydtowEB5hN1g+3d+rwXYS+oXFD1qRQv+LtxFMooLvME71FeF3lWkvIbryvhvxnrSBFybcftywxzaDEx1xcU1n2pwSJ18R4pTCT5rhNB9uZNPE3S50ibRSPT80aNOjLXp/JSq0/faBNa3aNGXC4+f5uqxz/utfubCIvpflhudyCGJ30FT3agalv2YCjgVlmb1HbfQ4lqniFgOj1NjXnUJWt6Uvm1wdtwjkBAQdl9gWHCjtmNHpnT9RuzHTykbaHyok1L3Ae4Akpc1xV5lYbFXu5pDT8GmhUzjz9+zDlaG7l10D+Q/WSvXDPHFN/8Nk9/5eMOccqFSdq+SdLQiD0wHqcf/lmDApEZtVJFtb686q7fkXh7Uw300Km0t2SZ0VdvEbDP2dQjCiOmz5qA03e950ZVC9I3gU0k2/oz1ptjXqf2ckFz0MG15XUdWx9Tv7Q0ypSRjT3YrlOtZHtwAWyGWZVm/uk5isYA71hxjypShFfB9rhdqLEaqMumfRM8ppWui/7z2urKYj6Dxd7RJgaECmkQbYs+No3549N0aDAhO2SFOk1Um9MhOkQ7n/stWUeHAUzhfFSKEpsKJDMK4LdoaIDOol+EouexaUTnJfkUl5X5qYCuI+x6qWq4B6XIyGx+VDvmF+hNfX3f1fowpMFGvzePTj/oGPXc63Tvbuirr7P4a4ouG+C1He6SOZKRZOStyUOaTVnpeUO/d1U1e6B6nnygTpaPV/Bnfwh2rIxbUJ9PvLuCMOmiS2VlDirutIbaNGKRu+ZMQXJYoebdBeHk25jJml/AvEfrvLxOWlO6jzbcB/CmD7DJJZjvg1Sms6R1ws73/RkC9hNvYYtZ3Q97iEJEIjr3tGaKRaRIHRdRD4WkYEss0N0NqGgkpQvWtCCNmgLPWO0Gxjn/VM43Wijjuo6TiK+sEoyIsh2OUzUWYSVUc2Gs+QhPG2Dgd21ppOEGZoDfshm/Csu68p+85XFbxwvOui3Evd2OLy67rYbcNWatwQ56xFvGV/03iwW1pl0qZnRiH+fQ8Rh5qVjAsPrSLv53bEj7hf/5jMhxn6mSX+g7/H6lQ3k2suY59ezjrZhGdKvMZmAOfGxcAmFGCmgN0q52Bk+Sc/N5X+vV1e6BjNjo5RdwydfOD9MUWieINjX6NeyxnzYC84VdSn9aF3zk2ynzqc8JvOr0uocpRemKjw==\",\"dqWHP6Ex/MUV2vrZrSBhPE6zgphxeLgVJGD4agU9kRxrnzB+qVYQ462pci62V8P0OWflyGoduBHQ3OAvgjNfknlk5ww75ypLMu1pNzsD2Bl92oNuHT960FYgNSgN0fD+qPHlH2FrwF0nv4F2wIYhRGvahjEA0ZF7RxuUGERpMSl/7ezlvHJ2EFFdOE2i5NkoG8aynk006hEoa4SrGmifgXG7iI4id08Wll0/WUKd8mlwT4xTiWqyKGdU4E21/Pb7I9FQjUPK4aYd/MinuJUQphxwSDaVmgylbLgDsqHYxPzQZOD3hCZc7HMKjje5RUloUY5fkz2SnwdGbbD2GfNbOAV1p3we593/SKXleI6DMlvqBBvuC8yaeFF5D8rZpLZ8v7eUheajIEO/oTA1UeHgoN9MgRSb6Er6HZiu0LNFys3GfTVYvxw59RSw3Rw3WRIxHvIfx9VFIrs1h5gU4+a8zZYKPGyf0+5ZHrLbDTuc4t9DrTB9Xd8EZl2KE+wUaS1Rh+6egw5tggZO+ViZY69NQT1khS3Bah3JM+6mGd1mmdYANU1VKz8BHwrgSTOMRelNjYm7l3Se7df8nEnYF4xfhwdE4VUOt2ZQl3JVSvopg538xCbLdbreM/5RiMBWKVffUQmZy1CDHrBmqoqcTaZ23GmqbuTZBxbUQQblrrqsF6nPI/amFNh5bJ8GTHU0D7drFMYZaN2Mj0i9wMzM0eGxOVMyFTady8B5cSZM50GJIWmXLrJ87uaMipjY6oenSw24YzcgDDHz4ZQtXV1B8kyaJ4/0/Pt8ZyrPIRnKC/nPdPp5Ni3k5M/+5ZmUTFnTHZCOVVrMpK9vsjxBpuzwRKbhWvrRuPGgLFkwy18BwznCIm/PEKvdo3Vk2DMiLdLGYhsS8UuJp+42cZT/lIXNlT17/TZOfykSV/05f2B9bVNqi4DeH7WVZ3EUOrrkoFXcdesoP45wDnzibHLebDDW6rfxlprSJ0BEd5tcuDux/B6eaUT7KVdKwvhrrYM/eFmtyxC6xA72xOgNcxADYn8V77Vy5Uy27CpCdIdLFBaEOZQ0DOh3IC/kMIN27l6434GQW73ICxXkW9FqGGTvmtYTgavj9kynY12vkajq/+yaf/3Vkcy1H/b9u5rLs+fhPxa4mWBc9USq9Be83Gc5FSmrM4lVlp4wLqMgb5Psmn59gkoNtAlWNKueEoztUdDz6AjRCsRpcKlMU5FP1dFv+BbzKqaG0jcER/q4+mDbIstu94h8orHpdixezIeQX500QPubPhQrtI7wSx650HvP/70yh+pF7V2zr1nG5f+MHpV+1GDcYuCUfZUDDRz8lCRkfpA9BP5u2CLNc3FCjN7GUXEa3mRFoJ0TqlFVIQcUIvj1lguiESCVrbpahy6H9kV2oUpouaZbqBzA2OS2S6MNUEZpReSY1U1B4I/v4dddBjCLSy46LUtCjywcQlNlhX1B7h/m5nWTK4VU8xGQUzA7qyAOtvoXgjYcuhZO0rtg16G1UsNN3L7hTOS7OOoK/sq7VeljOywUh4+ukNlOSvl12omEHSj3PmIK3bz4bsGmtOho7zoNJtz0/de/PBetcnmmFZqDUZ+GjCrNLJbL1cP/A/+CZaVspgAA\"]" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/openidm", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=utf-8" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/openidm; Secure; HttpOnly" + }, + { + "name": "vary", + "value": "Accept-Encoding, Origin" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "DENY" + }, + { + "name": "content-encoding", + "value": "gzip" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 685, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.280Z", + "time": 44, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 44 + } + }, + { + "_id": "f290f9b5fc4c3f78c01d5c74c585f010", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 42604, + "cookies": [], + "headers": [ + { + "name": "accept", + "value": "application/json, text/plain, */*" + }, + { + "name": "content-type", + "value": "application/json" + }, + { + "name": "user-agent", + "value": "@rockcarver/frodo-lib/4.0.0-33" + }, + { + "name": "x-forgerock-transactionid", + "value": "frodo-0e96d5e7-cfeb-4cba-baee-0431f5b05225" + }, + { + "name": "authorization", + "value": "Bearer " + }, + { + "name": "content-length", + "value": "42604" + }, + { + "name": "accept-encoding", + "value": "gzip, compress, deflate, br" + }, + { + "name": "host", + "value": "openam-frodo-dev.forgeblocks.com" + } + ], + "headersSize": 412, + "httpVersion": "HTTP/1.1", + "method": "PUT", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"_id\":\"managed\",\"objects\":[{\"lastSync\":{\"effectiveAssignmentsProperty\":\"effectiveAssignments\",\"lastSyncProperty\":\"lastSync\"},\"meta\":{\"property\":\"_meta\",\"resourceCollection\":\"internal/usermeta\",\"trackedProperties\":[\"createDate\",\"lastChanged\"]},\"name\":\"user\",\"notifications\":{},\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-user\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User\",\"mat-icon\":\"people\",\"order\":[\"_id\",\"userName\",\"password\",\"givenName\",\"cn\",\"sn\",\"mail\",\"profileImage\",\"description\",\"accountStatus\",\"telephoneNumber\",\"postalAddress\",\"city\",\"postalCode\",\"country\",\"stateProvince\",\"assignedDashboard\",\"roles\",\"assignments\",\"groups\",\"applications\",\"manager\",\"authzRoles\",\"reports\",\"effectiveRoles\",\"effectiveAssignments\",\"effectiveGroups\",\"effectiveApplications\",\"lastSync\",\"kbaInfo\",\"preferences\",\"consentedMappings\",\"ownerOfOrg\",\"adminOfOrg\",\"memberOfOrg\",\"memberOfOrgIDs\",\"activeDate\",\"inactiveDate\",\"ownerOfApp\",\"passwordLastChangedTime\",\"passwordExpirationTime\",\"devicePrintProfiles\",\"deviceProfiles\",\"oathDeviceProfiles\",\"pushDeviceProfiles\",\"webauthnDeviceProfiles\"],\"properties\":{\"_id\":{\"description\":\"User ID\",\"isPersonal\":false,\"policies\":[{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"}],\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"accountStatus\":{\"default\":\"active\",\"description\":\"Status\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Status\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"activeDate\":{\"description\":\"Active Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Active Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"adminOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"admins\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Administer\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"aliasList\":{\"description\":\"List of identity aliases used primarily to record social IdP subjects for this user\",\"isVirtual\":false,\"items\":{\"title\":\"User Alias Names Items\",\"type\":\"string\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"User Alias Names List\",\"type\":\"array\",\"userEditable\":true,\"viewable\":false},\"applications\":{\"description\":\"Applications\",\"isPersonal\":false,\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Application Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"assignedDashboard\":{\"description\":\"List of items to click on for this user\",\"isVirtual\":true,\"items\":{\"title\":\"Assigned Dashboard Items\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"searchable\":false,\"title\":\"Assigned Dashboard\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"assignments\":{\"description\":\"Assignments\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"authzRoles\":{\"description\":\"Authorization Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Authorization Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Internal Role\",\"path\":\"internal/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"authzMembers\",\"reverseRelationship\":true,\"title\":\"Authorization Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Authorization Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"city\":{\"description\":\"City\",\"isPersonal\":false,\"title\":\"City\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"cn\":{\"default\":\"{{givenName}} {{sn}}\",\"description\":\"Common Name\",\"isPersonal\":true,\"scope\":\"private\",\"searchable\":false,\"title\":\"Common Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"consentedMappings\":{\"description\":\"Consented Mappings\",\"isPersonal\":false,\"isVirtual\":false,\"items\":{\"items\":{\"order\":[\"mapping\",\"consentDate\"],\"properties\":{\"consentDate\":{\"description\":\"Consent Date\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Consent Date\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mapping\":{\"description\":\"Mapping\",\"searchable\":false,\"title\":\"Mapping\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"mapping\",\"consentDate\"],\"title\":\"Consented Mappings Item\",\"type\":\"object\"},\"title\":\"Consented Mappings Items\",\"type\":\"array\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Consented Mappings\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"country\":{\"description\":\"Country\",\"isPersonal\":false,\"title\":\"Country\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"description\":{\"description\":\"Description\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Description\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"devicePrintProfiles\":{\"description\":\"Device Print Profiles Information\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Print Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"deviceProfiles\":{\"description\":\"Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"effectiveApplications\":{\"description\":\"Effective Applications\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Application Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"returnByDefault\":true,\"title\":\"Effective Applications\",\"type\":\"array\",\"viewable\":false},\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"*\"],\"referencedRelationshipFields\":[[\"roles\",\"assignments\"],[\"assignments\"]]},\"returnByDefault\":true,\"title\":\"Effective Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveGroups\":{\"description\":\"Effective Groups\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Groups Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"groups\"]},\"returnByDefault\":true,\"title\":\"Effective Groups\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveRoles\":{\"description\":\"Effective Roles\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Roles Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"roles\"]},\"returnByDefault\":true,\"title\":\"Effective Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"givenName\":{\"description\":\"First Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"First Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"groups\":{\"description\":\"Groups\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Groups Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Group\",\"path\":\"managed/group\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Groups Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":false,\"returnByDefault\":false,\"title\":\"Group\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"inactiveDate\":{\"description\":\"Inactive Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Inactive Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"kbaInfo\":{\"description\":\"KBA Info\",\"isPersonal\":true,\"items\":{\"order\":[\"answer\",\"customQuestion\",\"questionId\"],\"properties\":{\"answer\":{\"description\":\"Answer\",\"type\":\"string\"},\"customQuestion\":{\"description\":\"Custom question\",\"type\":\"string\"},\"questionId\":{\"description\":\"Question ID\",\"type\":\"string\"}},\"required\":[],\"title\":\"KBA Info Items\",\"type\":\"object\"},\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"lastSync\":{\"description\":\"Last Sync timestamp\",\"isPersonal\":false,\"order\":[\"effectiveAssignments\",\"timestamp\"],\"properties\":{\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"title\":\"Effective Assignments\",\"type\":\"array\"},\"timestamp\":{\"description\":\"Timestamp\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"type\":\"string\"}},\"required\":[],\"scope\":\"private\",\"searchable\":false,\"title\":\"Last Sync timestamp\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"mail\":{\"description\":\"Email Address\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-email-address-format\"}],\"searchable\":true,\"title\":\"Email Address\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"manager\":{\"description\":\"Manager\",\"isPersonal\":false,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Manager _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"reports\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Manager\",\"type\":\"relationship\",\"usageDescription\":\"\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"memberOfOrg\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":false,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations to which I Belong\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"memberOfOrgIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"org identifiers\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"memberOfOrg\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"MemberOfOrgIDs\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"oathDeviceProfiles\":{\"description\":\"Oath Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Oath Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"ownerOfApp\":{\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Applications I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ownerOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"password\":{\"description\":\"Password\",\"isPersonal\":false,\"isProtected\":true,\"policies\":[{\"params\":{\"minLength\":8},\"policyId\":\"minimum-length\"},{\"params\":{\"numCaps\":1},\"policyId\":\"at-least-X-capitals\"},{\"params\":{\"numNums\":1},\"policyId\":\"at-least-X-numbers\"},{\"params\":{\"disallowedFields\":[\"userName\",\"givenName\",\"sn\"]},\"policyId\":\"cannot-contain-others\"}],\"scope\":\"private\",\"searchable\":false,\"title\":\"Password\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"passwordExpirationTime\":{\"description\":\"Password Expiration Time\",\"searchable\":true,\"title\":\"Password Expiration Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"passwordLastChangedTime\":{\"description\":\"Password Last Changed Time\",\"searchable\":true,\"title\":\"Password Last Changed Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"postalAddress\":{\"description\":\"Address 1\",\"isPersonal\":true,\"title\":\"Address 1\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"postalCode\":{\"description\":\"Postal Code\",\"isPersonal\":false,\"title\":\"Postal Code\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"preferences\":{\"description\":\"Preferences\",\"isPersonal\":false,\"order\":[\"updates\",\"marketing\"],\"properties\":{\"marketing\":{\"description\":\"Send me special offers and services\",\"type\":\"boolean\"},\"updates\":{\"description\":\"Send me news and updates\",\"type\":\"boolean\"}},\"required\":[],\"searchable\":false,\"title\":\"Preferences\",\"type\":\"object\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"profileImage\":{\"description\":\"Profile Image\",\"isPersonal\":true,\"searchable\":false,\"title\":\"Profile Image\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"pushDeviceProfiles\":{\"description\":\"Push Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Push Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"reports\":{\"description\":\"Direct Reports\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Direct Reports Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"manager\",\"reverseRelationship\":true,\"title\":\"Direct Reports Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Direct Reports\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Provisioning Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Role\",\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Provisioning Roles Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Provisioning Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"sn\":{\"description\":\"Last Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"Last Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"stateProvince\":{\"description\":\"State/Province\",\"isPersonal\":false,\"title\":\"State/Province\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"telephoneNumber\":{\"description\":\"Telephone Number\",\"isPersonal\":true,\"pattern\":\"^\\\\+?([0-9\\\\- \\\\(\\\\)])*$\",\"searchable\":true,\"title\":\"Telephone Number\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"userName\":{\"description\":\"Username\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-username\"},{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"},{\"params\":{\"minLength\":1},\"policyId\":\"minimum-length\"},{\"params\":{\"maxLength\":255},\"policyId\":\"maximum-length\"}],\"searchable\":true,\"title\":\"Username\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"webauthnDeviceProfiles\":{\"description\":\"Web AuthN Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Web AuthN Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"userName\",\"givenName\",\"sn\",\"mail\"],\"title\":\"User\",\"type\":\"object\",\"viewable\":true}},{\"name\":\"role\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"\",\"icon\":\"fa-check-square-o\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role\",\"mat-icon\":\"assignment_ind\",\"order\":[\"_id\",\"name\",\"description\",\"members\",\"assignments\",\"applications\",\"condition\",\"temporalConstraints\"],\"properties\":{\"_id\":{\"description\":\"Role ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"applications\":{\"description\":\"Role Applications\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Application Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"viewable\":false},\"assignments\":{\"description\":\"Managed Assignments\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Assignments Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Managed Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"returnByDefault\":false,\"title\":\"Managed Assignments\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this role\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The role description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Role Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Role Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Members Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Role Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The role name, used for display purposes.\",\"policies\":[{\"policyId\":\"unique\"}],\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"temporalConstraints\":{\"description\":\"An array of temporal constraints for a role\",\"isTemporalConstraint\":true,\"items\":{\"order\":[\"duration\"],\"properties\":{\"duration\":{\"description\":\"Duration\",\"type\":\"string\"}},\"required\":[\"duration\"],\"title\":\"Temporal Constraints Items\",\"type\":\"object\"},\"notifyRelationships\":[\"members\"],\"returnByDefault\":true,\"title\":\"Temporal Constraints\",\"type\":\"array\",\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Role\",\"type\":\"object\"}},{\"attributeEncryption\":{},\"name\":\"assignment\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"A role assignment\",\"icon\":\"fa-key\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment\",\"mat-icon\":\"vpn_key\",\"order\":[\"_id\",\"name\",\"description\",\"type\",\"mapping\",\"attributes\",\"linkQualifiers\",\"roles\",\"members\",\"condition\",\"weight\"],\"properties\":{\"_id\":{\"description\":\"The assignment ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"attributes\":{\"description\":\"The attributes operated on by this assignment.\",\"items\":{\"order\":[\"assignmentOperation\",\"unassignmentOperation\",\"name\",\"value\"],\"properties\":{\"assignmentOperation\":{\"description\":\"Assignment operation\",\"type\":\"string\"},\"name\":{\"description\":\"Name\",\"type\":\"string\"},\"unassignmentOperation\":{\"description\":\"Unassignment operation\",\"type\":\"string\"},\"value\":{\"description\":\"Value\",\"type\":\"string\"}},\"required\":[],\"title\":\"Assignment Attributes Items\",\"type\":\"object\"},\"notifyRelationships\":[\"roles\",\"members\"],\"title\":\"Assignment Attributes\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this assignment\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The assignment description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"linkQualifiers\":{\"description\":\"Conditional link qualifiers to restrict this assignment to.\",\"items\":{\"title\":\"Link Qualifiers Items\",\"type\":\"string\"},\"title\":\"Link Qualifiers\",\"type\":\"array\",\"viewable\":true},\"mapping\":{\"description\":\"The name of the mapping this assignment applies to\",\"policies\":[{\"policyId\":\"mapping-exists\"}],\"searchable\":true,\"title\":\"Mapping\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Assignment Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Assignment Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Assignment Members Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignment Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The assignment name, used for display purposes.\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"roles\":{\"description\":\"Managed Roles\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Managed Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Managed Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"type\":{\"description\":\"The type of object this assignment represents\",\"title\":\"Type\",\"type\":\"string\",\"viewable\":true},\"weight\":{\"description\":\"The weight of the assignment.\",\"notifyRelationships\":[\"roles\",\"members\"],\"searchable\":false,\"title\":\"Weight\",\"type\":[\"number\",\"null\"],\"viewable\":true}},\"required\":[\"name\",\"description\",\"mapping\"],\"title\":\"Assignment\",\"type\":\"object\"}},{\"name\":\"organization\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"An organization or tenant, whose resources are managed by organizational admins.\",\"icon\":\"fa-building\",\"mat-icon\":\"domain\",\"order\":[\"name\",\"description\",\"owners\",\"admins\",\"members\",\"parent\",\"children\",\"adminIDs\",\"ownerIDs\",\"parentAdminIDs\",\"parentOwnerIDs\",\"parentIDs\"],\"properties\":{\"adminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"admin ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"admins\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Admin user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"admins\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"adminOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Administrators\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"children\":{\"description\":\"Child Organizations\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"parent\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Child Organizations\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"description\":{\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"members\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"memberOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"ownerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"owner ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"owners\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Owner user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"owners\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"ownerOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owner\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"parent\":{\"description\":\"Parent Organization\",\"notifyRelationships\":[\"children\",\"members\"],\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"returnByDefault\":false,\"reversePropertyName\":\"children\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Parent Organization\",\"type\":\"relationship\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"parentAdminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent admins\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"adminIDs\",\"parentAdminIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent admins\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"parent org ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"parent org ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentOwnerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent owners\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"ownerIDs\",\"parentOwnerIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Organization\",\"type\":\"object\"}},{\"name\":\"group\",\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-group\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group\",\"mat-icon\":\"group\",\"order\":[\"_id\",\"name\",\"description\",\"condition\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Group ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"condition\":{\"description\":\"A filter for conditionally assigned members\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"Group Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"members\":{\"description\":\"Group Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Group Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"groups\",\"reverseRelationship\":true,\"title\":\"Group Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Group Name\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Group\",\"viewable\":true}},{\"name\":\"application\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"icon\":\"fa-folder\",\"order\":[\"name\",\"description\",\"url\",\"icon\",\"mappingNames\",\"owners\",\"roles\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Application ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"authoritative\":{\"description\":\"Is this an authoritative application\",\"searchable\":false,\"title\":\"Authoritative\",\"type\":\"boolean\",\"viewable\":false},\"connectorId\":{\"description\":\"Id of the connector associated with the application\",\"searchable\":false,\"title\":\"Connector ID\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"description\":{\"description\":\"Application Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"icon\":{\"searchable\":true,\"title\":\"Icon\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mappingNames\":{\"description\":\"Names of the sync mappings used by an application with provisioning configured.\",\"items\":{\"title\":\"Mapping Name Items\",\"type\":\"string\"},\"searchable\":true,\"title\":\"Sync Mapping Names\",\"type\":\"array\",\"viewable\":true},\"members\":{\"description\":\"Members directly granted an application\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items\",\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Application Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"title\":\"Application Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Application name\",\"notifyRelationships\":[\"roles\",\"members\"],\"policies\":[{\"policyId\":\"unique\"}],\"returnByDefault\":true,\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"owners\":{\"description\":\"Application Owners\",\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"ownerOfApp\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Roles granting users the application\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ssoEntities\":{\"description\":\"SSO Entity Id\",\"properties\":{\"domain\":{\"type\":\"string\"},\"federatedDomain\":{\"type\":\"string\"},\"idpLocation\":{\"type\":\"string\"},\"idpLoginUrl\":{\"type\":\"string\"},\"idpPrivateId\":{\"type\":\"string\"},\"key\":{\"type\":\"string\"},\"oidcId\":{\"type\":\"string\"},\"pfApcId\":{\"type\":\"string\"},\"pfIdpAdapterId\":{\"type\":\"string\"},\"pfPolicyId\":{\"type\":\"string\"},\"pfSigningCertId\":{\"type\":\"string\"},\"pfSpConnectionId\":{\"type\":\"string\"},\"spLocation\":{\"type\":\"string\"},\"spPrivate\":{\"type\":\"string\"},\"spPrivateId\":{\"type\":\"string\"}},\"searchable\":false,\"title\":\"SSO Entity Id\",\"type\":\"object\",\"userEditable\":false,\"viewable\":false},\"templateName\":{\"description\":\"Name of the template the application was created from\",\"searchable\":false,\"title\":\"Template Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"templateVersion\":{\"description\":\"The template version\",\"searchable\":false,\"title\":\"Template Version\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"uiConfig\":{\"description\":\"UI Config\",\"isPersonal\":false,\"properties\":{},\"searchable\":false,\"title\":\"UI Config\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"url\":{\"searchable\":true,\"title\":\"Url\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Application\",\"type\":\"object\"}},{\"name\":\"testObject\",\"onCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// test script\\n\"},\"onRead\":{\"globals\":{},\"source\":\"//groovy export\",\"type\":\"groovy\"},\"onSync\":{\"globals\":{\"test\":8},\"source\":\"//test\",\"type\":\"groovy\"},\"onUpdate\":{\"globals\":{\"test\":[\"test\"]},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// another test\\n\"},\"postDelete\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postUpdate\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"test\",\"icon\":\"fa-anchor\",\"mat-icon\":\"\",\"order\":[\"testObj\",\"testString\"],\"properties\":{\"testObj\":{\"description\":null,\"isVirtual\":false,\"nullable\":false,\"onRetrieve\":{\"globals\":{\"four\":false,\"one\":null,\"three\":3,\"two\":\"number\"},\"source\":\"//second\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":{}},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":null},\"source\":\"//groovy script test\",\"type\":\"groovy\"},\"order\":[\"testObject\",\"testString\"],\"properties\":{\"testObject\":{\"description\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"text/javascript\"},\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"order\":[],\"properties\":{},\"required\":[],\"searchable\":false,\"title\":\"test\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":[\"test\",1,false]},\"source\":\"//test\",\"type\":\"text/javascript\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"searchable\":false,\"title\":\"TestObj\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"title\":\"Test\",\"type\":\"object\"}}]}" + }, + "queryString": [], + "url": "https://platform.dev.trivir.com/openidm/config/managed" + }, + "response": { + "bodySize": 42604, + "content": { + "mimeType": "application/json;charset=utf-8", + "size": 42604, + "text": "{\"_id\":\"managed\",\"objects\":[{\"lastSync\":{\"effectiveAssignmentsProperty\":\"effectiveAssignments\",\"lastSyncProperty\":\"lastSync\"},\"meta\":{\"property\":\"_meta\",\"resourceCollection\":\"internal/usermeta\",\"trackedProperties\":[\"createDate\",\"lastChanged\"]},\"name\":\"user\",\"notifications\":{},\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-user\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User\",\"mat-icon\":\"people\",\"order\":[\"_id\",\"userName\",\"password\",\"givenName\",\"cn\",\"sn\",\"mail\",\"profileImage\",\"description\",\"accountStatus\",\"telephoneNumber\",\"postalAddress\",\"city\",\"postalCode\",\"country\",\"stateProvince\",\"assignedDashboard\",\"roles\",\"assignments\",\"groups\",\"applications\",\"manager\",\"authzRoles\",\"reports\",\"effectiveRoles\",\"effectiveAssignments\",\"effectiveGroups\",\"effectiveApplications\",\"lastSync\",\"kbaInfo\",\"preferences\",\"consentedMappings\",\"ownerOfOrg\",\"adminOfOrg\",\"memberOfOrg\",\"memberOfOrgIDs\",\"activeDate\",\"inactiveDate\",\"ownerOfApp\",\"passwordLastChangedTime\",\"passwordExpirationTime\",\"devicePrintProfiles\",\"deviceProfiles\",\"oathDeviceProfiles\",\"pushDeviceProfiles\",\"webauthnDeviceProfiles\"],\"properties\":{\"_id\":{\"description\":\"User ID\",\"isPersonal\":false,\"policies\":[{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"}],\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"accountStatus\":{\"default\":\"active\",\"description\":\"Status\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Status\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"activeDate\":{\"description\":\"Active Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Active Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"adminOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"admins\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Administer\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"aliasList\":{\"description\":\"List of identity aliases used primarily to record social IdP subjects for this user\",\"isVirtual\":false,\"items\":{\"title\":\"User Alias Names Items\",\"type\":\"string\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"User Alias Names List\",\"type\":\"array\",\"userEditable\":true,\"viewable\":false},\"applications\":{\"description\":\"Applications\",\"isPersonal\":false,\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Application Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"assignedDashboard\":{\"description\":\"List of items to click on for this user\",\"isVirtual\":true,\"items\":{\"title\":\"Assigned Dashboard Items\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"searchable\":false,\"title\":\"Assigned Dashboard\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"assignments\":{\"description\":\"Assignments\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"authzRoles\":{\"description\":\"Authorization Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Authorization Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Internal Role\",\"path\":\"internal/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"authzMembers\",\"reverseRelationship\":true,\"title\":\"Authorization Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Authorization Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"city\":{\"description\":\"City\",\"isPersonal\":false,\"title\":\"City\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"cn\":{\"default\":\"{{givenName}} {{sn}}\",\"description\":\"Common Name\",\"isPersonal\":true,\"scope\":\"private\",\"searchable\":false,\"title\":\"Common Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"consentedMappings\":{\"description\":\"Consented Mappings\",\"isPersonal\":false,\"isVirtual\":false,\"items\":{\"items\":{\"order\":[\"mapping\",\"consentDate\"],\"properties\":{\"consentDate\":{\"description\":\"Consent Date\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Consent Date\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mapping\":{\"description\":\"Mapping\",\"searchable\":false,\"title\":\"Mapping\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"mapping\",\"consentDate\"],\"title\":\"Consented Mappings Item\",\"type\":\"object\"},\"title\":\"Consented Mappings Items\",\"type\":\"array\"},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Consented Mappings\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"country\":{\"description\":\"Country\",\"isPersonal\":false,\"title\":\"Country\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"description\":{\"description\":\"Description\",\"isPersonal\":false,\"searchable\":false,\"title\":\"Description\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"devicePrintProfiles\":{\"description\":\"Device Print Profiles Information\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Print Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"deviceProfiles\":{\"description\":\"Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"effectiveApplications\":{\"description\":\"Effective Applications\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Application Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"name\"],\"referencedRelationshipFields\":[[\"roles\",\"applications\"],[\"applications\"]]},\"returnByDefault\":true,\"title\":\"Effective Applications\",\"type\":\"array\",\"viewable\":false},\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedObjectFields\":[\"*\"],\"referencedRelationshipFields\":[[\"roles\",\"assignments\"],[\"assignments\"]]},\"returnByDefault\":true,\"title\":\"Effective Assignments\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveGroups\":{\"description\":\"Effective Groups\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Groups Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"groups\"]},\"returnByDefault\":true,\"title\":\"Effective Groups\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"effectiveRoles\":{\"description\":\"Effective Roles\",\"isPersonal\":false,\"isVirtual\":true,\"items\":{\"title\":\"Effective Roles Items\",\"type\":\"object\"},\"queryConfig\":{\"referencedRelationshipFields\":[\"roles\"]},\"returnByDefault\":true,\"title\":\"Effective Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"viewable\":false},\"givenName\":{\"description\":\"First Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"First Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"groups\":{\"description\":\"Groups\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Groups Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Group\",\"path\":\"managed/group\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Groups Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":false,\"returnByDefault\":false,\"title\":\"Group\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"inactiveDate\":{\"description\":\"Inactive Date\",\"format\":\"datetime\",\"isPersonal\":false,\"policies\":[{\"policyId\":\"valid-datetime\"}],\"searchable\":false,\"title\":\"Inactive Date\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"kbaInfo\":{\"description\":\"KBA Info\",\"isPersonal\":true,\"items\":{\"order\":[\"answer\",\"customQuestion\",\"questionId\"],\"properties\":{\"answer\":{\"description\":\"Answer\",\"type\":\"string\"},\"customQuestion\":{\"description\":\"Custom question\",\"type\":\"string\"},\"questionId\":{\"description\":\"Question ID\",\"type\":\"string\"}},\"required\":[],\"title\":\"KBA Info Items\",\"type\":\"object\"},\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"lastSync\":{\"description\":\"Last Sync timestamp\",\"isPersonal\":false,\"order\":[\"effectiveAssignments\",\"timestamp\"],\"properties\":{\"effectiveAssignments\":{\"description\":\"Effective Assignments\",\"items\":{\"title\":\"Effective Assignments Items\",\"type\":\"object\"},\"title\":\"Effective Assignments\",\"type\":\"array\"},\"timestamp\":{\"description\":\"Timestamp\",\"format\":\"datetime\",\"policies\":[{\"policyId\":\"valid-datetime\"}],\"type\":\"string\"}},\"required\":[],\"scope\":\"private\",\"searchable\":false,\"title\":\"Last Sync timestamp\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"mail\":{\"description\":\"Email Address\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-email-address-format\"}],\"searchable\":true,\"title\":\"Email Address\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"manager\":{\"description\":\"Manager\",\"isPersonal\":false,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Manager _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"reports\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Manager\",\"type\":\"relationship\",\"usageDescription\":\"\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"memberOfOrg\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":false,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations to which I Belong\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"memberOfOrgIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"org identifiers\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"memberOfOrg\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"MemberOfOrgIDs\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"oathDeviceProfiles\":{\"description\":\"Oath Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Oath Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"ownerOfApp\":{\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[\"name\"]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Applications I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ownerOfOrg\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"owners\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Organizations I Own\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"password\":{\"description\":\"Password\",\"isPersonal\":false,\"isProtected\":true,\"policies\":[{\"params\":{\"minLength\":8},\"policyId\":\"minimum-length\"},{\"params\":{\"numCaps\":1},\"policyId\":\"at-least-X-capitals\"},{\"params\":{\"numNums\":1},\"policyId\":\"at-least-X-numbers\"},{\"params\":{\"disallowedFields\":[\"userName\",\"givenName\",\"sn\"]},\"policyId\":\"cannot-contain-others\"}],\"scope\":\"private\",\"searchable\":false,\"title\":\"Password\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"passwordExpirationTime\":{\"description\":\"Password Expiration Time\",\"searchable\":true,\"title\":\"Password Expiration Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"passwordLastChangedTime\":{\"description\":\"Password Last Changed Time\",\"searchable\":true,\"title\":\"Password Last Changed Time\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"postalAddress\":{\"description\":\"Address 1\",\"isPersonal\":true,\"title\":\"Address 1\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"postalCode\":{\"description\":\"Postal Code\",\"isPersonal\":false,\"title\":\"Postal Code\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"preferences\":{\"description\":\"Preferences\",\"isPersonal\":false,\"order\":[\"updates\",\"marketing\"],\"properties\":{\"marketing\":{\"description\":\"Send me special offers and services\",\"type\":\"boolean\"},\"updates\":{\"description\":\"Send me news and updates\",\"type\":\"boolean\"}},\"required\":[],\"searchable\":false,\"title\":\"Preferences\",\"type\":\"object\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"profileImage\":{\"description\":\"Profile Image\",\"isPersonal\":true,\"searchable\":false,\"title\":\"Profile Image\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":false},\"pushDeviceProfiles\":{\"description\":\"Push Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Push Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true},\"reports\":{\"description\":\"Direct Reports\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Direct Reports Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"manager\",\"reverseRelationship\":true,\"title\":\"Direct Reports Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Direct Reports\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Provisioning Roles\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles\",\"isPersonal\":false,\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Provisioning Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociationField\":\"condition\",\"label\":\"Role\",\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"members\",\"reverseRelationship\":true,\"title\":\"Provisioning Roles Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Provisioning Roles\",\"type\":\"array\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":true},\"sn\":{\"description\":\"Last Name\",\"isPersonal\":true,\"searchable\":true,\"title\":\"Last Name\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"stateProvince\":{\"description\":\"State/Province\",\"isPersonal\":false,\"title\":\"State/Province\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"telephoneNumber\":{\"description\":\"Telephone Number\",\"isPersonal\":true,\"pattern\":\"^\\\\+?([0-9\\\\- \\\\(\\\\)])*$\",\"searchable\":true,\"title\":\"Telephone Number\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"userName\":{\"description\":\"Username\",\"isPersonal\":true,\"policies\":[{\"policyId\":\"valid-username\"},{\"params\":{\"forbiddenChars\":[\"/\"]},\"policyId\":\"cannot-contain-characters\"},{\"params\":{\"minLength\":1},\"policyId\":\"minimum-length\"},{\"params\":{\"maxLength\":255},\"policyId\":\"maximum-length\"}],\"searchable\":true,\"title\":\"Username\",\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":true,\"viewable\":true},\"webauthnDeviceProfiles\":{\"description\":\"Web AuthN Device Profiles\",\"isPersonal\":false,\"items\":{\"title\":\"Profile\",\"type\":\"string\"},\"searchable\":false,\"title\":\"Web AuthN Device Profiles\",\"type\":\"array\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"userName\",\"givenName\",\"sn\",\"mail\"],\"title\":\"User\",\"type\":\"object\",\"viewable\":true}},{\"name\":\"role\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"\",\"icon\":\"fa-check-square-o\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role\",\"mat-icon\":\"assignment_ind\",\"order\":[\"_id\",\"name\",\"description\",\"members\",\"assignments\",\"applications\",\"condition\",\"temporalConstraints\"],\"properties\":{\"_id\":{\"description\":\"Role ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"applications\":{\"description\":\"Role Applications\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Application\",\"path\":\"managed/application\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Application Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Applications\",\"type\":\"array\",\"viewable\":false},\"assignments\":{\"description\":\"Managed Assignments\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items\",\"notifySelf\":true,\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Assignments Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Assignment\",\"path\":\"managed/assignment\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Managed Assignments Items\",\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"members\"],\"returnByDefault\":false,\"title\":\"Managed Assignments\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this role\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The role description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Role Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Role Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"roles\",\"reverseRelationship\":true,\"title\":\"Role Members Items\",\"type\":\"relationship\",\"validate\":true},\"relationshipGrantTemporalConstraintsEnforced\":true,\"returnByDefault\":false,\"title\":\"Role Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The role name, used for display purposes.\",\"policies\":[{\"policyId\":\"unique\"}],\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"temporalConstraints\":{\"description\":\"An array of temporal constraints for a role\",\"isTemporalConstraint\":true,\"items\":{\"order\":[\"duration\"],\"properties\":{\"duration\":{\"description\":\"Duration\",\"type\":\"string\"}},\"required\":[\"duration\"],\"title\":\"Temporal Constraints Items\",\"type\":\"object\"},\"notifyRelationships\":[\"members\"],\"returnByDefault\":true,\"title\":\"Temporal Constraints\",\"type\":\"array\",\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Role\",\"type\":\"object\"}},{\"attributeEncryption\":{},\"name\":\"assignment\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"A role assignment\",\"icon\":\"fa-key\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment\",\"mat-icon\":\"vpn_key\",\"order\":[\"_id\",\"name\",\"description\",\"type\",\"mapping\",\"attributes\",\"linkQualifiers\",\"roles\",\"members\",\"condition\",\"weight\"],\"properties\":{\"_id\":{\"description\":\"The assignment ID\",\"searchable\":false,\"title\":\"Name\",\"type\":\"string\",\"viewable\":false},\"attributes\":{\"description\":\"The attributes operated on by this assignment.\",\"items\":{\"order\":[\"assignmentOperation\",\"unassignmentOperation\",\"name\",\"value\"],\"properties\":{\"assignmentOperation\":{\"description\":\"Assignment operation\",\"type\":\"string\"},\"name\":{\"description\":\"Name\",\"type\":\"string\"},\"unassignmentOperation\":{\"description\":\"Unassignment operation\",\"type\":\"string\"},\"value\":{\"description\":\"Value\",\"type\":\"string\"}},\"required\":[],\"title\":\"Assignment Attributes Items\",\"type\":\"object\"},\"notifyRelationships\":[\"roles\",\"members\"],\"title\":\"Assignment Attributes\",\"type\":\"array\",\"viewable\":true},\"condition\":{\"description\":\"A conditional filter for this assignment\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"The assignment description, used for display purposes.\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"linkQualifiers\":{\"description\":\"Conditional link qualifiers to restrict this assignment to.\",\"items\":{\"title\":\"Link Qualifiers Items\",\"type\":\"string\"},\"title\":\"Link Qualifiers\",\"type\":\"array\",\"viewable\":true},\"mapping\":{\"description\":\"The name of the mapping this assignment applies to\",\"policies\":[{\"policyId\":\"mapping-exists\"}],\"searchable\":true,\"title\":\"Mapping\",\"type\":\"string\",\"viewable\":true},\"members\":{\"description\":\"Assignment Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Assignment Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Assignment Members Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Assignment Members\",\"type\":\"array\",\"viewable\":true},\"name\":{\"description\":\"The assignment name, used for display purposes.\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true},\"roles\":{\"description\":\"Managed Roles\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Managed Roles Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"assignments\",\"reverseRelationship\":true,\"title\":\"Managed Roles Items\",\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"title\":\"Managed Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"type\":{\"description\":\"The type of object this assignment represents\",\"title\":\"Type\",\"type\":\"string\",\"viewable\":true},\"weight\":{\"description\":\"The weight of the assignment.\",\"notifyRelationships\":[\"roles\",\"members\"],\"searchable\":false,\"title\":\"Weight\",\"type\":[\"number\",\"null\"],\"viewable\":true}},\"required\":[\"name\",\"description\",\"mapping\"],\"title\":\"Assignment\",\"type\":\"object\"}},{\"name\":\"organization\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"An organization or tenant, whose resources are managed by organizational admins.\",\"icon\":\"fa-building\",\"mat-icon\":\"domain\",\"order\":[\"name\",\"description\",\"owners\",\"admins\",\"members\",\"parent\",\"children\",\"adminIDs\",\"ownerIDs\",\"parentAdminIDs\",\"parentOwnerIDs\",\"parentIDs\"],\"properties\":{\"adminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"admin ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"admins\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Admin user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"admins\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"adminOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Administrators\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"children\":{\"description\":\"Child Organizations\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"parent\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Child Organizations\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"description\":{\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"members\":{\"items\":{\"notifySelf\":false,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"memberOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"ownerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"owner ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\"],\"referencedRelationshipFields\":[\"owners\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"Owner user ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"owners\":{\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":false,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"ownerOfOrg\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"notifyRelationships\":[\"children\"],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owner\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"parent\":{\"description\":\"Parent Organization\",\"notifyRelationships\":[\"children\",\"members\"],\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Organization\",\"notify\":true,\"path\":\"managed/organization\",\"query\":{\"fields\":[\"name\",\"description\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"returnByDefault\":false,\"reversePropertyName\":\"children\",\"reverseRelationship\":true,\"searchable\":false,\"title\":\"Parent Organization\",\"type\":\"relationship\",\"userEditable\":false,\"validate\":true,\"viewable\":true},\"parentAdminIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent admins\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"adminIDs\",\"parentAdminIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent admins\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"parent org ids\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"_id\",\"parentIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"parent org ids\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false},\"parentOwnerIDs\":{\"isVirtual\":true,\"items\":{\"title\":\"user ids of parent owners\",\"type\":\"string\"},\"queryConfig\":{\"flattenProperties\":true,\"referencedObjectFields\":[\"ownerIDs\",\"parentOwnerIDs\"],\"referencedRelationshipFields\":[\"parent\"]},\"returnByDefault\":true,\"searchable\":false,\"title\":\"user ids of parent owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":false}},\"required\":[\"name\"],\"title\":\"Organization\",\"type\":\"object\"}},{\"name\":\"group\",\"schema\":{\"$schema\":\"http://json-schema.org/draft-03/schema\",\"icon\":\"fa-group\",\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group\",\"mat-icon\":\"group\",\"order\":[\"_id\",\"name\",\"description\",\"condition\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Group ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"usageDescription\":\"\",\"userEditable\":false,\"viewable\":false},\"condition\":{\"description\":\"A filter for conditionally assigned members\",\"isConditional\":true,\"searchable\":false,\"title\":\"Condition\",\"type\":\"string\",\"viewable\":false},\"description\":{\"description\":\"Group Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"userEditable\":false,\"viewable\":true},\"members\":{\"description\":\"Group Members\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items\",\"properties\":{\"_ref\":{\"description\":\"References a relationship from a managed object\",\"type\":\"string\"},\"_refProperties\":{\"description\":\"Supports metadata within the relationship\",\"properties\":{\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"description\":\"_refProperties object ID\",\"type\":\"string\"}},\"title\":\"Group Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"conditionalAssociation\":true,\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"groups\",\"reverseRelationship\":true,\"title\":\"Group Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Group Name\",\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Group\",\"viewable\":true}},{\"name\":\"application\",\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"icon\":\"fa-folder\",\"order\":[\"name\",\"description\",\"url\",\"icon\",\"mappingNames\",\"owners\",\"roles\",\"members\"],\"properties\":{\"_id\":{\"description\":\"Application ID\",\"isPersonal\":false,\"searchable\":false,\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"authoritative\":{\"description\":\"Is this an authoritative application\",\"searchable\":false,\"title\":\"Authoritative\",\"type\":\"boolean\",\"viewable\":false},\"connectorId\":{\"description\":\"Id of the connector associated with the application\",\"searchable\":false,\"title\":\"Connector ID\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"description\":{\"description\":\"Application Description\",\"searchable\":true,\"title\":\"Description\",\"type\":\"string\",\"viewable\":true},\"icon\":{\"searchable\":true,\"title\":\"Icon\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"mappingNames\":{\"description\":\"Names of the sync mappings used by an application with provisioning configured.\",\"items\":{\"title\":\"Mapping Name Items\",\"type\":\"string\"},\"searchable\":true,\"title\":\"Sync Mapping Names\",\"type\":\"array\",\"viewable\":true},\"members\":{\"description\":\"Members directly granted an application\",\"items\":{\"id\":\"urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items\",\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_grantType\":{\"description\":\"Grant Type\",\"label\":\"Grant Type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"},\"_uniqueId\":{\"description\":\"Unique identifier\",\"type\":\"string\"}},\"title\":\"Application Members Items _refProperties\",\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"notify\":true,\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"title\":\"Application Members Items\",\"type\":\"relationship\",\"validate\":true},\"policies\":[],\"returnByDefault\":false,\"searchable\":false,\"title\":\"Members\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"name\":{\"description\":\"Application name\",\"notifyRelationships\":[\"roles\",\"members\"],\"policies\":[{\"policyId\":\"unique\"}],\"returnByDefault\":true,\"searchable\":true,\"title\":\"Name\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true},\"owners\":{\"description\":\"Application Owners\",\"items\":{\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_id\":{\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"User\",\"path\":\"managed/user\",\"query\":{\"fields\":[\"userName\",\"givenName\",\"sn\"],\"queryFilter\":\"true\"}}],\"reversePropertyName\":\"ownerOfApp\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Owners\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"roles\":{\"description\":\"Roles granting users the application\",\"items\":{\"notifySelf\":true,\"properties\":{\"_ref\":{\"type\":\"string\"},\"_refProperties\":{\"properties\":{\"_accountType\":{\"description\":\"Account type\",\"type\":\"string\"},\"_id\":{\"propName\":\"_id\",\"required\":false,\"type\":\"string\"}},\"type\":\"object\"}},\"resourceCollection\":[{\"label\":\"Role\",\"notify\":true,\"path\":\"managed/role\",\"query\":{\"fields\":[\"name\"],\"queryFilter\":\"true\",\"sortKeys\":[]}}],\"reversePropertyName\":\"applications\",\"reverseRelationship\":true,\"type\":\"relationship\",\"validate\":true},\"returnByDefault\":false,\"searchable\":false,\"title\":\"Roles\",\"type\":\"array\",\"userEditable\":false,\"viewable\":true},\"ssoEntities\":{\"description\":\"SSO Entity Id\",\"properties\":{\"domain\":{\"type\":\"string\"},\"federatedDomain\":{\"type\":\"string\"},\"idpLocation\":{\"type\":\"string\"},\"idpLoginUrl\":{\"type\":\"string\"},\"idpPrivateId\":{\"type\":\"string\"},\"key\":{\"type\":\"string\"},\"oidcId\":{\"type\":\"string\"},\"pfApcId\":{\"type\":\"string\"},\"pfIdpAdapterId\":{\"type\":\"string\"},\"pfPolicyId\":{\"type\":\"string\"},\"pfSigningCertId\":{\"type\":\"string\"},\"pfSpConnectionId\":{\"type\":\"string\"},\"spLocation\":{\"type\":\"string\"},\"spPrivate\":{\"type\":\"string\"},\"spPrivateId\":{\"type\":\"string\"}},\"searchable\":false,\"title\":\"SSO Entity Id\",\"type\":\"object\",\"userEditable\":false,\"viewable\":false},\"templateName\":{\"description\":\"Name of the template the application was created from\",\"searchable\":false,\"title\":\"Template Name\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"templateVersion\":{\"description\":\"The template version\",\"searchable\":false,\"title\":\"Template Version\",\"type\":\"string\",\"userEditable\":false,\"viewable\":false},\"uiConfig\":{\"description\":\"UI Config\",\"isPersonal\":false,\"properties\":{},\"searchable\":false,\"title\":\"UI Config\",\"type\":\"object\",\"usageDescription\":\"\",\"viewable\":false},\"url\":{\"searchable\":true,\"title\":\"Url\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[\"name\"],\"title\":\"Application\",\"type\":\"object\"}},{\"name\":\"testObject\",\"onCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// test script\\n\"},\"onRead\":{\"globals\":{},\"source\":\"//groovy export\",\"type\":\"groovy\"},\"onSync\":{\"globals\":{\"test\":8},\"source\":\"//test\",\"type\":\"groovy\"},\"onUpdate\":{\"globals\":{\"test\":[\"test\"]},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postCreate\":{\"globals\":{\"test\":null},\"type\":\"text/javascript\",\"source\":\"// another test\\n\"},\"postDelete\":{\"globals\":{\"test\":\"test\"},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"postUpdate\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"schema\":{\"$schema\":\"http://forgerock.org/json-schema#\",\"description\":\"test\",\"icon\":\"fa-anchor\",\"mat-icon\":\"\",\"order\":[\"testObj\",\"testString\"],\"properties\":{\"testObj\":{\"description\":null,\"isVirtual\":false,\"nullable\":false,\"onRetrieve\":{\"globals\":{\"four\":false,\"one\":null,\"three\":3,\"two\":\"number\"},\"source\":\"//second\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":{}},\"type\":\"text/javascript\",\"source\":\"//test\\n\"},\"onValidate\":{\"globals\":{\"test\":null},\"source\":\"//groovy script test\",\"type\":\"groovy\"},\"order\":[\"testObject\",\"testString\"],\"properties\":{\"testObject\":{\"description\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"text/javascript\"},\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"order\":[],\"properties\":{},\"required\":[],\"searchable\":false,\"title\":\"test\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onRetrieve\":{\"globals\":{\"test\":1},\"source\":\"//test\",\"type\":\"groovy\"},\"onStore\":{\"globals\":{\"test\":[\"test\",1,false]},\"source\":\"//test\",\"type\":\"text/javascript\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"searchable\":false,\"title\":\"TestObj\",\"type\":\"object\",\"userEditable\":true,\"viewable\":true},\"testString\":{\"description\":null,\"format\":null,\"isVirtual\":false,\"onStore\":{\"globals\":{\"test\":null},\"source\":\"//test\",\"type\":\"groovy\"},\"searchable\":false,\"title\":\"test\",\"type\":\"string\",\"userEditable\":true,\"viewable\":true}},\"required\":[],\"title\":\"Test\",\"type\":\"object\"}}]}" + }, + "cookies": [ + { + "httpOnly": true, + "name": "route", + "path": "/openidm", + "secure": true, + "value": "" + } + ], + "headers": [ + { + "name": "date", + "value": "Mon, 30 Mar 2026 16:59:04 GMT" + }, + { + "name": "content-type", + "value": "application/json;charset=utf-8" + }, + { + "name": "transfer-encoding", + "value": "chunked" + }, + { + "name": "connection", + "value": "keep-alive" + }, + { + "_fromType": "array", + "name": "set-cookie", + "value": "route=; Path=/openidm; Secure; HttpOnly" + }, + { + "name": "vary", + "value": "Origin" + }, + { + "name": "cache-control", + "value": "no-store" + }, + { + "name": "content-api-version", + "value": "protocol=2.1,resource=1.0" + }, + { + "name": "content-security-policy", + "value": "default-src 'none';frame-ancestors 'none';sandbox" + }, + { + "name": "cross-origin-opener-policy", + "value": "same-origin" + }, + { + "name": "cross-origin-resource-policy", + "value": "same-origin" + }, + { + "name": "expires", + "value": "0" + }, + { + "name": "pragma", + "value": "no-cache" + }, + { + "name": "x-content-type-options", + "value": "nosniff" + }, + { + "name": "x-frame-options", + "value": "DENY" + }, + { + "name": "strict-transport-security", + "value": "max-age=31536000; includeSubDomains" + } + ], + "headersSize": 644, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-03-30T16:59:04.351Z", + "time": 45, + "timings": { + "blocked": -1, + "connect": -1, + "dns": -1, + "receive": 0, + "send": 0, + "ssl": -1, + "wait": 45 + } + } + ], + "pages": [], + "version": "1.2" + } +} From 27396debb62a83504f2e0fec2222c22ba4155182 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Mon, 30 Mar 2026 11:38:18 -0600 Subject: [PATCH 02/10] Refactor cli help and introduce stability indicators. (#577) * Upgrade to commander 14 and start structuring help * Further help structuring and output improvements. * Guarantee command help output occurs in this order: arguments, options, option groups in alphabetical order * Remove deprecated library methods and update journey lists with additional tree flags. * Add stability indicators. * remove deprecated library functions. * Updated output * Comments and cleanup * Update snapshots * Update recordings and snapshots for journey deprecation changes. --- package-lock.json | 10 +- package.json | 4 +- src/app.ts | 23 +- src/cli/FrodoCommand.ts | 2355 ++- src/cli/config-manager/config-manager.ts | 8 +- src/cli/dcc/dcc.ts | 6 +- src/cli/journey/journey-delete.ts | 6 - src/cli/journey/journey-list.ts | 5 +- src/cli/promote/promote.ts | 4 +- src/cli/shell/shell.ts | 2 +- .../FrConfigAuthenticationOps.ts | 8 +- src/configManagerOps/FrConfigJourneysOps.ts | 8 +- .../FrConfigOrgPrivilegesOps.ts | 8 +- src/configManagerOps/FrConfigScriptOps.ts | 8 +- src/ops/JourneyOps.ts | 243 +- src/ops/NodeOps.ts | 75 +- ...dd-autoid-static-user-mapping.test.js.snap | 65 +- ...-client-with-admin-privileges.test.js.snap | 94 +- .../admin-get-access-token.test.js.snap | 77 +- ...auth2-client-admin-privileges.test.js.snap | 70 +- ...-generic-extension-attributes.test.js.snap | 74 +- ...clients-with-admin-privileges.test.js.snap | 67 +- ...lients-with-custom-privileges.test.js.snap | 67 +- ...min-list-static-user-mappings.test.js.snap | 69 +- ...in-remove-static-user-mapping.test.js.snap | 69 +- .../admin-repair-org-model.test.js.snap | 74 +- ...auth2-client-admin-privileges.test.js.snap | 70 +- ...-generic-extension-attributes.test.js.snap | 74 +- .../en/__snapshots__/admin.test.js.snap | 10 +- .../__snapshots__/agent-delete.test.js.snap | 72 +- .../__snapshots__/agent-describe.test.js.snap | 72 +- .../__snapshots__/agent-export.test.js.snap | 83 +- .../agent-gateway-delete.test.js.snap | 73 +- .../agent-gateway-describe.test.js.snap | 70 +- .../agent-gateway-export.test.js.snap | 81 +- .../agent-gateway-import.test.js.snap | 80 +- .../agent-gateway-list.test.js.snap | 69 +- .../__snapshots__/agent-gateway.test.js.snap | 17 +- .../__snapshots__/agent-import.test.js.snap | 82 +- .../agent-java-delete.test.js.snap | 72 +- .../agent-java-describe.test.js.snap | 70 +- .../agent-java-export.test.js.snap | 81 +- .../agent-java-import.test.js.snap | 80 +- .../agent-java-list.test.js.snap | 69 +- .../en/__snapshots__/agent-java.test.js.snap | 17 +- .../en/__snapshots__/agent-list.test.js.snap | 71 +- .../agent-web-delete.test.js.snap | 72 +- .../agent-web-describe.test.js.snap | 70 +- .../agent-web-export.test.js.snap | 81 +- .../agent-web-import.test.js.snap | 80 +- .../__snapshots__/agent-web-list.test.js.snap | 69 +- .../en/__snapshots__/agent-web.test.js.snap | 17 +- .../en/__snapshots__/agent.test.js.snap | 23 +- .../en/__snapshots__/app-delete.test.js.snap | 87 +- .../en/__snapshots__/app-export.test.js.snap | 102 +- .../en/__snapshots__/app-import.test.js.snap | 101 +- .../en/__snapshots__/app-list.test.js.snap | 81 +- .../en/__snapshots__/app.test.js.snap | 21 +- .../__snapshots__/authn-describe.test.js.snap | 71 +- .../__snapshots__/authn-export.test.js.snap | 73 +- .../__snapshots__/authn-import.test.js.snap | 71 +- .../en/__snapshots__/authn.test.js.snap | 13 +- .../authz-policy-delete.test.js.snap | 76 +- .../authz-policy-describe.test.js.snap | 74 +- .../authz-policy-export.test.js.snap | 95 +- .../authz-policy-import.test.js.snap | 90 +- .../authz-policy-list.test.js.snap | 71 +- .../__snapshots__/authz-policy.test.js.snap | 17 +- .../authz-set-delete.test.js.snap | 72 +- .../authz-set-describe.test.js.snap | 72 +- .../authz-set-export.test.js.snap | 91 +- .../authz-set-import.test.js.snap | 84 +- .../__snapshots__/authz-set-list.test.js.snap | 17 +- .../en/__snapshots__/authz-set.test.js.snap | 17 +- .../authz-type-delete.test.js.snap | 77 +- .../authz-type-describe.test.js.snap | 76 +- .../authz-type-export.test.js.snap | 91 +- .../authz-type-import.test.js.snap | 85 +- .../authz-type-list.test.js.snap | 69 +- .../en/__snapshots__/authz-type.test.js.snap | 17 +- .../en/__snapshots__/authz.test.js.snap | 13 +- .../__snapshots__/config-export.test.js.snap | 153 +- .../__snapshots__/config-import.test.js.snap | 121 +- ...-manager-export-access-config.test.js.snap | 69 +- ...fig-manager-export-all-static.test.js.snap | 69 +- .../config-manager-export-all.test.js.snap | 63 +- .../config-manager-export-audit.test.js.snap | 69 +- ...manager-export-authentication.test.js.snap | 73 +- ...manager-export-authz-policies.test.js.snap | 105 +- ...-export-connector-definitions.test.js.snap | 77 +- ...ger-export-connector-mappings.test.js.snap | 71 +- ...manager-export-cookie-domains.test.js.snap | 69 +- .../config-manager-export-cors.test.js.snap | 71 +- .../config-manager-export-csp.test.js.snap | 90 +- ...manager-export-email-provider.test.js.snap | 69 +- ...anager-export-email-templates.test.js.snap | 72 +- ...nfig-manager-export-endpoints.test.js.snap | 71 +- ...manager-export-internal-roles.test.js.snap | 72 +- ...onfig-manager-export-journeys.test.js.snap | 78 +- .../config-manager-export-kba.test.js.snap | 69 +- ...config-manager-export-locales.test.js.snap | 71 +- ...anager-export-managed-objects.test.js.snap | 71 +- ...anager-export-password-policy.test.js.snap | 73 +- .../config-manager-export-raw.test.js.snap | 94 +- ...manager-export-remote-servers.test.js.snap | 69 +- .../config-manager-export-saml.test.js.snap | 99 +- ...nfig-manager-export-schedules.test.js.snap | 71 +- ...config-manager-export-scripts.test.js.snap | 119 +- ...anager-export-secret-mappings.test.js.snap | 77 +- ...config-manager-export-secrets.test.js.snap | 69 +- ...anager-export-service-objects.test.js.snap | 118 +- ...onfig-manager-export-services.test.js.snap | 74 +- ...r-export-terms-and-conditions.test.js.snap | 69 +- .../config-manager-export-themes.test.js.snap | 69 +- ...nfig-manager-export-ui-config.test.js.snap | 69 +- ...nfig-manager-export-variables.test.js.snap | 69 +- ...g-manager-push-email-provider.test.js.snap | 69 +- ...-manager-push-email-templates.test.js.snap | 72 +- ...config-manager-push-endpoints.test.js.snap | 71 +- ...g-manager-push-internal-roles.test.js.snap | 71 +- .../config-manager-push-kba.test.js.snap | 69 +- .../config-manager-push-locales.test.js.snap | 72 +- ...config-manager-push-schedules.test.js.snap | 71 +- ...ger-push-terms-and-conditions.test.js.snap | 69 +- .../config-manager-push-themes.test.js.snap | 69 +- .../config-manager-push.test.js.snap | 27 +- .../__snapshots__/config-manager.test.js.snap | 19 +- .../en/__snapshots__/config.test.js.snap | 31 +- .../__snapshots__/conn-alias-add.test.js.snap | 53 +- .../conn-alias-delete.test.js.snap | 51 +- .../en/__snapshots__/conn-alias.test.js.snap | 11 +- .../en/__snapshots__/conn-delete.test.js.snap | 51 +- .../__snapshots__/conn-describe.test.js.snap | 53 +- .../en/__snapshots__/conn-list.test.js.snap | 49 +- .../en/__snapshots__/conn-save.test.js.snap | 316 +- .../en/__snapshots__/conn.test.js.snap | 17 +- .../dcc-session-abort.test.js.snap | 162 +- .../dcc-session-apply.test.js.snap | 162 +- .../dcc-session-init.test.js.snap | 162 +- .../dcc-session-state.test.js.snap | 162 +- .../en/__snapshots__/dcc-session.test.js.snap | 46 +- .../en/__snapshots__/dcc.test.js.snap | 30 +- .../email-template-delete.test.js.snap | 76 +- .../email-template-export.test.js.snap | 86 +- .../email-template-import.test.js.snap | 90 +- .../email-template-list.test.js.snap | 69 +- .../__snapshots__/email-template.test.js.snap | 15 +- .../en/__snapshots__/email.test.js.snap | 9 +- .../en/__snapshots__/esv-apply.test.js.snap | 79 +- .../esv-secret-create.test.js.snap | 82 +- .../esv-secret-delete.test.js.snap | 71 +- .../esv-secret-describe.test.js.snap | 85 +- .../esv-secret-export.test.js.snap | 111 +- .../esv-secret-import.test.js.snap | 106 +- .../esv-secret-list.test.js.snap | 79 +- .../__snapshots__/esv-secret-set.test.js.snap | 71 +- .../esv-secret-version-activate.test.js.snap | 71 +- .../esv-secret-version-create.test.js.snap | 75 +- ...esv-secret-version-deactivate.test.js.snap | 71 +- .../esv-secret-version-delete.test.js.snap | 73 +- .../esv-secret-version-list.test.js.snap | 71 +- .../esv-secret-version.test.js.snap | 21 +- .../en/__snapshots__/esv-secret.test.js.snap | 27 +- .../esv-variable-create.test.js.snap | 89 +- .../esv-variable-delete.test.js.snap | 75 +- .../esv-variable-describe.test.js.snap | 85 +- .../esv-variable-export.test.js.snap | 88 +- .../esv-variable-import.test.js.snap | 80 +- .../esv-variable-list.test.js.snap | 79 +- .../esv-variable-set.test.js.snap | 73 +- .../__snapshots__/esv-variable.test.js.snap | 25 +- .../en/__snapshots__/idm-count.test.js.snap | 73 +- .../en/__snapshots__/idm-delete.test.js.snap | 69 +- .../en/__snapshots__/idm-export.test.js.snap | 100 +- .../en/__snapshots__/idm-import.test.js.snap | 88 +- .../en/__snapshots__/idm-list.test.js.snap | 67 +- .../idm-schema-object-export.test.js.snap | 75 +- .../idm-schema-object-import.test.js.snap | 75 +- .../idm-schema-object.test.js.snap | 11 +- .../en/__snapshots__/idm-schema.test.js.snap | 9 +- .../en/__snapshots__/idm.test.js.snap | 19 +- .../en/__snapshots__/idp-delete.test.js.snap | 70 +- .../en/__snapshots__/idp-export.test.js.snap | 82 +- .../en/__snapshots__/idp-import.test.js.snap | 80 +- .../en/__snapshots__/idp-list.test.js.snap | 67 +- .../en/__snapshots__/idp.test.js.snap | 15 +- .../en/__snapshots__/info.test.js.snap | 75 +- .../__snapshots__/journey-delete.test.js.snap | 79 +- .../journey-describe.test.js.snap | 89 +- .../journey-disable.test.js.snap | 71 +- .../__snapshots__/journey-enable.test.js.snap | 71 +- .../__snapshots__/journey-export.test.js.snap | 94 +- .../__snapshots__/journey-import.test.js.snap | 89 +- .../__snapshots__/journey-list.test.js.snap | 70 +- .../__snapshots__/journey-prune.test.js.snap | 72 +- .../en/__snapshots__/journey.test.js.snap | 32 +- .../en/__snapshots__/log-fetch.test.js.snap | 212 +- .../en/__snapshots__/log-list.test.js.snap | 134 +- .../en/__snapshots__/log-tail.test.js.snap | 186 +- .../en/__snapshots__/log.test.js.snap | 54 +- .../__snapshots__/mapping-delete.test.js.snap | 53 +- .../__snapshots__/mapping-export.test.js.snap | 53 +- .../__snapshots__/mapping-import.test.js.snap | 84 +- .../__snapshots__/mapping-list.test.js.snap | 69 +- .../__snapshots__/mapping-rename.test.js.snap | 88 +- .../en/__snapshots__/mapping.test.js.snap | 23 +- .../en/__snapshots__/node-delete.test.js.snap | 80 +- .../__snapshots__/node-describe.test.js.snap | 76 +- .../en/__snapshots__/node-export.test.js.snap | 95 +- .../en/__snapshots__/node-import.test.js.snap | 94 +- .../en/__snapshots__/node-list.test.js.snap | 69 +- .../en/__snapshots__/node.test.js.snap | 17 +- .../oauth-client-delete.test.js.snap | 74 +- .../oauth-client-export.test.js.snap | 83 +- .../oauth-client-import.test.js.snap | 80 +- .../oauth-client-list.test.js.snap | 69 +- .../__snapshots__/oauth-client.test.js.snap | 15 +- .../en/__snapshots__/oauth.test.js.snap | 9 +- .../en/__snapshots__/promote.test.js.snap | 117 +- .../realm-add-custom-domain.test.js.snap | 70 +- .../__snapshots__/realm-describe.test.js.snap | 67 +- .../__snapshots__/realm-export.test.js.snap | 87 +- .../__snapshots__/realm-import.test.js.snap | 86 +- .../en/__snapshots__/realm-list.test.js.snap | 69 +- .../realm-remove-custom-domain.test.js.snap | 70 +- .../en/__snapshots__/realm.test.js.snap | 3 + .../en/__snapshots__/role-export.test.js.snap | 89 +- .../en/__snapshots__/role-import.test.js.snap | 87 +- .../en/__snapshots__/role-list.test.js.snap | 69 +- .../en/__snapshots__/role.test.js.snap | 13 +- .../en/__snapshots__/root.test.js.snap | 80 +- .../saml-cot-export.test.js.snap | 82 +- .../saml-cot-import.test.js.snap | 81 +- .../__snapshots__/saml-cot-list.test.js.snap | 69 +- .../en/__snapshots__/saml-cot.test.js.snap | 13 +- .../en/__snapshots__/saml-delete.test.js.snap | 74 +- .../__snapshots__/saml-describe.test.js.snap | 72 +- .../en/__snapshots__/saml-export.test.js.snap | 88 +- .../en/__snapshots__/saml-import.test.js.snap | 85 +- .../en/__snapshots__/saml-list.test.js.snap | 69 +- .../saml-metadata-export.test.js.snap | 76 +- .../__snapshots__/saml-metadata.test.js.snap | 9 +- .../en/__snapshots__/saml.test.js.snap | 21 +- .../__snapshots__/script-delete.test.js.snap | 77 +- .../script-describe.test.js.snap | 87 +- .../__snapshots__/script-export.test.js.snap | 101 +- .../__snapshots__/script-import.test.js.snap | 98 +- .../en/__snapshots__/script-list.test.js.snap | 81 +- .../en/__snapshots__/script.test.js.snap | 17 +- .../secretstore-delete.test.js.snap | 55 +- .../secretstore-describe.test.js.snap | 53 +- .../secretstore-export.test.js.snap | 53 +- .../secretstore-import.test.js.snap | 53 +- .../secretstore-list.test.js.snap | 71 +- ...tstore-mapping-alias-activate.test.js.snap | 53 +- ...retstore-mapping-alias-create.test.js.snap | 53 +- ...retstore-mapping-alias-delete.test.js.snap | 53 +- ...ecretstore-mapping-alias-list.test.js.snap | 53 +- .../secretstore-mapping-alias.test.js.snap | 15 +- .../secretstore-mapping-create.test.js.snap | 53 +- .../secretstore-mapping-delete.test.js.snap | 53 +- .../secretstore-mapping-list.test.js.snap | 53 +- .../secretstore-mapping.test.js.snap | 15 +- .../en/__snapshots__/secretstore.test.js.snap | 21 +- .../__snapshots__/server-export.test.js.snap | 99 +- .../__snapshots__/server-import.test.js.snap | 93 +- .../en/__snapshots__/server-list.test.js.snap | 71 +- .../en/__snapshots__/server.test.js.snap | 17 +- .../__snapshots__/service-delete.test.js.snap | 73 +- .../__snapshots__/service-export.test.js.snap | 85 +- .../__snapshots__/service-import.test.js.snap | 91 +- .../__snapshots__/service-list.test.js.snap | 71 +- .../en/__snapshots__/service.test.js.snap | 15 +- .../en/__snapshots__/shell.test.js.snap | 79 +- .../__snapshots__/theme-delete.test.js.snap | 77 +- .../__snapshots__/theme-export.test.js.snap | 85 +- .../__snapshots__/theme-import.test.js.snap | 82 +- .../en/__snapshots__/theme-list.test.js.snap | 69 +- .../en/__snapshots__/theme.test.js.snap | 15 +- ...onfig-manager-export-test.e2e.test.js.snap | 3 +- .../config-manager-push-kba.e2e.test.js.snap | 5 +- .../esv-secret-create.e2e.test.js.snap | 82 +- .../__snapshots__/idp-delete.e2e.test.js.snap | 70 +- .../journey-describe.e2e.test.js.snap | 1720 +-- .../journey-list.e2e.test.js.snap | 76 +- .../0_890022063/am_1076162899/recording.har | 146 +- .../environment_1072573434/recording.har | 125 + .../oauth2_393036114/recording.har | 42 +- .../openidm_3290118515/recording.har | 194 +- .../am_1076162899/recording.har | 11880 +++++++++++++++- .../environment_1072573434/recording.har | 125 + .../oauth2_393036114/recording.har | 44 +- .../openidm_3290118515/recording.har | 196 +- .../am_1076162899/recording.har | 11880 +++++++++++++++- .../environment_1072573434/recording.har | 125 + .../oauth2_393036114/recording.har | 40 +- .../openidm_3290118515/recording.har | 196 +- 297 files changed, 32639 insertions(+), 15432 deletions(-) create mode 100644 test/e2e/mocks/journey_3464291987/list_217798785/0_890022063/environment_1072573434/recording.har create mode 100644 test/e2e/mocks/journey_3464291987/list_217798785/0_l_2828241652/environment_1072573434/recording.har create mode 100644 test/e2e/mocks/journey_3464291987/list_217798785/0_long_276218670/environment_1072573434/recording.har diff --git a/package-lock.json b/package-lock.json index 83db9e924..6e07a3f01 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24,7 +24,7 @@ "cli-progress": "^3.11.2", "cli-table3": "^0.6.3", "colors": "^1.4.0", - "commander": "^11.0.0", + "commander": "^14.0.3", "compare-versions": "^6.1.0", "copyfiles": "^2.4.1", "deep-diff": "^1.0.2", @@ -3716,13 +3716,13 @@ } }, "node_modules/commander": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", - "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", + "version": "14.0.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz", + "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==", "dev": true, "license": "MIT", "engines": { - "node": ">=16" + "node": ">=20" } }, "node_modules/compare-versions": { diff --git a/package.json b/package.json index a4b76e347..0a039903c 100644 --- a/package.json +++ b/package.json @@ -107,7 +107,7 @@ "cli-progress": "^3.11.2", "cli-table3": "^0.6.3", "colors": "^1.4.0", - "commander": "^11.0.0", + "commander": "^14.0.3", "compare-versions": "^6.1.0", "copyfiles": "^2.4.1", "deep-diff": "^1.0.2", @@ -121,8 +121,8 @@ "eslint-plugin-simple-import-sort": "^12.1.1", "fs-extra": "^11.1.1", "jest": "^29.3.1", - "loglevel": "^1.9.1", "log-update": "^4.0.0", + "loglevel": "^1.9.1", "map-stream": "^0.0.7", "prettier": "^3.0.3", "properties-reader": "^2.2.0", diff --git a/src/app.ts b/src/app.ts index a04157adc..964692a19 100755 --- a/src/app.ts +++ b/src/app.ts @@ -1,5 +1,4 @@ import { frodo, state } from '@rockcarver/frodo-lib'; -import { Command } from 'commander'; // commands import admin from './cli/admin/admin'; @@ -13,6 +12,14 @@ import conn from './cli/conn/conn'; import directConfigSession from './cli/dcc/dcc'; import email from './cli/email/email'; import esv from './cli/esv/esv'; +// enable sample command template. +// import something from './cli/_template/something'; +import { + formatGlobalEnvironmentVariables, + FrodoStubCommand, + isFullHelpRequested, + normalizeExpandedHelpArgv, +} from './cli/FrodoCommand'; import idm from './cli/idm/idm'; import idp from './cli/idp/idp'; import info from './cli/info/info'; @@ -30,8 +37,6 @@ import secretstore from './cli/secretstore/secretstore'; import server from './cli/server/server'; import service from './cli/service/service'; import shell from './cli/shell/shell'; -// enable sample command template. -// import something from './cli/_template/something'; import theme from './cli/theme/theme'; import { debugMessage, @@ -46,6 +51,7 @@ const { initTokenCache } = frodo.cache; // Temporary mitigation: silence runtime deprecation warnings from transitive deps. process.noDeprecation = true; +process.argv = normalizeExpandedHelpArgv(process.argv); (async () => { try { @@ -55,10 +61,15 @@ process.noDeprecation = true; state.setDebugHandler(debugMessage); state.setVerboseHandler(verboseMessage); - const program = new Command('frodo').version( + const program = new FrodoStubCommand('frodo').version( await getVersions(false), '-v, --version' ); + const utilitiesCommandsHeading = 'Utilities:'; + + program.addHelpText('after', () => + isFullHelpRequested() ? formatGlobalEnvironmentVariables() : '' + ); printMessage(await getVersions(true), 'text', false); @@ -72,7 +83,7 @@ process.noDeprecation = true; program.addCommand(app()); program.addCommand(config()); program.addCommand(configManager()); - program.addCommand(conn()); + program.addCommand(conn().helpGroup(utilitiesCommandsHeading)); program.addCommand(directConfigSession()); program.addCommand(email()); program.addCommand(esv()); @@ -92,7 +103,7 @@ process.noDeprecation = true; program.addCommand(secretstore()); program.addCommand(server()); program.addCommand(service()); - program.addCommand(shell()); + program.addCommand(shell().helpGroup(utilitiesCommandsHeading)); program.addCommand(theme()); // enable sample command template. // program.addCommand(something()); diff --git a/src/cli/FrodoCommand.ts b/src/cli/FrodoCommand.ts index 6c08ebc55..5636393af 100644 --- a/src/cli/FrodoCommand.ts +++ b/src/cli/FrodoCommand.ts @@ -1,6 +1,6 @@ import { frodo, FrodoError, state } from '@rockcarver/frodo-lib'; import { RetryStrategy } from '@rockcarver/frodo-lib/types/api/BaseApi.js'; -import { Argument, Command, Help, Option } from 'commander'; +import { AddHelpTextContext, Argument, Command, Help, Option } from 'commander'; import fs from 'fs'; import { @@ -15,14 +15,418 @@ import { verboseMessage, } from '../utils/Console.js'; +// Frodo constants +const constants = frodo.utils.constants; const { DEFAULT_REALM_KEY, DEPLOYMENT_TYPES, RETRY_STRATEGIES, RETRY_NOTHING_KEY, -} = frodo.utils.constants; +} = constants; const { convertPrivateKeyToPem } = frodo.utils.crypto; +// Default heading for grouped subcommands. +const COMMANDS_HEADING = 'Commands:'; +// Heading for command-specific options that do not declare a group. +const COMMAND_OPTIONS_HEADING = 'Options:'; +// Group for connection and deployment endpoint settings. +const CONNECTION_OPTIONS_HEADING = 'Connection Options:'; +// Group for login and credential-related settings. +const AUTHENTICATION_OPTIONS_HEADING = 'Authentication Options:'; +// Group for runtime behavior controls. +const RUNTIME_OPTIONS_HEADING = 'Runtime Options:'; +// Group for output and diagnostics controls. +const OUTPUT_OPTIONS_HEADING = 'Output Options:'; +// Help flags intentionally use the same visible label as command options to keep a single +// "Options:" section in help output while still preserving a separate semantic bucket. +const HELP_OPTIONS_HEADING = 'Options:'; +// Top-level env var section for host/realm/endpoint values. +const CONNECTION_ENVIRONMENT_VARIABLES_HEADING = 'Connection:'; +// Top-level env var section for auth and credentials. +const AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING = 'Authentication:'; +// Top-level env var section for runtime behavior. +const RUNTIME_ENVIRONMENT_VARIABLES_HEADING = 'Runtime:'; +// Top-level env var section for output and debug toggles. +const OUTPUT_ENVIRONMENT_VARIABLES_HEADING = 'Output:'; +// Short flag alias for --help-more; triggers level-2 help showing all option groups. +const HELP_MORE_SHORT_FLAG = '-hh'; +// Level-2 help flag: shows all option groups (Connection, Authentication, Runtime, Output) +// that are hidden from basic -h output, including stability badges. Does not include env vars. +const HELP_MORE_FLAG = '--help-more'; +// Short flag alias for --help-all; triggers level-3 help showing everything. +const HELP_ALL_SHORT_FLAG = '-hhh'; +// Level-3 help flag: shows all option groups plus environment variable sections. +// Superset of --help-more output. Stability badges appear at all levels. +const HELP_ALL_FLAG = '--help-all'; +// Fallback help text width used when the terminal width cannot be determined. +const DEFAULT_HELP_WIDTH = 100; +// Absolute minimum help text width; applied at all help levels regardless of terminal width. +const MINIMUM_HELP_WIDTH = 60; +// Padding between option flags and their descriptions in help output. +const ENVIRONMENT_VARIABLE_NAME_INDENT = 4; +// Padding between environment variable descriptions and their group headings in help output. +const ENVIRONMENT_VARIABLE_DESCRIPTION_PADDING = 2; +// Property key used to attach stability metadata to Commander objects (commands, options, +// arguments). The double-underscore prefix avoids collision with Commander's own property +// namespace. Typed `as const` so TypeScript treats it as a literal type for type-safe +// indexed access via the `StabilityAnnotated` interface. +const STABILITY_METADATA_KEY = '__frodoStabilityMetadata' as const; + +export type StabilityIndicator = + | 'stable' + | 'preview' + | 'experimental' + | 'deprecated'; + +export type StabilityGateMode = 'option-or-env' | 'option-only' | 'env-only'; + +export type StabilityGateConfig = { + requiredOptIn?: boolean; + optionName?: string; + envVarName?: string; + helpText?: string; + mode?: StabilityGateMode; +}; + +type StabilityMetadata = { + level: StabilityIndicator; + gate?: StabilityGateConfig; +}; + +const stabilityLevelPriority: Record = { + stable: 0, + preview: 1, + experimental: 2, + deprecated: 3, +}; + +type StabilityAnnotated = { + [STABILITY_METADATA_KEY]?: StabilityMetadata; +}; + +/** + * Logical scope used for deployment-constrained help sub-sections. + * + * Keep this in sync with deployment type constants and with + * `getScopeForDeploymentType()` / `getDeploymentTypeForScope()`. + */ +type DeploymentScope = 'classic-only' | 'cloud-only' | 'forgeops-only'; + +/** + * Optional per-command variants for a single environment variable. + * + * Use this when a variable has different override rules depending on the + * command (for example `frodo conn save` versus `frodo log`). + */ +type VariantDescriptor = { + description: string; + appliesTo?: string; + commandNames?: string[]; + include?: (command: FrodoCommand) => boolean; +}; + +/** + * Metadata for environment variable help generation. + * + * How to add a new env var entry: + * 1) Add an object to `environmentVariables` with `name`, `description`, and `group`. + * 2) Add `include` when the variable should only appear if a default arg/option exists. + * 3) Add `appliesToTypes` and/or `scope` when deployment visibility is constrained. + * 4) Add `variants` when the override description differs by command. + */ +type EnvironmentVariableDescriptor = { + name: string; + description: string; + group: string; + appliesToTypes?: string[]; + scope?: DeploymentScope; + commandNames?: string[]; + include?: (command: FrodoCommand) => boolean; + variants?: VariantDescriptor[]; +}; + +/** + * Order of top-level environment variable groups. + * + * Add new headings here if you introduce new env var categories and want + * deterministic output ordering in full help (`-hhh`). + */ +const environmentVariableGroupOrder = [ + CONNECTION_ENVIRONMENT_VARIABLES_HEADING, + AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + OUTPUT_ENVIRONMENT_VARIABLES_HEADING, +]; + +/** + * Rendering order for scoped deployment sub-sections. + * + * This controls the order of inline labels such as `(Classic-only):` + * in options, env vars, and command lists. + */ +const environmentVariableScopeOrder: DeploymentScope[] = [ + 'classic-only', + 'cloud-only', + 'forgeops-only', +]; + +function withHelpGroup(option: Option, group: string): Option { + option.helpGroup(group); + return option; +} + +/** + * Annotates an option with stability metadata for help rendering. + * @param option Option to annotate. + * @param level Stability level to apply. + * @returns Same option for chaining. + */ +export function withOptionStability( + option: Option, + level: StabilityIndicator, + gate?: StabilityGateConfig +): Option { + const metadata = getStabilityMetadata(option); + setStabilityMetadata(option, { + ...metadata, + level, + gate: gate || metadata.gate, + }); + return option; +} + +/** + * Annotates an argument with stability metadata for help rendering. + * @param argument Argument to annotate. + * @param level Stability level to apply. + * @returns Same argument for chaining. + */ +export function withArgumentStability( + argument: Argument, + level: StabilityIndicator, + gate?: StabilityGateConfig +): Argument { + const metadata = getStabilityMetadata(argument); + setStabilityMetadata(argument, { + ...metadata, + level, + gate: gate || metadata.gate, + }); + return argument; +} + +/** + * Stores stability metadata on Commander objects. + * @param target Annotated command, option, or argument. + * @param metadata Stability metadata to persist. + */ +function setStabilityMetadata( + target: Command | Option | Argument, + metadata: StabilityMetadata +) { + (target as unknown as StabilityAnnotated)[STABILITY_METADATA_KEY] = metadata; +} + +/** + * Reads raw stability metadata as explicitly configured on the target. + * @param target Annotated command, option, or argument. + * @returns Explicit metadata if present, otherwise undefined. + */ +function getRawStabilityMetadata( + target: Command | Option | Argument +): StabilityMetadata | undefined { + return (target as unknown as StabilityAnnotated)[STABILITY_METADATA_KEY]; +} + +/** + * Reads stability metadata from Commander objects. + * @param target Annotated command, option, or argument. + * @returns Stability metadata, defaulting to stable. + */ +function getStabilityMetadata( + target: Command | Option | Argument +): StabilityMetadata { + const metadata = getRawStabilityMetadata(target); + return metadata || { level: 'stable' }; +} + +/** + * Resolves effective stability for a command by walking up parent commands. + * + * Behavior: + * - level: strongest level found in the command ancestry + * - gate: nearest required opt-in gate found in the ancestry + * + * This allows declaring stability once at a stub command (command tree root) + * and having it apply to all descendants. + * @param command Command to evaluate. + * @returns Effective stability metadata for runtime and help rendering. + */ +function getEffectiveCommandStabilityMetadata( + command: Command +): StabilityMetadata { + let level: StabilityIndicator = 'stable'; + let gate: StabilityGateConfig | undefined; + + let current: Command | null = command; + while (current) { + const metadata = getRawStabilityMetadata(current); + if (metadata) { + if ( + stabilityLevelPriority[metadata.level] > stabilityLevelPriority[level] + ) { + level = metadata.level; + } + + if (!gate && metadata.gate?.requiredOptIn) { + gate = metadata.gate; + } + } + current = current.parent || null; + } + + return gate ? { level, gate } : { level }; +} + +/** + * Formats stability level labels for display in help text and warnings. + * @param level Stability level. + * @returns Human-readable label. + */ +function formatStabilityLevel(level: StabilityIndicator): string { + switch (level) { + case 'preview': + return 'Preview'; + case 'experimental': + return 'Experimental'; + case 'deprecated': + return 'Deprecated'; + default: + return 'Stable'; + } +} + +/** + * Determines whether colored stability badges should be emitted. + * @returns True when color output is supported and not explicitly disabled. + */ +function shouldUseStabilityColors(): boolean { + return !!process.stdout.isTTY && !process.env.NO_COLOR; +} + +/** + * Applies ANSI color to stability and opt-in badges. + * @param text Badge text to colorize. + * @param level Stability level used for color selection. + * @param isOptInBadge True for opt-in badge coloring. + * @returns Colored or plain badge text. + */ +function colorizeStabilityBadge( + text: string, + level: StabilityIndicator, + isOptInBadge = false +): string { + if (!shouldUseStabilityColors()) { + return text; + } + + const reset = '\x1b[0m'; + if (isOptInBadge) { + return `\x1b[36m${text}${reset}`; + } + + switch (level) { + case 'preview': + return `\x1b[1;93m${text}${reset}`; + case 'experimental': + return `\x1b[1;31m${text}${reset}`; + case 'deprecated': + return `\x1b[1;90m${text}${reset}`; + default: + return `\x1b[32m${text}${reset}`; + } +} + +/** + * Appends stability and optional opt-in badges to a description. + * @param description Existing description text. + * @param target Annotated command, option, or argument. + * @returns Decorated description. + */ +function decorateDescriptionWithStability( + description: string, + target: Command | Option | Argument +): string { + const metadata = + target instanceof Command + ? getEffectiveCommandStabilityMetadata(target) + : getStabilityMetadata(target); + if (metadata.level === 'stable') { + return description; + } + + const badges = [ + colorizeStabilityBadge( + `[${formatStabilityLevel(metadata.level)}]`, + metadata.level + ), + ]; + if (metadata.gate?.requiredOptIn) { + badges.push( + colorizeStabilityBadge('[Opt-in required]', metadata.level, true) + ); + } + + return description ? `${badges.join(' ')} ${description}` : badges.join(' '); +} + +/** + * Creates a detached copy of an option so command-level mutations do not + * affect shared defaults. + * @param option Source option definition. + * @returns Cloned option instance. + */ +function cloneOption(option: Option): Option { + const cloned = Object.assign(new Option(option.flags, option.description), { + defaultValue: option.defaultValue, + defaultValueDescription: option.defaultValueDescription, + presetArg: option.presetArg, + envVar: option.envVar, + parseArg: option.parseArg, + hidden: option.hidden, + mandatory: option.mandatory, + argChoices: option.argChoices ? [...option.argChoices] : option.argChoices, + helpGroupHeading: option.helpGroupHeading, + }); + + setStabilityMetadata(cloned, getStabilityMetadata(option)); + return cloned; +} + +/** + * Creates a detached copy of an argument so command-level mutations do not + * affect shared defaults. + * @param argument Source argument definition. + * @returns Cloned argument instance. + */ +function cloneArgument(argument: Argument): Argument { + const bracketOpen = argument.required ? '<' : '['; + const bracketClose = argument.required ? '>' : ']'; + const spec = `${bracketOpen}${argument.name()}${argument.variadic ? '...' : ''}${bracketClose}`; + + const cloned = Object.assign(new Argument(spec, argument.description), { + defaultValue: argument.defaultValue, + defaultValueDescription: argument.defaultValueDescription, + parseArg: argument.parseArg, + argChoices: argument.argChoices + ? [...argument.argChoices] + : argument.argChoices, + }); + + setStabilityMetadata(cloned, getStabilityMetadata(argument)); + return cloned; +} + export const hostArgument = new Argument( '[host]', 'AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias.' @@ -44,103 +448,154 @@ const usernameArgument = new Argument( const passwordArgument = new Argument('[password]', 'Password.'); -const idmHostOption = new Option( - '--idm-host ', - 'IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm".' +const idmHostOption = withHelpGroup( + new Option( + '--idm-host ', + 'IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm".' + ), + CONNECTION_OPTIONS_HEADING ); -const loginClientId = new Option( - '--login-client-id ', - 'Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html").' +const loginClientId = withHelpGroup( + new Option( + '--login-client-id ', + 'Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html").' + ), + AUTHENTICATION_OPTIONS_HEADING ); -const loginRedirectUri = new Option( - '--login-redirect-uri ', - 'Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html").' +const loginRedirectUri = withHelpGroup( + new Option( + '--login-redirect-uri ', + 'Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html").' + ), + AUTHENTICATION_OPTIONS_HEADING ); -const serviceAccountIdOption = new Option( - '--sa-id ', - 'Service account id.' +const serviceAccountIdOption = withHelpGroup( + new Option('--sa-id ', 'Service account id.'), + AUTHENTICATION_OPTIONS_HEADING ); -const serviceAccountJwkFileOption = new Option( - '--sa-jwk-file ', - 'File containing the JSON Web Key (JWK) associated with the the service account.' +const serviceAccountJwkFileOption = withHelpGroup( + new Option( + '--sa-jwk-file ', + 'File containing the JSON Web Key (JWK) associated with the the service account.' + ), + AUTHENTICATION_OPTIONS_HEADING ); -const amsterPrivateKeyPassphraseOption = new Option( - '--passphrase ', - 'The passphrase for the Amster private key if it is encrypted.' +const amsterPrivateKeyPassphraseOption = withHelpGroup( + new Option( + '--passphrase ', + 'The passphrase for the Amster private key if it is encrypted.' + ), + AUTHENTICATION_OPTIONS_HEADING ); -const amsterPrivateKeyFileOption = new Option( - '--private-key ', - 'File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK.' +const amsterPrivateKeyFileOption = withHelpGroup( + new Option( + '--private-key ', + 'File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK.' + ), + AUTHENTICATION_OPTIONS_HEADING ); -const deploymentOption = new Option( - '-m, --type ', - 'Override auto-detected deployment type. Valid values for type: \n\ +const deploymentOption = withHelpGroup( + new Option( + '-m, --type ', + 'Override auto-detected deployment type. Valid values for type: \n\ classic: A classic Access Management-only deployment with custom layout and configuration. \n\ cloud: A ForgeRock Identity Cloud environment. \n\ forgeops: A ForgeOps CDK or CDM deployment. \n\ The detected or provided deployment type controls certain behavior like obtaining an Identity \ Management admin token or not and whether to export/import referenced email templates or how \ to walk through the tenant admin login flow of Identity Cloud and handle MFA' -).choices(DEPLOYMENT_TYPES); + ).choices(DEPLOYMENT_TYPES), + CONNECTION_OPTIONS_HEADING +); -const directoryOption = new Option( - '-D, --directory ', - 'Set the working directory.' -).default(undefined, 'undefined'); +const directoryOption = withHelpGroup( + new Option( + '-D, --directory ', + 'Set the working directory.' + ).default(undefined, 'undefined'), + RUNTIME_OPTIONS_HEADING +); -const insecureOption = new Option( - '-k, --insecure', - 'Allow insecure connections when using SSL/TLS, including expired certificates.' -).default(false, "Don't allow insecure connections"); +const insecureOption = withHelpGroup( + new Option( + '-k, --insecure', + 'Allow insecure connections when using SSL/TLS, including expired certificates.' + ).default(false, "Don't allow insecure connections"), + CONNECTION_OPTIONS_HEADING +); -const verboseOption = new Option( - '--verbose', - 'Verbose output during command execution. If specified, may or may not produce additional output.' +const verboseOption = withHelpGroup( + new Option( + '--verbose', + 'Verbose output during command execution. If specified, may or may not produce additional output.' + ), + OUTPUT_OPTIONS_HEADING ); -const debugOption = new Option( - '--debug', - 'Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting.' +const debugOption = withHelpGroup( + new Option( + '--debug', + 'Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting.' + ), + OUTPUT_OPTIONS_HEADING ); -const curlirizeOption = new Option( - '--curlirize', - 'Output all network calls in curl format.' +const curlirizeOption = withHelpGroup( + new Option('--curlirize', 'Output all network calls in curl format.'), + OUTPUT_OPTIONS_HEADING ); -const noCacheOption = new Option( - '--no-cache', - 'Disable token cache for this operation.' +const noCacheOption = withHelpGroup( + new Option('--no-cache', 'Disable token cache for this operation.'), + RUNTIME_OPTIONS_HEADING ); -const useRealmPrefixOnManagedObjects = new Option( - '--use-realm-prefix-on-managed-objects', - 'Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user,\ +const useRealmPrefixOnManagedObjects = withHelpGroup( + new Option( + '--use-realm-prefix-on-managed-objects', + 'Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user,\ managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user \ etc. is retained. \ This option is ignored when the deployment type is "cloud".' + ), + CONNECTION_OPTIONS_HEADING ); -const flushCacheOption = new Option('--flush-cache', 'Flush token cache.'); +const flushCacheOption = withHelpGroup( + new Option('--flush-cache', 'Flush token cache.'), + RUNTIME_OPTIONS_HEADING +); -const retryOption = new Option( - '--retry ', - `Retry failed operations. Valid values for strategy: \n\ +const retryOption = withHelpGroup( + new Option( + '--retry ', + `Retry failed operations. Valid values for strategy: \n\ everything: Retry all failed operations. \n\ network: Retry only network-related failed operations. \n\ nothing: Do not retry failed operations. \n\ The selected retry strategy controls how the CLI handles failures.` -) - .choices(RETRY_STRATEGIES) - .default(`${RETRY_NOTHING_KEY}`, `Do not retry failed operations.`); + ) + .choices(RETRY_STRATEGIES) + .default(`${RETRY_NOTHING_KEY}`, `Do not retry failed operations.`), + RUNTIME_OPTIONS_HEADING +); +/** + * Default positional arguments added to every `FrodoCommand` unless omitted. + * + * To add a new global/default argument: + * 1) Define it near other `Argument` declarations. + * 2) Add it to this array. + * 3) Add state behavior in `stateMap` if needed. + * 4) Add env var metadata in `environmentVariables` if there is an override. + */ const defaultArgs = [ hostArgument, realmArgument, @@ -148,6 +603,16 @@ const defaultArgs = [ passwordArgument, ]; +/** + * Default options added to every `FrodoCommand` unless explicitly omitted. + * + * To add a new global/default option: + * 1) Define the `Option` above and assign a help group via `withHelpGroup(...)`. + * 2) Add it to this array. + * 3) Add its behavior to `stateMap` if it should update shared runtime state. + * 4) Add corresponding env var metadata in `environmentVariables` if applicable. + * 5) If deployment-specific, add mapping in `getOptionAppliesToTypes(...)`. + */ const defaultOpts = [ idmHostOption, loginClientId, @@ -168,6 +633,13 @@ const defaultOpts = [ useRealmPrefixOnManagedObjects, ]; +/** + * Maps default argument/option names to state mutators. + * + * This is the central place to wire runtime side effects for default CLI + * arguments and options. When introducing a new default argument/option, + * add an entry here if it needs to mutate shared state. + */ const stateMap = { [hostArgument.name()]: (host: string) => state.setHost(host), [realmArgument.name()]: (realm: string) => state.setRealm(realm), @@ -246,137 +718,1690 @@ const stateMap = { }; /** - * Command with default options + * Registry of environment variables shown in `-hhh` help. + * + * This list drives display only; runtime behavior is still controlled by + * command handlers and `stateMap`. Keep descriptions in sync with the + * corresponding option/argument override semantics. */ -export class FrodoStubCommand extends Command { - /** - * Creates a new FrodoCommand instance - * @param name Name of the command - */ - constructor(name: string) { - super(name); +const environmentVariables: EnvironmentVariableDescriptor[] = [ + { + name: 'FRODO_HOST', + description: "AM base URL. Overridden by 'host' argument.", + group: CONNECTION_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => command.hasDefaultArgument('host'), + }, + { + name: 'FRODO_IDM_HOST', + description: "IDM base URL. Overridden by '--idm-host' option.", + group: CONNECTION_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => + command.hasDefaultOption(idmHostOption.attributeName()), + }, + { + name: 'FRODO_REALM', + description: "Realm. Overridden by 'realm' argument.", + group: CONNECTION_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => command.hasDefaultArgument('realm'), + }, + { + name: 'FRODO_USERNAME', + description: "Username. Overridden by 'username' argument.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => command.hasDefaultArgument('username'), + }, + { + name: 'FRODO_PASSWORD', + description: "Password. Overridden by 'password' argument.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => command.hasDefaultArgument('password'), + }, + { + name: 'FRODO_LOGIN_CLIENT_ID', + description: + "OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + appliesToTypes: [ + constants.CLOUD_DEPLOYMENT_TYPE_KEY, + constants.FORGEOPS_DEPLOYMENT_TYPE_KEY, + ], + include: (command) => + command.hasDefaultOption(loginClientId.attributeName()), + }, + { + name: 'FRODO_LOGIN_REDIRECT_URI', + description: + "Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + appliesToTypes: [ + constants.CLOUD_DEPLOYMENT_TYPE_KEY, + constants.FORGEOPS_DEPLOYMENT_TYPE_KEY, + ], + include: (command) => + command.hasDefaultOption(loginRedirectUri.attributeName()), + }, + { + name: 'FRODO_SA_ID', + description: "Service account uuid. Overridden by '--sa-id' option.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'cloud-only', + include: (command) => + command.hasDefaultOption(serviceAccountIdOption.attributeName()), + }, + { + name: 'FRODO_SA_JWK', + description: + "Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'cloud-only', + include: (command) => + command.hasDefaultOption(serviceAccountJwkFileOption.attributeName()), + }, + { + name: 'FRODO_AMSTER_PASSPHRASE', + description: + "Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'classic-only', + include: (command) => + command.hasDefaultOption( + amsterPrivateKeyPassphraseOption.attributeName() + ), + }, + { + name: 'FRODO_AMSTER_PRIVATE_KEY', + description: + "Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'classic-only', + include: (command) => + command.hasDefaultOption(amsterPrivateKeyFileOption.attributeName()), + }, + { + name: 'FRODO_NO_CACHE', + description: "Disable token cache. Same as '--no-cache' option.", + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => + command.hasDefaultOption(noCacheOption.attributeName()), + }, + { + name: 'FRODO_TOKEN_CACHE_PATH', + description: + "Use this token cache file instead of '~/.frodo/TokenCache.json'.", + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_CONNECTION_PROFILES_PATH', + description: + "Use this connection profiles file instead of '~/.frodo/Connections.json'.", + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_AUTHENTICATION_SERVICE', + description: + "Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey.", + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_AUTHENTICATION_HEADER_OVERRIDES', + description: + 'Map of headers: \'{"host":"am.example.com:8081"}\'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments.', + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_CONFIGURATION_HEADER_OVERRIDES', + description: + 'Map of headers: \'{"X-Configuration-Type":"mutable"}\'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments.', + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_DEBUG', + description: "Set to any value to enable debug output. Same as '--debug'.", + group: OUTPUT_ENVIRONMENT_VARIABLES_HEADING, + include: (command) => command.hasDefaultOption(debugOption.attributeName()), + }, + { + name: 'FRODO_IGA', + description: + 'Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value.', + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + scope: 'cloud-only' as DeploymentScope, + }, + { + name: 'FRODO_MASTER_KEY_PATH', + description: + "Use this master key file instead of '~/.frodo/masterkey.key' file.", + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_MASTER_KEY', + description: + "Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH.", + group: RUNTIME_ENVIRONMENT_VARIABLES_HEADING, + }, + { + name: 'FRODO_LOG_KEY', + description: 'Log API key.', + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'cloud-only', + variants: [ + { + description: "Overridden by '--log-api-key' option.", + appliesTo: '`frodo conn save`', + commandNames: ['frodo conn save'], + }, + { + description: "Overridden by 'username' argument.", + appliesTo: '`frodo log` commands', + include: (command) => command.name().startsWith('frodo log'), + }, + ], + }, + { + name: 'FRODO_LOG_SECRET', + description: 'Log API secret.', + group: AUTHENTICATION_ENVIRONMENT_VARIABLES_HEADING, + scope: 'cloud-only', + variants: [ + { + description: "Overridden by '--log-api-secret' option.", + appliesTo: '`frodo conn save`', + commandNames: ['frodo conn save'], + }, + { + description: "Overridden by 'password' argument.", + appliesTo: '`frodo log` commands', + include: (command) => command.name().startsWith('frodo log'), + }, + ], + }, +]; - if (!process.listenerCount('unhandledRejection')) { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - process.on('unhandledRejection', (error: any) => { - printError( - new FrodoError( - `Please report this unhandled error here: https://github.com/rockcarver/frodo-cli/issues`, - error - ) - ); - process.exitCode = 1; - }); - } +const longestEnvironmentVariableNameLength = Math.max( + ...environmentVariables.map(({ name }) => name.length) +); +const environmentVariableDescriptionColumn = + ENVIRONMENT_VARIABLE_NAME_INDENT + + longestEnvironmentVariableNameLength + + ENVIRONMENT_VARIABLE_DESCRIPTION_PADDING; - // other default settings - this.helpOption('-h, --help', 'Help'); - this.showHelpAfterError(); - this.configureHelp({ - sortSubcommands: true, - sortOptions: true, - }); +/** + * Checks whether a variant line applies to the current command. + * @param variant Variant metadata under an env var descriptor. + * @param command Command being rendered. + * @returns True when variant should be included. + */ +function matchesEnvironmentVariableVariant( + variant: VariantDescriptor, + command: FrodoCommand +) { + if (variant.commandNames && !variant.commandNames.includes(command.name())) { + return false; + } - // register default handlers - state.setPrintHandler(printMessage); - state.setVerboseHandler(verboseMessage); - state.setDebugHandler(debugMessage); - state.setCurlirizeHandler(curlirizeMessage); - state.setCreateProgressHandler(createProgressIndicator); - state.setUpdateProgressHandler(updateProgressIndicator); - state.setStopProgressHandler(stopProgressIndicator); + if (variant.include) { + return variant.include(command); + } - // shutdown handlers - // eslint-disable-next-line @typescript-eslint/no-unused-vars - this.hook('postAction', (thisCommand, actionCommand) => { - debugMessage( - `FrodoCommand: running postAction hook: this command: ${thisCommand.name()}, action command: ${actionCommand.name()}` - ); - cleanupProgressIndicators(); - }); + return true; +} + +/** + * Checks whether an environment variable descriptor applies to the current + * command. + * @param entry Environment variable descriptor. + * @param command Command being rendered. + * @returns True when descriptor should be included. + */ +function matchesEnvironmentVariableEntry( + entry: EnvironmentVariableDescriptor, + command: FrodoCommand +) { + if (entry.commandNames && !entry.commandNames.includes(command.name())) { + return false; } - createHelp() { - return Object.assign(new FrodoStubHelp(), this.configureHelp()); + if (entry.include) { + return entry.include(command); } + + return true; } -class FrodoStubHelp extends Help { - subcommandTerm(cmd) { - return cmd._name + (cmd._aliases[0] ? '|' + cmd._aliases[0] : ''); - } +/** + * Computes effective wrapping width for help output. + * @returns Terminal-aware text width with sane minimum fallback. + */ +function getHelpTextWidth() { + const envWidth = Number.parseInt(process.env.COLUMNS || '', 10); + const terminalWidth = Number.isNaN(envWidth) + ? process.stdout.columns + : envWidth; + + return Math.max(terminalWidth || DEFAULT_HELP_WIDTH, MINIMUM_HELP_WIDTH); } /** - * Command with default options + * Wraps a help description preserving hanging indentation. + * @param prefix Prefix for first line and width anchor for continuation lines. + * @param text Description text to wrap. + * @returns Wrapped lines ready to join with newlines. */ -export class FrodoCommand extends FrodoStubCommand { - types: string[]; +function wrapHelpText(prefix: string, text: string) { + if (!text) { + return [prefix.trimEnd()]; + } - /** - * Creates a new FrodoCommand instance - * @param name Name of the command - * @param omits Array of default argument names and default option names that should not be added to this command - * @param types Array of deployment types this command supports - */ - constructor( - name: string, - omits: string[] = [], - types: string[] = DEPLOYMENT_TYPES - ) { - super(name); + const continuationPrefix = ' '.repeat(prefix.length); + const availableWidth = Math.max(20, getHelpTextWidth() - prefix.length); + const words = text.split(/\s+/).filter(Boolean); + const lines: string[] = []; + let currentLine = ''; - this.types = types; + for (const word of words) { + const candidate = currentLine ? `${currentLine} ${word}` : word; - // register default arguments - for (const arg of defaultArgs) { - if (!omits.includes(arg.name())) this.addArgument(arg); + if (currentLine && candidate.length > availableWidth) { + lines.push(currentLine); + currentLine = word; + continue; } - // register default options - for (const opt of defaultOpts) { - if (!omits.includes(opt.name())) this.addOption(opt); - } + currentLine = candidate; + } - // additional help - this.addHelpText( - 'after', - `\nEnvironment Variables:\n` + - ` FRODO_HOST: AM base URL. Overridden by 'host' argument.\n` + - ` FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option.\n` + - ` FRODO_REALM: Realm. Overridden by 'realm' argument.\n` + - ` FRODO_USERNAME: Username. Overridden by 'username' argument.\n` + - ` FRODO_PASSWORD: Password. Overridden by 'password' argument.\n` + - ` FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option.\n` + - ` FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option.\n` + - ` FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option.\n` + - ` FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name.\n` + - ` FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option.\n` + - ` FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK.\n` + - ` FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option.\n` + - ` FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'.\n` + - ('frodo conn save' === this.name() - ? ` FRODO_LOG_KEY: Log API key. Overridden by '--log-api-key' option.\n` + - ` FRODO_LOG_SECRET: Log API secret. Overridden by '--log-api-secret' option.\n` - : ``) + - (this.name().startsWith('frodo log') - ? ` FRODO_LOG_KEY: Log API key. Overridden by 'username' argument.\n` + - ` FRODO_LOG_SECRET: Log API secret. Overridden by 'password' argument.\n` - : ``) + - ` FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'.\n` + - ` FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey.\n` + - ` FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments.\n` + - ` FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments.\n` + - ` FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'.\n` + - ` FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value.\n` + - ` FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file.\n` + - ` FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH.\n` + if (currentLine) { + lines.push(currentLine); + } + + return lines.map( + (line, index) => `${index === 0 ? prefix : continuationPrefix}${line}` + ); +} + +/** + * Builds aligned prefix for environment variable name column. + * @param name Environment variable name. + * @param extraIndent Additional left indentation. + * @returns Formatted prefix including spacing before description column. + */ +function formatEnvironmentVariablePrefix(name: string, extraIndent = 0) { + const nameIndent = ENVIRONMENT_VARIABLE_NAME_INDENT + extraIndent; + const trailingPadding = Math.max( + 1, + environmentVariableDescriptionColumn - nameIndent - name.length + ); + + return `${' '.repeat(nameIndent)}${name}${' '.repeat(trailingPadding)}`; +} + +/** + * Builds prefix for env var variant bullet lines. + * @param extraIndent Additional left indentation. + * @returns Prefix aligned with env var description column. + */ +function formatEnvironmentVariableVariantPrefix(extraIndent = 0) { + return `${' '.repeat(formatEnvironmentVariablePrefix('', extraIndent).length)}- `; +} + +/** + * Formats one env var entry and optional variant lines into wrapped output. + * @param entry Env var descriptor. + * @param variants Variant rows to render. + * @param extraIndent Additional left indentation. + * @returns Rendered text lines. + */ +function formatEnvironmentVariableEntry( + entry: EnvironmentVariableDescriptor, + variants: VariantDescriptor[], + extraIndent = 0 +) { + if (!variants.length) { + return wrapHelpText( + formatEnvironmentVariablePrefix(entry.name, extraIndent), + entry.description ); } - /** - * - * @param args + const variantLines = variants.map((variant) => { + const appliesToPrefix = variant.appliesTo ? `(${variant.appliesTo}) ` : ''; + return wrapHelpText( + formatEnvironmentVariableVariantPrefix(extraIndent), + `${appliesToPrefix}${variant.description}` + ); + }); + + return [ + ...wrapHelpText( + formatEnvironmentVariablePrefix(entry.name, extraIndent), + entry.description + ), + ...variantLines.flat(), + ]; +} + +type GroupData = { + unscoped: string[]; + scoped: Map; +}; + +type OptionGroupData = { + unscoped: Option[]; + scoped: Map; +}; + +type CommandGroupData = { + unscoped: Command[]; + scoped: Map; +}; +type CommandWithTypes = Command & { types?: string[] }; + +/** + * Converts a rendering scope (e.g. `cloud-only`) back to canonical + * deployment type key (e.g. `cloud`). + * @param scope Scoped token used by help renderer. + * @returns Canonical deployment type key. + */ +function getDeploymentTypeForScope(scope: DeploymentScope): string { + switch (scope) { + case 'classic-only': + return constants.CLASSIC_DEPLOYMENT_TYPE_KEY; + case 'cloud-only': + return constants.CLOUD_DEPLOYMENT_TYPE_KEY; + case 'forgeops-only': + return constants.FORGEOPS_DEPLOYMENT_TYPE_KEY; + } +} + +/** + * Returns whether a scoped env var/section should be rendered for the + * current command's supported deployment types. + * @param scope Deployment scope being evaluated. + * @param supportedTypes Command-supported deployment types. + * @returns True when scope is compatible. + */ +function isScopeSupported( + scope: DeploymentScope, + supportedTypes?: string[] +): boolean { + if (!supportedTypes || supportedTypes.length === 0) { + return true; + } + return supportedTypes.includes(getDeploymentTypeForScope(scope)); +} + +/** + * Returns whether an env var entry is generally compatible with command + * deployment types based on `appliesToTypes` metadata. + * @param entry Env var descriptor. + * @param supportedTypes Command-supported deployment types. + * @returns True when entry should be considered for rendering. + */ +function isEntrySupportedByTypes( + entry: EnvironmentVariableDescriptor, + supportedTypes?: string[] +): boolean { + if (!supportedTypes || supportedTypes.length === 0) { + return true; + } + + if (!entry.appliesToTypes || entry.appliesToTypes.length === 0) { + return true; + } + + return entry.appliesToTypes.some((type) => supportedTypes.includes(type)); +} + +/** + * Helper used to switch between flat output (single deployment type) and + * scoped sub-sections (mixed deployment types). + * @param types Deployment type list. + * @returns True when exactly one deployment type is supported. + */ +function isSingleDeploymentType(types?: string[]): boolean { + return !!types && types.length === 1; +} + +/** + * Collects env var lines grouped by top-level section and optional + * deployment scope. + * + * Extension guidance: + * - Prefer adding metadata to `environmentVariables` instead of custom logic. + * - Only add conditional code here when metadata cannot express the behavior. + * @param command Command context for include predicates. + * @param includeAll When true, bypass command include filters. + * @param supportedTypes Deployment types for stub/global rendering. + * @returns Grouped env var lines by top-level group and deployment scope. + */ +function collectEnvironmentVariableGroups( + command?: FrodoCommand, + includeAll = false, + supportedTypes?: string[] +) { + const groupedEntries = new Map(); + const effectiveTypes = command?.types || supportedTypes; + + function getOrCreate(group: string): GroupData { + let data = groupedEntries.get(group); + if (!data) { + data = { unscoped: [], scoped: new Map() }; + groupedEntries.set(group, data); + } + return data; + } + + for (const entry of environmentVariables) { + if (!isEntrySupportedByTypes(entry, effectiveTypes)) { + continue; + } + + if (entry.scope && !isScopeSupported(entry.scope, effectiveTypes)) { + continue; + } + + // Scoped entries are rendered as top-level deployment-prefixed groups, + // so no extra indentation is needed. + const extraIndent = 0; + + if (entry.variants) { + const matchingVariants = + includeAll || !command + ? entry.variants + : entry.variants.filter((variant) => + matchesEnvironmentVariableVariant(variant, command) + ); + + if (!matchingVariants.length) { + continue; + } + + const groupData = getOrCreate(entry.group); + const formatted = formatEnvironmentVariableEntry( + entry, + matchingVariants, + extraIndent + ); + + if (entry.scope) { + const scopeEntries = groupData.scoped.get(entry.scope) || []; + scopeEntries.push(...formatted); + groupData.scoped.set(entry.scope, scopeEntries); + } else { + groupData.unscoped.push(...formatted); + } + continue; + } + + if ( + command && + !includeAll && + !matchesEnvironmentVariableEntry(entry, command) + ) { + continue; + } + + const groupData = getOrCreate(entry.group); + const formatted = formatEnvironmentVariableEntry(entry, [], extraIndent); + + if (entry.scope) { + const scopeEntries = groupData.scoped.get(entry.scope) || []; + scopeEntries.push(...formatted); + groupData.scoped.set(entry.scope, scopeEntries); + } else { + groupData.unscoped.push(...formatted); + } + } + + return groupedEntries; +} + +/** + * Renders environment variable help with: + * - deterministic top-level group ordering + * - inline deployment labels for mixed deployment commands + * - flat output for single deployment commands + * @param groupedEntries Output of `collectEnvironmentVariableGroups`. + * @param command Command context used for type resolution. + * @param supportedTypes Deployment types used for stub/global rendering. + * @returns Fully rendered environment variable section (or empty string). + */ +function renderEnvironmentVariableGroups( + groupedEntries: Map, + command?: FrodoCommand, + supportedTypes?: string[] +) { + const effectiveTypes = command?.types || supportedTypes; + const isSingleType = isSingleDeploymentType(effectiveTypes); + + const sections = environmentVariableGroupOrder.flatMap((group) => { + const groupData = groupedEntries.get(group); + if (!groupData) { + return []; + } + + const baseLines: string[] = [...groupData.unscoped]; + if (isSingleType) { + for (const scope of environmentVariableScopeOrder) { + const scopeEntries = groupData.scoped.get(scope); + if (!scopeEntries || scopeEntries.length === 0) { + continue; + } + baseLines.push(...scopeEntries); + } + } else { + for (const scope of environmentVariableScopeOrder) { + const scopeEntries = groupData.scoped.get(scope); + if (!scopeEntries || scopeEntries.length === 0) { + continue; + } + + const deploymentType = getDeploymentTypeForScope(scope); + baseLines.push(''); + baseLines.push(` (${toDeploymentOnlyLabel(deploymentType)}):`); + baseLines.push(...scopeEntries); + } + } + + if (!baseLines.length) { + return []; + } + + return ['', ` ${group}`, ...baseLines]; + }); + + if (!sections.length) { + return ''; + } + + while (sections[0] === '') { + sections.shift(); + } + + return `\nEnvironment Variables:\n\n${sections.join('\n')}\n`; +} + +/** + * Generates a deployment type label for single-deployment-type commands. + * @param command The command to check. + * @returns Label like `Cloud-only` for single-type commands, otherwise empty. + */ +function getDeploymentTypeLabel(command?: CommandWithTypes): string { + if (!command || !command.types || command.types.length === 0) { + return ''; + } + + if (command.types.length === 1) { + return toDeploymentOnlyLabel(command.types[0]); + } + + return ''; +} + +/** + * Converts deployment keys to display labels. + * + * Use this to preserve canonical casing for known values (e.g. `ForgeOps`) + * while still producing reasonable labels for future camelCase values. + * @param type Canonical deployment type key. + * @returns Human-friendly deployment display label. + */ +function getDeploymentTypeDisplayLabel(type: string): string { + switch (type) { + case constants.CLASSIC_DEPLOYMENT_TYPE_KEY: + return 'Classic'; + case constants.CLOUD_DEPLOYMENT_TYPE_KEY: + return 'Cloud'; + case constants.FORGEOPS_DEPLOYMENT_TYPE_KEY: + return 'ForgeOps'; + default: + // Preserve existing camelCase/PascalCase beyond the first character. + return `${type.charAt(0).toUpperCase()}${type.slice(1)}`; + } +} + +/** + * Produces standardized deployment labels used in help output such as + * `Cloud-only`, `Classic-only`, or `ForgeOps-only`. + * @param type Canonical deployment type key. + * @returns `Type-only` label for help rendering. + */ +function toDeploymentOnlyLabel(type: string): string { + return `${getDeploymentTypeDisplayLabel(type)}-only`; +} + +/** + * Maps deployment type keys to the corresponding scoped section token. + * @param type Canonical deployment type key. + * @returns Matching scope token or undefined when unsupported. + */ +function getScopeForDeploymentType(type: string): DeploymentScope | undefined { + switch (type) { + case constants.CLASSIC_DEPLOYMENT_TYPE_KEY: + return 'classic-only'; + case constants.CLOUD_DEPLOYMENT_TYPE_KEY: + return 'cloud-only'; + case constants.FORGEOPS_DEPLOYMENT_TYPE_KEY: + return 'forgeops-only'; + default: + return undefined; + } +} + +/** + * Determines whether an option should be rendered in a deployment-scoped + * sub-section when a command supports multiple deployment types. + * @param option Option to classify. + * @param commandTypes Deployment types supported by the command. + * @returns Scope token when option is single-type constrained. + */ +function getSingleTypeScopeForOption( + option: Option, + commandTypes?: string[] +): DeploymentScope | undefined { + if (!commandTypes || commandTypes.length <= 1) { + return undefined; + } + + const appliesToTypes = getOptionAppliesToTypes(option); + if (!appliesToTypes || appliesToTypes.length !== 1) { + return undefined; + } + + const onlyType = appliesToTypes[0]; + if (!commandTypes.includes(onlyType)) { + return undefined; + } + + return getScopeForDeploymentType(onlyType); +} + +/** + * Splits option list into unscoped and scoped subsets for inline help + * rendering in `formatHelp`. + * @param options Option list for one heading. + * @param commandTypes Deployment types supported by the command. + * @returns Option groups partitioned by scope. + */ +function collectOptionGroupsByScope( + options: Option[], + commandTypes?: string[] +): OptionGroupData { + const grouped: OptionGroupData = { + unscoped: [], + scoped: new Map(), + }; + + for (const option of options) { + const scope = getSingleTypeScopeForOption(option, commandTypes); + if (!scope) { + grouped.unscoped.push(option); + continue; + } + + const entries = grouped.scoped.get(scope) || []; + entries.push(option); + grouped.scoped.set(scope, entries); + } + + return grouped; +} + +/** + * Determines whether a subcommand belongs to a single deployment-only + * section in stub command help. + * @param command Subcommand to classify. + * @returns Scope token when subcommand is single-type constrained. + */ +function getSingleTypeScopeForCommand( + command: Command +): DeploymentScope | undefined { + const typedCommand = command as CommandWithTypes; + if (!typedCommand.types || typedCommand.types.length !== 1) { + return undefined; + } + + return getScopeForDeploymentType(typedCommand.types[0]); +} + +/** + * Splits subcommands into unscoped and scoped subsets for inline scoped + * command sections in stub help. + * @param commands Command list for one heading. + * @returns Command groups partitioned by scope. + */ +function collectCommandGroupsByScope(commands: Command[]): CommandGroupData { + const grouped: CommandGroupData = { + unscoped: [], + scoped: new Map(), + }; + + for (const command of commands) { + const scope = getSingleTypeScopeForCommand(command); + if (!scope) { + grouped.unscoped.push(command); + continue; + } + + const entries = grouped.scoped.get(scope) || []; + entries.push(command); + grouped.scoped.set(scope, entries); + } + + return grouped; +} + +/** + * Declares which deployment types each default option applies to. + * + * Update this when adding deployment-constrained default options so mixed + * deployment help can render scoped sub-labels correctly. + * @param option Default/global option. + * @returns Deployment types for the option, or undefined when unscoped. + */ +function getOptionAppliesToTypes(option: Option): string[] | undefined { + // Keep this mapping aligned with option semantics. It is used only for help + // rendering to decide when options should appear under scoped sub-labels. + switch (option.name()) { + case loginClientId.name(): + case loginRedirectUri.name(): + return [ + constants.CLOUD_DEPLOYMENT_TYPE_KEY, + constants.FORGEOPS_DEPLOYMENT_TYPE_KEY, + ]; + case serviceAccountIdOption.name(): + case serviceAccountJwkFileOption.name(): + return [constants.CLOUD_DEPLOYMENT_TYPE_KEY]; + case amsterPrivateKeyPassphraseOption.name(): + case amsterPrivateKeyFileOption.name(): + return [constants.CLASSIC_DEPLOYMENT_TYPE_KEY]; + default: + return undefined; + } +} + +/** + * Generates command-scoped environment variable help for leaf commands. + * @param command Command being rendered. + * @param includeAll When true, bypass command include filters. + * @returns Rendered environment variable section. + */ +function formatEnvironmentVariables(command: FrodoCommand, includeAll = false) { + const groupedEntries = collectEnvironmentVariableGroups( + command, + includeAll, + command.types + ); + + return renderEnvironmentVariableGroups( + groupedEntries, + command, + command.types + ); +} + +/** + * Generates environment variable help for stub commands that aggregate + * deployment support from their children. + * @param supportedTypes Deployment types supported by child commands. + * @returns Rendered environment variable section. + */ +export function formatGlobalEnvironmentVariables(supportedTypes?: string[]) { + // Global help always shows scope headings (no specific command context) + return renderEnvironmentVariableGroups( + collectEnvironmentVariableGroups(undefined, false, supportedTypes), + undefined, + supportedTypes + ); +} + +function getHelpLevel(argv: string[] = process.argv): 1 | 2 | 3 { + if (argv.includes(HELP_ALL_SHORT_FLAG) || argv.includes(HELP_ALL_FLAG)) + return 3; + if (argv.includes(HELP_MORE_SHORT_FLAG) || argv.includes(HELP_MORE_FLAG)) + return 2; + return 1; +} + +export function isExpandedHelpRequested(argv: string[] = process.argv) { + return getHelpLevel(argv) >= 2; +} + +export function isFullHelpRequested(argv: string[] = process.argv) { + return getHelpLevel(argv) >= 3; +} + +export function normalizeExpandedHelpArgv(argv: string[] = process.argv) { + const normalizedArgv: string[] = []; + + for (const token of argv) { + if (token === HELP_ALL_SHORT_FLAG) { + normalizedArgv.push(HELP_ALL_FLAG, '--help'); + } else if (token === HELP_MORE_SHORT_FLAG) { + normalizedArgv.push(HELP_MORE_FLAG, '--help'); + } else { + normalizedArgv.push(token); + } + } + + return normalizedArgv; +} + +const warnedStabilityCommands = new Set(); +const warnedStabilityOptions = new Set(); + +/** + * Builds a user-facing command path for warnings/errors. + * @param command Command instance. + * @returns Command path, e.g. `frodo shell`. + */ +function getCommandPath(command: Command): string { + const names: string[] = []; + let current: Command | null = command; + while (current) { + if (current.name()) { + names.unshift(current.name()); + } + current = current.parent || null; + } + return names.join(' '); +} + +/** + * Returns a user-facing identifier for an option. + * @param option Option metadata. + * @returns Preferred long flag or raw flags string. + */ +function getOptionLabel(option: Option): string { + return option.long || option.flags; +} + +/** + * Converts option name (`enable-preview`) into Commander attribute name. + * @param optionName Dashed option name. + * @returns CamelCase attribute key. + */ +function toOptionAttributeName(optionName: string): string { + return optionName.replace(/-([a-z])/g, (_m, c: string) => c.toUpperCase()); +} + +/** + * Returns true if value is treated as enabled for opt-in checks. + * @param value Value to evaluate. + * @returns Truthy opt-in interpretation. + */ +function isTruthyOptInValue(value: unknown): boolean { + if (typeof value === 'boolean') { + return value; + } + if (typeof value === 'string') { + return ['1', 'true', 'yes', 'on'].includes(value.toLowerCase()); + } + return false; +} + +/** + * Checks whether an opt-in gate has been satisfied. + * @param command Command being executed. + * @param gate Gate configuration. + * @returns True when execution is allowed. + */ +function isStabilityGateSatisfied( + command: Command, + gate: StabilityGateConfig +): boolean { + const mode = gate.mode || 'option-or-env'; + const optionName = gate.optionName || 'enable-preview'; + const envVarName = gate.envVarName || 'FRODO_ENABLE_PREVIEW'; + + const options = command.optsWithGlobals>(); + const optionKey = toOptionAttributeName(optionName); + const optionEnabled = isTruthyOptInValue(options?.[optionKey]); + const envEnabled = isTruthyOptInValue(process.env[envVarName]); + + switch (mode) { + case 'option-only': + return optionEnabled; + case 'env-only': + return envEnabled; + default: + return optionEnabled || envEnabled; + } +} + +/** + * Returns whether an option was explicitly supplied or otherwise set from a + * non-default source. + * @param command Command being executed. + * @param option Option to inspect. + * @returns True when option value source is non-default. + */ +function isOptionUsed(command: Command, option: Option): boolean { + const source = command.getOptionValueSourceWithGlobals( + option.attributeName() + ); + return !!source && source !== 'default'; +} + +/** + * Enforces stability gate and prints warnings for non-stable options that were + * actually used. + * @param actionCommand Concrete command being executed. + */ +function enforceOptionStabilityAndWarn(actionCommand: Command): void { + for (const option of actionCommand.options) { + const metadata = getStabilityMetadata(option); + if (metadata.level === 'stable' || !isOptionUsed(actionCommand, option)) { + continue; + } + + const commandPath = getCommandPath(actionCommand); + const optionLabel = getOptionLabel(option); + const warningKey = `${commandPath}::${optionLabel}`; + + if (metadata.gate?.requiredOptIn) { + const gate = metadata.gate; + if (!isStabilityGateSatisfied(actionCommand, gate)) { + const optionName = gate.optionName || 'enable-preview'; + const envVarName = gate.envVarName || 'FRODO_ENABLE_PREVIEW'; + const mode = gate.mode || 'option-or-env'; + const guidance = + mode === 'option-only' + ? `Use '--${optionName}'.` + : mode === 'env-only' + ? `Set '${envVarName}=true'.` + : `Use '--${optionName}' or set '${envVarName}=true'.`; + throw new FrodoError( + `${formatStabilityLevel(metadata.level)} option '${optionLabel}' on command '${commandPath}' requires explicit opt-in. ${guidance}` + ); + } + } + + if (!warnedStabilityOptions.has(warningKey)) { + const suffix = metadata.gate?.requiredOptIn + ? metadata.level === 'deprecated' + ? ' This option is opt-in, deprecated, and may be removed in a future release.' + : ' This option is opt-in and may change without notice.' + : metadata.level === 'deprecated' + ? ' This option is deprecated and may be removed in a future release.' + : ' This option may change without notice.'; + printMessage( + `${formatStabilityLevel(metadata.level)} option in use: '${optionLabel}' on command '${commandPath}'.${suffix}`, + 'warn' + ); + warnedStabilityOptions.add(warningKey); + } + } +} + +/** + * Enforces stability gate and prints warnings for non-stable commands. + * @param actionCommand Concrete command being executed. + */ +function enforceStabilityAndWarn(actionCommand: Command): void { + const metadata = getEffectiveCommandStabilityMetadata(actionCommand); + if (metadata.level === 'stable') { + return; + } + + const commandPath = getCommandPath(actionCommand); + + if (metadata.gate?.requiredOptIn) { + const gate = metadata.gate; + if (!isStabilityGateSatisfied(actionCommand, gate)) { + const optionName = gate.optionName || 'enable-preview'; + const envVarName = gate.envVarName || 'FRODO_ENABLE_PREVIEW'; + const mode = gate.mode || 'option-or-env'; + const guidance = + mode === 'option-only' + ? `Use '--${optionName}'.` + : mode === 'env-only' + ? `Set '${envVarName}=true'.` + : `Use '--${optionName}' or set '${envVarName}=true'.`; + throw new FrodoError( + `${formatStabilityLevel(metadata.level)} command '${commandPath}' requires explicit opt-in. ${guidance}` + ); + } + } + + if (!warnedStabilityCommands.has(commandPath)) { + const gateSuffix = metadata.gate?.requiredOptIn + ? metadata.level === 'deprecated' + ? ' This command is opt-in, deprecated, and may be removed in a future release.' + : ' This feature is opt-in and may change without notice.' + : metadata.level === 'deprecated' + ? ' This command is deprecated and may be removed in a future release.' + : ' This feature may change without notice.'; + printMessage( + `${formatStabilityLevel(metadata.level)} feature in use: '${commandPath}'.${gateSuffix}`, + 'warn' + ); + warnedStabilityCommands.add(commandPath); + } + + enforceOptionStabilityAndWarn(actionCommand); +} + +/** + * Command with default options + */ +export class FrodoStubCommand extends Command { + /** + * Command stability metadata. Defaults to stable. + */ + [STABILITY_METADATA_KEY]?: StabilityMetadata; + + types?: string[]; + + /** + * Creates a new FrodoCommand instance + * @param name Name of the command + */ + constructor(name: string) { + super(name); + + if (!process.listenerCount('unhandledRejection')) { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + process.on('unhandledRejection', (error: any) => { + printError( + new FrodoError( + `Please report this unhandled error here: https://github.com/rockcarver/frodo-cli/issues`, + error + ) + ); + process.exitCode = 1; + }); + } + + // other default settings + this.helpOption('-h, --help', 'Help'); + this.addOption( + withHelpGroup( + new Option(HELP_MORE_FLAG, 'Help with all options.'), + HELP_OPTIONS_HEADING + ) + ); + this.addOption( + withHelpGroup( + new Option( + HELP_ALL_FLAG, + 'Help with all options, environment variables, and usage examples.' + ), + HELP_OPTIONS_HEADING + ) + ); + this.showHelpAfterError(); + this.configureHelp({ + sortSubcommands: true, + sortOptions: true, + }); + this.options + .find((option) => option.name() === 'help') + ?.helpGroup(HELP_OPTIONS_HEADING); + this.addHelpText('after', () => { + if (!isFullHelpRequested()) { + return ''; + } + + // FrodoCommand appends its own scoped env reference. + if (this instanceof FrodoCommand) { + return ''; + } + + // Root help wiring in app.ts already handles its own expanded env section. + if (this.name() === 'frodo') { + return ''; + } + + return formatGlobalEnvironmentVariables(this.types); + }); + + // register default handlers + state.setPrintHandler(printMessage); + state.setVerboseHandler(verboseMessage); + state.setDebugHandler(debugMessage); + state.setCurlirizeHandler(curlirizeMessage); + state.setCreateProgressHandler(createProgressIndicator); + state.setUpdateProgressHandler(updateProgressIndicator); + state.setStopProgressHandler(stopProgressIndicator); + + // shutdown handlers + // eslint-disable-next-line @typescript-eslint/no-unused-vars + this.hook('postAction', (thisCommand, actionCommand) => { + debugMessage( + `FrodoCommand: running postAction hook: this command: ${thisCommand.name()}, action command: ${actionCommand.name()}` + ); + cleanupProgressIndicators(); + }); + + this.hook('preAction', (_thisCommand, actionCommand) => { + enforceStabilityAndWarn(actionCommand); + }); + } + + /** + * Marks a command stability level and optionally requires explicit opt-in. + * Stable is the default and requires no call sites. + * @param level Stability indicator. + * @param gate Optional gate configuration for high-risk features. + * @returns This command for chaining. + */ + withStability(level: StabilityIndicator, gate?: StabilityGateConfig): this { + const normalizedGate = gate?.requiredOptIn + ? { + requiredOptIn: true, + optionName: gate.optionName || 'enable-preview', + envVarName: gate.envVarName || 'FRODO_ENABLE_PREVIEW', + helpText: gate.helpText, + mode: gate.mode || 'option-or-env', + } + : gate; + + setStabilityMetadata(this, { level, gate: normalizedGate }); + + if (normalizedGate?.requiredOptIn) { + const optionName = normalizedGate.optionName || 'enable-preview'; + const optionExists = this.options.some( + (option) => + option.name() === optionName || option.attributeName() === optionName + ); + + if (!optionExists) { + const envVarName = normalizedGate.envVarName || 'FRODO_ENABLE_PREVIEW'; + const helpText = + normalizedGate.helpText || + `Opt in to ${level} feature execution. You can also set ${envVarName}=true.`; + this.addOption( + withHelpGroup( + new Option(`--${optionName}`, helpText), + HELP_OPTIONS_HEADING + ) + ); + } + } + + return this; + } + + override addCommand( + command: Command, + opts?: Parameters[1] + ) { + const typedCommand = command as CommandWithTypes; + if (typedCommand.types && typedCommand.types.length > 0) { + const currentTypes = this.types || []; + this.types = [...new Set([...currentTypes, ...typedCommand.types])]; + } + + if (!command.helpGroup()) { + command.helpGroup(COMMANDS_HEADING); + } + + return super.addCommand(command, opts); + } + + override addHelpText( + position: 'beforeAll' | 'before' | 'after' | 'afterAll', + text: string | ((context: AddHelpTextContext) => string) + ): this { + if (position === 'after' && typeof text === 'string') { + return super.addHelpText(position, () => + isFullHelpRequested() ? text : '' + ); + } + if (typeof text === 'string') { + return super.addHelpText(position, text); + } + return super.addHelpText(position, text); + } + + createHelp() { + return Object.assign(new FrodoStubHelp(), this.configureHelp()); + } +} + +class FrodoStubHelp extends Help { + private readonly helpOptionOrder: Record = { + help: 0, + 'help-more': 1, + 'help-all': 2, + }; + + /** + * Custom help renderer that extends Commander output with deployment-aware + * inline sub-sections for options and subcommands. + * + * If you add new default option groups or deployment scopes, update helper + * functions (`collectOptionGroupsByScope`, `environmentVariableScopeOrder`, + * and related mappings) rather than editing rendering loops directly. + * @param cmd Command being rendered. + * @param helper Commander help helper instance. + * @returns Fully rendered help text for the command. + */ + override formatHelp(cmd: Command, helper: Help): string { + const termWidth = helper.padWidth(cmd, helper); + const helpWidth = helper.helpWidth ?? 80; + + function callFormatItem(term: string, description: string) { + return helper.formatItem(term, termWidth, description, helper); + } + + let output = [ + `${helper.styleTitle('Usage:')} ${helper.styleUsage(helper.commandUsage(cmd))}`, + '', + ]; + + const commandDescription = helper.commandDescription(cmd); + if (commandDescription.length > 0) { + output = output.concat([ + helper.boxWrap( + helper.styleCommandDescription(commandDescription), + helpWidth + ), + '', + ]); + } + + const argumentList = helper.visibleArguments(cmd).map((argument) => { + return callFormatItem( + helper.styleArgumentTerm(helper.argumentTerm(argument)), + helper.styleArgumentDescription(helper.argumentDescription(argument)) + ); + }); + output = output.concat( + this.formatItemList('Arguments:', argumentList, helper) + ); + + // Add deployment type indicator after Usage/Description/Arguments for single-type commands. + const typedCmd = cmd as CommandWithTypes; + const typeLabel = getDeploymentTypeLabel(typedCmd); + if (typeLabel) { + output.push(`Deployment: ${typeLabel}`, ''); + } + + const optionGroups = this.groupItems( + [...cmd.options], + [...helper.visibleOptions(cmd)], + (option) => option.helpGroupHeading ?? 'Options:' + ); + const orderedOptionGroups = [...optionGroups.entries()].sort( + ([leftGroup], [rightGroup]) => { + if (leftGroup === COMMAND_OPTIONS_HEADING) { + return -1; + } + + if (rightGroup === COMMAND_OPTIONS_HEADING) { + return 1; + } + + return leftGroup.localeCompare(rightGroup, undefined, { + sensitivity: 'base', + }); + } + ); + + orderedOptionGroups.forEach(([group, options]) => { + const scopedGroups = collectOptionGroupsByScope(options, typedCmd.types); + const optionLines = scopedGroups.unscoped.map((option) => { + return callFormatItem( + helper.styleOptionTerm(helper.optionTerm(option)), + helper.styleOptionDescription(helper.optionDescription(option)) + ); + }); + + for (const scope of environmentVariableScopeOrder) { + const scopedOptions = scopedGroups.scoped.get(scope); + if (!scopedOptions || scopedOptions.length === 0) { + continue; + } + + const deploymentType = getDeploymentTypeForScope(scope); + optionLines.push(''); + optionLines.push(` (${toDeploymentOnlyLabel(deploymentType)}):`); + optionLines.push( + ...scopedOptions.map((option) => + callFormatItem( + helper.styleOptionTerm(helper.optionTerm(option)), + helper.styleOptionDescription(helper.optionDescription(option)) + ) + ) + ); + } + + output = output.concat(this.formatItemList(group, optionLines, helper)); + }); + + if (helper.showGlobalOptions) { + const globalOptionList = helper + .visibleGlobalOptions(cmd) + .map((option) => { + return callFormatItem( + helper.styleOptionTerm(helper.optionTerm(option)), + helper.styleOptionDescription(helper.optionDescription(option)) + ); + }); + output = output.concat( + this.formatItemList('Global Options:', globalOptionList, helper) + ); + } + + const commandGroups = this.groupItems( + [...cmd.commands], + [...helper.visibleCommands(cmd)], + (sub) => sub.helpGroup() || 'Commands:' + ); + commandGroups.forEach((commands, group) => { + const scopedGroups = collectCommandGroupsByScope(commands); + const commandList = scopedGroups.unscoped.map((sub) => { + return callFormatItem( + helper.styleSubcommandTerm(helper.subcommandTerm(sub)), + helper.styleSubcommandDescription(helper.subcommandDescription(sub)) + ); + }); + + for (const scope of environmentVariableScopeOrder) { + const scopedCommands = scopedGroups.scoped.get(scope); + if (!scopedCommands || scopedCommands.length === 0) { + continue; + } + + const deploymentType = getDeploymentTypeForScope(scope); + commandList.push(''); + commandList.push(` (${toDeploymentOnlyLabel(deploymentType)}):`); + commandList.push( + ...scopedCommands.map((sub) => + callFormatItem( + helper.styleSubcommandTerm(helper.subcommandTerm(sub)), + helper.styleSubcommandDescription( + helper.subcommandDescription(sub) + ) + ) + ) + ); + } + + output = output.concat(this.formatItemList(group, commandList, helper)); + }); + + return output.join('\n'); + } + + /** + * Decorates command description with stability badges. + * @param cmd Command being rendered. + * @returns Possibly decorated description. + */ + override commandDescription(cmd: Command): string { + return decorateDescriptionWithStability(super.commandDescription(cmd), cmd); + } + + /** + * Decorates subcommand description with stability badges. + * @param cmd Subcommand being rendered. + * @returns Possibly decorated description. + */ + override subcommandDescription(cmd: Command): string { + return decorateDescriptionWithStability( + super.subcommandDescription(cmd), + cmd + ); + } + + /** + * Decorates argument description with stability badges. + * @param argument Argument being rendered. + * @returns Possibly decorated description. + */ + override argumentDescription(argument: Argument): string { + return decorateDescriptionWithStability( + super.argumentDescription(argument), + argument + ); + } + + /** + * Decorates option description with stability badges. + * @param option Option being rendered. + * @returns Possibly decorated description. + */ + override optionDescription(option: Option): string { + return decorateDescriptionWithStability( + super.optionDescription(option), + option + ); + } + + /** + * Reorders options so help flags are always shown at the end. + * @param options Visible options for a help section. + * @returns Reordered options. + */ + private orderHelpOptions(options: Option[]): Option[] { + const indexed = options.map((option, index) => ({ option, index })); + + indexed.sort((left, right) => { + const leftPriority = this.helpOptionOrder[left.option.name()]; + const rightPriority = this.helpOptionOrder[right.option.name()]; + const leftIsHelp = leftPriority !== undefined; + const rightIsHelp = rightPriority !== undefined; + + if (leftIsHelp && rightIsHelp) { + return leftPriority - rightPriority; + } + + if (leftIsHelp) { + return 1; + } + + if (rightIsHelp) { + return -1; + } + + return left.index - right.index; + }); + + return indexed.map(({ option }) => option); + } + + /** + * Renders compact aliases for custom help flags. + * @param option Option being rendered. + * @returns Display term for the option. + */ + override optionTerm(option: Option) { + if (option.long === HELP_MORE_FLAG) { + return `${HELP_MORE_SHORT_FLAG}, ${HELP_MORE_FLAG}`; + } + + if (option.long === HELP_ALL_FLAG) { + return `${HELP_ALL_SHORT_FLAG}, ${HELP_ALL_FLAG}`; + } + + return super.optionTerm(option); + } + + /** + * Filters and orders visible options by help level. + * @param cmd Command being rendered. + * @returns Visible options for current help level. + */ + override visibleOptions(cmd: Command): Option[] { + // Base help (`-h`) intentionally hides advanced default option groups, + // while expanded help (`-hh` / `-hhh`) shows everything. + const allVisible = super.visibleOptions(cmd); + + if (getHelpLevel() >= 2) { + return this.orderHelpOptions(allVisible); + } + + return this.orderHelpOptions( + allVisible.filter( + (opt) => + opt.helpGroupHeading !== CONNECTION_OPTIONS_HEADING && + opt.helpGroupHeading !== AUTHENTICATION_OPTIONS_HEADING && + opt.helpGroupHeading !== RUNTIME_OPTIONS_HEADING && + opt.helpGroupHeading !== OUTPUT_OPTIONS_HEADING + ) + ); + } + + /** + * Uses visible-item ordering to keep dynamic scoped sections stable. + * @param _unsortedItems Commander-provided original list (unused intentionally). + * @param visibleItems Visible list after filtering. + * @param getGroup Grouping selector. + * @returns Group map with stable visible ordering. + */ + override groupItems( + _unsortedItems: T[], + visibleItems: T[], + getGroup: (item: T) => string + ): Map { + // Seed group order from visible items so filtered and transformed sections + // keep stable ordering with custom help rendering. + return super.groupItems(visibleItems, visibleItems, getGroup); + } + + /** + * Renders subcommand term with first alias, if present. + * @param cmd Subcommand. + * @returns Display label for command list row. + */ + subcommandTerm(cmd: Command) { + const aliases = cmd.aliases(); + return cmd.name() + (aliases[0] ? '|' + aliases[0] : ''); + } +} + +/** + * Command with default options + */ +export class FrodoCommand extends FrodoStubCommand { + /** + * Explicit deployment types for this concrete command instance. + */ + types: string[]; + + /** + * Creates a new FrodoCommand instance + * @param name Name of the command + * @param omits Array of default argument names and default option names that should not be added to this command + * @param types Array of deployment types this command supports + */ + constructor( + name: string, + omits: string[] = [], + types: string[] = DEPLOYMENT_TYPES + ) { + super(name); + + this.types = types; + this.allowExcessArguments(); + const commandOmits = new Set(omits); + const supportsCloud = types.includes(constants.CLOUD_DEPLOYMENT_TYPE_KEY); + const supportsForgeops = types.includes( + constants.FORGEOPS_DEPLOYMENT_TYPE_KEY + ); + + // Cloud-only commands do not need Amster private key defaults. + if ( + types.length === 1 && + types[0] === constants.CLOUD_DEPLOYMENT_TYPE_KEY + ) { + commandOmits.add(amsterPrivateKeyPassphraseOption.name()); + commandOmits.add(amsterPrivateKeyFileOption.name()); + } + + // Service account options are only applicable for cloud-supporting commands. + if (!supportsCloud) { + commandOmits.add(serviceAccountIdOption.name()); + commandOmits.add(serviceAccountJwkFileOption.name()); + } + + // Login client options are applicable only when cloud or forgeops is supported. + if (!supportsCloud && !supportsForgeops) { + commandOmits.add(loginClientId.name()); + commandOmits.add(loginRedirectUri.name()); + } + + // register default arguments + // This is the primary extension point for adding CLI-wide arguments. + for (const arg of defaultArgs) { + if (!commandOmits.has(arg.name())) this.addArgument(arg); + } + + // register default options + // This is the primary extension point for adding CLI-wide options. + for (const opt of defaultOpts) { + if (!commandOmits.has(opt.name())) this.addOption(opt); + } + + this.options + .find((option) => option.name() === 'help') + ?.helpGroup(HELP_OPTIONS_HEADING); + + // additional help + this.addHelpText('after', () => + isFullHelpRequested() ? formatEnvironmentVariables(this) : '' + ); + } + + /** + * Adds and normalizes an option before registration. + * @param option Option to add. + * @returns This command for chaining. + */ + override addOption(option: Option) { + // Clone to avoid mutating shared default option instances. + const commandOption = cloneOption(option); + + if (!commandOption.helpGroupHeading) { + commandOption.helpGroup(COMMAND_OPTIONS_HEADING); + } + + return super.addOption(commandOption); + } + + /** + * Adds a cloned argument to avoid mutating shared definitions. + * @param argument Argument to add. + * @returns This command for chaining. + */ + override addArgument(argument: Argument) { + // Clone to avoid mutating shared default argument instances. + return super.addArgument(cloneArgument(argument)); + } + + /** + * Used by env var include predicates to detect whether a default argument + * is currently present on this command. + * @param argumentName Argument name to test. + * @returns True when argument is present. + */ + hasDefaultArgument(argumentName: string) { + return this.registeredArguments.some( + (argument) => argument.name() === argumentName + ); + } + + /** + * Used by env var include predicates to detect whether a default option + * is currently present on this command. + * @param optionName Option attribute/name to test. + * @returns True when option is present. + */ + hasDefaultOption(optionName: string) { + return this.options.some( + (option) => + option.attributeName() === optionName || option.name() === optionName + ); + } + + /** + * Applies shared default argument/option handlers to runtime state and then + * invokes command-specific handler logic. + * @param args Commander action arguments where trailing values are options and command. + * @returns Promise from command action flow. */ // eslint-disable-next-line @typescript-eslint/no-explicit-any handleDefaultArgsAndOpts(...args: any) { diff --git a/src/cli/config-manager/config-manager.ts b/src/cli/config-manager/config-manager.ts index 51e4de1ab..d4f7c86a5 100644 --- a/src/cli/config-manager/config-manager.ts +++ b/src/cli/config-manager/config-manager.ts @@ -3,9 +3,11 @@ import PullCmd from './config-manager-pull/config-manager-pull'; import PushCmd from './config-manager-push/config-manager-push'; export default function setup() { - const program = new FrodoStubCommand('config-manager').description( - 'Manage configuration optimized for CI/CD pipelines (format compatible with fr-config-manager).' - ); + const program = new FrodoStubCommand('config-manager') + .withStability('experimental') + .description( + 'Manage configuration optimized for CI/CD pipelines (format compatible with fr-config-manager).' + ); program.addCommand(PullCmd().name('pull')); program.addCommand(PushCmd().name('push')); diff --git a/src/cli/dcc/dcc.ts b/src/cli/dcc/dcc.ts index 743f8deb2..9599ca1cd 100644 --- a/src/cli/dcc/dcc.ts +++ b/src/cli/dcc/dcc.ts @@ -2,9 +2,9 @@ import { FrodoStubCommand } from '../FrodoCommand'; import SessionCmd from './dcc-session.js'; export default function setup() { - const program = new FrodoStubCommand('dcc').description( - 'Direct Configuration Control (DCC) commands.' - ); + const program = new FrodoStubCommand('dcc') + .withStability('preview') + .description('Direct Configuration Control (DCC) commands.'); program.alias('direct-configuration-control'); diff --git a/src/cli/journey/journey-delete.ts b/src/cli/journey/journey-delete.ts index f29e99cc9..832c8372e 100644 --- a/src/cli/journey/journey-delete.ts +++ b/src/cli/journey/journey-delete.ts @@ -29,12 +29,6 @@ export default function setup() { 'No deep delete. This leaves orphaned configuration artifacts behind.' ) ) - .addOption( - new Option( - '--verbose', - 'Verbose output during command execution. If specified, may or may not produce additional output.' - ).default(false, 'off') - ) .action( // implement command logic inside action handler async (host, realm, user, password, options, command) => { diff --git a/src/cli/journey/journey-list.ts b/src/cli/journey/journey-list.ts index 8f9cf6971..982f93621 100644 --- a/src/cli/journey/journey-list.ts +++ b/src/cli/journey/journey-list.ts @@ -14,9 +14,6 @@ export default function setup() { .addOption( new Option('-l, --long', 'Long with all fields.').default(false, 'false') ) - .addOption( - new Option('-a, --analyze', 'Analyze journeys for custom nodes.') - ) .action( // implement command logic inside action handler async (host, realm, user, password, options, command) => { @@ -30,7 +27,7 @@ export default function setup() { ); if (await getTokens()) { verboseMessage(`Listing journeys in realm "${state.getRealm()}"...`); - const outcome = await listJourneys(options.long, options.analyze); + const outcome = await listJourneys(options.long); if (!outcome) process.exitCode = 1; } else { process.exitCode = 1; diff --git a/src/cli/promote/promote.ts b/src/cli/promote/promote.ts index 83b848bf2..61c2cdb7e 100644 --- a/src/cli/promote/promote.ts +++ b/src/cli/promote/promote.ts @@ -6,10 +6,10 @@ import { compareExportToDirectory } from '../../ops/PromoteOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud']; export default function setup() { - const program = new FrodoCommand('promote'); + const program = new FrodoCommand('promote', [], deploymentTypes); program .description('Prepares a tenant to be promoted') diff --git a/src/cli/shell/shell.ts b/src/cli/shell/shell.ts index c46ca8938..4b95d5bc1 100644 --- a/src/cli/shell/shell.ts +++ b/src/cli/shell/shell.ts @@ -260,7 +260,7 @@ async function startRepl(allowAwait = false, host?: string) { } export default function setup() { - const program = new FrodoCommand('shell'); + const program = new FrodoCommand('shell').withStability('experimental'); program .description('Launch the frodo interactive shell.') .addHelpText( diff --git a/src/configManagerOps/FrConfigAuthenticationOps.ts b/src/configManagerOps/FrConfigAuthenticationOps.ts index c4d0a65c3..22d92ac83 100644 --- a/src/configManagerOps/FrConfigAuthenticationOps.ts +++ b/src/configManagerOps/FrConfigAuthenticationOps.ts @@ -22,8 +22,12 @@ export async function configManagerExportAuthentication( saveJsonToFile(exportData, getFilePath(`${fileName}`, true), false, true); } else { for (const realmName of await realmList()) { - if (realmName === '/' && - state.getDeploymentType() === frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY) continue; + if ( + realmName === '/' && + state.getDeploymentType() === + frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY + ) + continue; state.setRealm(realmName); const exportData = await _readAuthenticationSettings(false); diff --git a/src/configManagerOps/FrConfigJourneysOps.ts b/src/configManagerOps/FrConfigJourneysOps.ts index f04561df1..ba06b1ba0 100644 --- a/src/configManagerOps/FrConfigJourneysOps.ts +++ b/src/configManagerOps/FrConfigJourneysOps.ts @@ -31,8 +31,12 @@ export async function configManagerExportJourneys( processJourneys(exportData.trees, realm, name, pullDependency, 'realms'); } else { for (const realm of await realmList()) { - if (realm === '/' && - state.getDeploymentType() === frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY) continue; + if ( + realm === '/' && + state.getDeploymentType() === + frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY + ) + continue; state.setRealm(realm); const exportData = (await exportJourneys( diff --git a/src/configManagerOps/FrConfigOrgPrivilegesOps.ts b/src/configManagerOps/FrConfigOrgPrivilegesOps.ts index 53a1c07f5..26df1fc47 100644 --- a/src/configManagerOps/FrConfigOrgPrivilegesOps.ts +++ b/src/configManagerOps/FrConfigOrgPrivilegesOps.ts @@ -60,8 +60,12 @@ export async function configManagerExportOrgPrivilegesAllRealms(): Promise { try { for (const realm of await realmList()) { - if (realm === '/' && - state.getDeploymentType() === frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY) continue; + if ( + realm === '/' && + state.getDeploymentType() === + frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY + ) + continue; state.setRealm(realm); verboseMessage(`\n${state.getRealm()} realm:`); diff --git a/src/ops/JourneyOps.ts b/src/ops/JourneyOps.ts index 96af1c52f..6246957f9 100644 --- a/src/ops/JourneyOps.ts +++ b/src/ops/JourneyOps.ts @@ -3,7 +3,6 @@ import { type NodeSkeleton } from '@rockcarver/frodo-lib/types/api/NodeApi'; import { type TreeSkeleton } from '@rockcarver/frodo-lib/types/api/TreeApi'; import { DeleteJourneysStatus, - type JourneyClassificationType, type MultiTreeExportInterface, type SingleTreeExportInterface, type TreeDependencyMapInterface, @@ -49,7 +48,6 @@ const { getTreeDescendents, getNodeRef, onlineTreeExportResolver, - getJourneyClassification: _getJourneyClassification, disableJourney: _disableJourney, enableJourney: _enableJourney, deleteJourney: _deleteJourney, @@ -59,33 +57,74 @@ const { /** * List all the journeys/trees * @param {boolean} long Long version, all the fields - * @param {boolean} analyze Analyze journeys/trees for custom nodes (expensive) * @returns {Promise} a promise resolving to true if successful, false otherwise */ -export async function listJourneys( - long: boolean = false, - analyze: boolean = false -): Promise { +export async function listJourneys(long: boolean = false): Promise { let journeys = []; try { journeys = await readJourneys(); - if (!long && !analyze) { + if (!long) { for (const journeyStub of journeys) { printMessage(`${journeyStub['_id']}`, 'data'); } return true; } else { - if (!analyze) { - const table = createTable(['Name', 'Status', 'Tags']); + const spinnerId = createProgressIndicator( + 'indeterminate', + 0, + `Retrieving details of all journeys...` + ); + const exportPromises: Promise[] = []; + try { for (const journeyStub of journeys) { + exportPromises.push( + exportJourney(journeyStub['_id'], { + useStringArrays: false, + deps: false, + coords: true, + }) + ); + } + const journeyExports = await Promise.all(exportPromises); + stopProgressIndicator( + spinnerId, + 'Retrieved details of all journeys.', + 'success' + ); + const table = createTable([ + 'Name', + 'Status', + 'Inner Only', + 'Must Run', + 'No Session', + 'Tx Only', + 'Resource', + 'Tags', + ]); + for (const journeyExport of journeyExports) { table.push([ - `${journeyStub._id}`, - journeyStub.enabled === false + `${journeyExport.tree._id}`, + journeyExport.tree.enabled === false ? 'disabled'['brightRed'] : 'enabled'['brightGreen'], - journeyStub.uiConfig?.categories + journeyExport.tree.innerTreeOnly + ? 'yes'['brightYellow'] + : 'no'['brightGreen'], + journeyExport.tree.mustRun + ? 'yes'['brightYellow'] + : 'no'['brightGreen'], + journeyExport.tree.noSession + ? 'yes'['brightYellow'] + : 'no'['brightGreen'], + journeyExport.tree.transactionalOnly + ? 'yes'['brightYellow'] + : 'no'['brightGreen'], + journeyExport.tree.identityResource + ? journeyExport.tree.identityResource + : '', + journeyExport.tree.uiConfig?.categories ? wordwrap( - JSON.parse(journeyStub.uiConfig.categories).join(', '), + JSON.parse(journeyExport.tree.uiConfig.categories).join(', '), 60 ) : '', @@ -93,62 +132,13 @@ export async function listJourneys( } printMessage(table.toString(), 'data'); return true; - } else { - const spinnerId = createProgressIndicator( - 'indeterminate', - 0, - `Retrieving details of all journeys...` + } catch (error) { + stopProgressIndicator( + spinnerId, + 'Error retrieving details of all journeys.', + 'fail' ); - const exportPromises = []; - try { - for (const journeyStub of journeys) { - exportPromises.push( - exportJourney(journeyStub['_id'], { - useStringArrays: false, - deps: false, - coords: true, - }) - ); - } - const journeyExports = await Promise.all(exportPromises); - stopProgressIndicator( - spinnerId, - 'Retrieved details of all journeys.', - 'success' - ); - const table = createTable([ - 'Name', - 'Status', - 'Classification', - 'Tags', - ]); - for (const journeyExport of journeyExports) { - table.push([ - `${journeyExport.tree._id}`, - journeyExport.tree.enabled === false - ? 'disabled'['brightRed'] - : 'enabled'['brightGreen'], - getJourneyClassification(journeyExport).join(', '), - journeyExport.tree.uiConfig?.categories - ? wordwrap( - JSON.parse(journeyExport.tree.uiConfig.categories).join( - ', ' - ), - 60 - ) - : '', - ]); - } - printMessage(table.toString(), 'data'); - return true; - } catch (error) { - stopProgressIndicator( - spinnerId, - 'Error retrieving details of all journeys.', - 'fail' - ); - printError(error); - } + printError(error); } } } catch (error) { @@ -558,56 +548,6 @@ export async function importJourneysFromFiles( return false; } -/** - * Get journey classification - * @param {SingleTreeExportInterface} journey journey export - * @returns {string[]} Colored string array of classifications - */ -export function getJourneyClassification( - journey: SingleTreeExportInterface -): JourneyClassificationType[] { - return _getJourneyClassification(journey).map((it) => { - switch (it) { - case 'standard': - return it['brightGreen']; - - case 'cloud': - return it['brightMagenta']; - - case 'custom': - return it['brightRed']; - - case 'premium': - return it['brightYellow']; - } - }); -} - -/** - * Get journey classification in markdown - * @param {SingleTreeExportInterface} journey journey export - * @returns {string[]} Colored string array of classifications - */ -export function getJourneyClassificationMd( - journey: SingleTreeExportInterface -): string[] { - return _getJourneyClassification(journey).map((it) => { - switch (it) { - case 'standard': - return `:green_circle: \`${it}\``; - - case 'cloud': - return `:purple_circle: \`${it}\``; - - case 'custom': - return `:red_circle: \`${it}\``; - - case 'premium': - return `:yellow_circle: \`${it}\``; - } - }); -} - /** * Get a one-line description of the tree object * @param {TreeSkeleton} treeObj circle of trust object to describe @@ -747,13 +687,24 @@ export async function describeJourney( }` ); - // Classification - if (state.getAmVersion()) { - printMessage( - `\nClassification\n${getJourneyClassification(journeyData).join(', ')}`, - 'data' - ); - } + // Journey flags + printMessage( + `\nFlags\n- Inner Tree Only: ${ + journeyData.tree.innerTreeOnly + ? 'true'['brightGreen'] + : 'false'['brightRed'] + }\n- Must Run: ${ + journeyData.tree.mustRun ? 'true'['brightGreen'] : 'false'['brightRed'] + }\n- No Session: ${ + journeyData.tree.noSession + ? 'true'['brightGreen'] + : 'false'['brightRed'] + }\n- Transactional Only: ${ + journeyData.tree.transactionalOnly + ? 'true'['brightGreen'] + : 'false'['brightRed'] + }` + ); // Categories/Tags if ( @@ -785,12 +736,7 @@ export async function describeJourney( 'data' ); for (const [nodeType, count] of Object.entries(nodeTypeMap)) { - printMessage( - `- ${String(count)} [${ - nodeType['brightCyan'] - }] (${Node.getNodeClassification(nodeType).join(', ')})`, - 'data' - ); + printMessage(`- ${String(count)} [${nodeType['brightCyan']}]`, 'data'); } } @@ -948,7 +894,27 @@ export async function describeJourneyMd( journeyData.tree.enabled === false ? ':o: `disabled`' : ':white_check_mark: `enabled`' - }, ${getJourneyClassificationMd(journeyData).join(', ')}`, + }, ${ + journeyData.tree.innerTreeOnly + ? ':o: `innerTreeOnly`' + : ':white_check_mark: `not innerTreeOnly`' + }, ${ + journeyData.tree.mustRun + ? ':o: `mustRun`' + : ':white_check_mark: `not mustRun`' + }, ${ + journeyData.tree.noSession + ? ':o: `noSession`' + : ':white_check_mark: `sessionAllowed`' + }, ${ + journeyData.tree.transactionalOnly + ? ':o: `transactionalOnly`' + : ':white_check_mark: `not transactionalOnly`' + }${ + journeyData.tree.identityResource + ? `, identity resource: \`${journeyData.tree.identityResource}\`` + : '' + }`, 'data' ); @@ -984,15 +950,10 @@ export async function describeJourneyMd( `## Node Types (${Object.entries(nodeTypeMap).length})`, 'data' ); - printMessage('| Count | Type | Classification |', 'data'); - printMessage('| -----:| ---- | -------------- |', 'data'); + printMessage('| Count | Type |', 'data'); + printMessage('| -----:| ---- |', 'data'); for (const [nodeType, count] of Object.entries(nodeTypeMap)) { - printMessage( - `| ${String(count)} | ${nodeType} | ${Node.getNodeClassificationMd( - nodeType - ).join('
')} |`, - 'data' - ); + printMessage(`| ${String(count)} | ${nodeType} |`, 'data'); } } diff --git a/src/ops/NodeOps.ts b/src/ops/NodeOps.ts index 758983167..5ce9849df 100644 --- a/src/ops/NodeOps.ts +++ b/src/ops/NodeOps.ts @@ -30,7 +30,6 @@ import { errorHandler } from './utils/OpsUtils'; import wordwrap from './utils/Wordwrap'; const { - getNodeClassification: _getNodeClassification, readCustomNode, readCustomNodes, getCustomNodeUsage, @@ -50,64 +49,6 @@ const { const { stringify } = frodo.utils.json; -/** - * Get node classification - * @param {string} nodeType node type - * @returns {stringp[]} Colored string array of classifications - */ -export function getNodeClassification(nodeType: string): string[] { - return _getNodeClassification(nodeType).map((it) => { - switch (it) { - case 'standard': - return it.toString()['brightGreen']; - - case 'cloud': - return it.toString()['brightMagenta']; - - case 'custom': - return it.toString()['brightRed']; - - case 'excluded': - return it.toString()['brightRed']; - - case 'premium': - return it.toString()['brightYellow']; - - case 'deprecated': - return it.toString()['brightYellow']; - } - }); -} - -/** - * Get node classification in markdown - * @param {string} nodeType node type - * @returns {stringp[]} Colored string array of classifications - */ -export function getNodeClassificationMd(nodeType: string): string[] { - return _getNodeClassification(nodeType).map((it) => { - switch (it) { - case 'standard': - return `:green_circle: \`${it.toString()}\``; - - case 'cloud': - return `:purple_circle: \`${it.toString()}\``; - - case 'custom': - return `:red_circle: \`${it.toString()}\``; - - case 'excluded': - return `:red_circle: \`${it.toString()}\``; - - case 'premium': - return `:yellow_circle: \`${it.toString()}\``; - - case 'deprecated': - return `:yellow_circle: \`${it.toString()}\``; - } - }); -} - /** * Get a one-line description of the node * @param {NodeSkeleton} nodeObj node object to describe @@ -118,9 +59,7 @@ export function getOneLineDescription( nodeObj: NodeSkeleton, nodeRef?: NodeRefSkeletonInterface | InnerNodeRefSkeletonInterface ): string { - const description = `[${nodeObj._id['brightCyan']}] (${getNodeClassification( - nodeObj._type._id - ).join(', ')}) ${nodeObj._type._id}${ + const description = `[${nodeObj._id['brightCyan']}] ${nodeObj._type._id}${ nodeRef ? ' - ' + nodeRef?.displayName : '' }`; return description; @@ -136,9 +75,7 @@ export function getOneLineDescriptionMd( nodeObj: NodeSkeleton, nodeRef?: NodeRefSkeletonInterface | InnerNodeRefSkeletonInterface ): string { - const description = `${nodeObj._id} (${getNodeClassificationMd( - nodeObj._type._id - ).join(', ')}) ${nodeObj._type._id}${ + const description = `${nodeObj._id} ${nodeObj._type._id}${ nodeRef ? ' - ' + nodeRef?.displayName : '' }`; return description; @@ -150,8 +87,8 @@ export function getOneLineDescriptionMd( */ export function getTableHeaderMd(): string { let markdown = ''; - markdown += '| Display Name | Type | Classification | Id |\n'; - markdown += '| ------------ | ---- | -------------- | ---|'; + markdown += '| Display Name | Type | Id |\n'; + markdown += '| ------------ | ---- | -- |'; return markdown; } @@ -167,9 +104,7 @@ export function getTableRowMd( ): string { const row = `| ${nodeRef ? nodeRef.displayName : ''} | ${ nodeObj._type._id - } | ${getNodeClassificationMd(nodeObj._type._id).join('
')} | \`${ - nodeObj._id - }\` |`; + } | \`${nodeObj._id}\` |`; return row; } diff --git a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap index 030b9131a..36d4a061c 100644 --- a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap @@ -7,60 +7,19 @@ Add AutoId static user mapping to enable dashboards and other AutoId-based functionality. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap index 11bfb35ed..51265d205 100644 --- a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap @@ -6,68 +6,40 @@ exports[`CLI help interface for 'admin create-oauth2-client-with-admin-privilege Create an oauth2 client with admin privileges. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --client-id [id] Client id. - --client-secret [secret] Client secret. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --llt Create a long-lived token and store it in a secret. The default secret name is esv-admin-token and the default token lifetime is 315,360,000 seconds (10 years). Both can be overwritten with the --llt-esv and --llt-ttl options. - --llt-esv [esv] Name of the secret to store the token in. This option only applies if used with the --llt option. (default: esv-admin-token) - --llt-scope [scope] Request the following scope(s). This option only applies if used with the --llt option. (default: fr:idm:*) - --llt-ttl [ttl] Token lifetime (seconds). This option only applies if used with the --llt option. (default: 315,360,000 seconds (10 years)) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --no-llt-esv Don't store the token in a secret and output to console instead. This option only applies if used with the --llt option. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + --client-id [id] Client id. + --client-secret [secret] Client secret. + --llt Create a long-lived token and store it in a secret. + The default secret name is esv-admin-token and the + default token lifetime is 315,360,000 seconds (10 + years). Both can be overwritten with the --llt-esv + and --llt-ttl options. + --llt-esv [esv] Name of the secret to store the token in. This + option only applies if used with the --llt option. + (default: esv-admin-token) + --llt-scope [scope] Request the following scope(s). This option only + applies if used with the --llt option. (default: + fr:idm:*) + --llt-ttl [ttl] Token lifetime (seconds). This option only applies + if used with the --llt option. (default: 315,360,000 + seconds (10 years)) + --no-llt-esv Don't store the token in a secret and output to + console instead. This option only applies if used + with the --llt option. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap index 48d52f37f..5bbc0500a 100644 --- a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap @@ -6,64 +6,27 @@ exports[`CLI help interface for 'admin get-access-token' should be expected engl Get an access token using client credentials grant type. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm + or 'realm' or '/parent/child' otherwise. + (default: "alpha" for Identity Cloud tenants, + "/" otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id [id] Client id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - -s, --client-secret [secret] Client secret. - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --scope [scope] Request the following scope(s). (default: fr:idm:*) - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --client-id [id] Client id. + -s, --client-secret [secret] Client secret. + --scope [scope] Request the following scope(s). (default: + fr:idm:*) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, + and usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap index be3845905..d5d2e47f9 100644 --- a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap @@ -6,62 +6,22 @@ exports[`CLI help interface for 'admin grant-oauth2-client-admin-privileges' sho Grant an oauth2 client admin privileges. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id OAuth2 client id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --client-id OAuth2 client id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap index 7b655ab31..4dd881f4c 100644 --- a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap @@ -6,63 +6,25 @@ exports[`CLI help interface for 'admin hide-generic-extension-attributes' should Hide generic extension attributes. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --dry-run Dry-run only, do not perform changes. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --include-customized Include customized attributes. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + --dry-run Dry-run only, do not perform changes. + --include-customized Include customized attributes. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap index ad5f21bad..61c20ba53 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap @@ -6,61 +6,20 @@ exports[`CLI help interface for 'admin list-oauth2-clients-with-admin-privileges List oauth2 clients with admin privileges. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap index a92d5c6a9..9193ceeeb 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap @@ -6,61 +6,20 @@ exports[`CLI help interface for 'admin list-oauth2-clients-with-custom-privilege List oauth2 clients with custom privileges. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap index 532b5581c..503e15b1e 100644 --- a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'admin list-static-user-mappings' should be expe List all subjects of static user mappings that are not oauth2 clients. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --show-protected Show protected (system) subjects. (default: false) - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + --show-protected Show protected (system) subjects. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap index b4eb15ec9..3269dae1c 100644 --- a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'admin remove-static-user-mapping' should be exp Remove a subject's static user mapping. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --sub-id Subject identifier. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --sub-id Subject identifier. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap index 45102edd4..d9064a233 100644 --- a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap @@ -6,64 +6,24 @@ exports[`CLI help interface for 'admin repair-org-model' should be expected engl Repair org model. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --dry-run Dry-run only, do not perform changes. - --exclude-customized Exclude customized properties from repair. - --extend-permissions Extend permissions to include custom attributes. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + --dry-run Dry-run only, do not perform changes. + --exclude-customized Exclude customized properties from repair. + --extend-permissions Extend permissions to include custom attributes. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap index 40f3a2fd0..ada8f9be5 100644 --- a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap @@ -6,62 +6,22 @@ exports[`CLI help interface for 'admin revoke-oauth2-client-admin-privileges' sh Revoke admin privileges from an oauth2 client. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id OAuth2 client id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --client-id OAuth2 client id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap index 7c7347560..984ddb39a 100644 --- a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap @@ -6,63 +6,25 @@ exports[`CLI help interface for 'admin show-generic-extension-attributes' should Show generic extension attributes. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --dry-run Dry-run only, do not perform changes. (default: false) - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --include-customized Include customized attributes. (default: false) - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + --dry-run Dry-run only, do not perform changes. (default: false) + --include-customized Include customized attributes. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/admin.test.js.snap b/test/client_cli/en/__snapshots__/admin.test.js.snap index ba261ddb7..d64385964 100644 --- a/test/client_cli/en/__snapshots__/admin.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin.test.js.snap @@ -7,23 +7,27 @@ Platform admin tasks. Options: -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage examples. Commands: - add-autoid-static-user-mapping Add AutoId static user mapping to enable dashboards and other AutoId-based functionality. create-oauth2-client-with-admin-privileges Create an oauth2 client with admin privileges. execute-rfc7523-authz-grant-flow Execute RFC7523 authorization grant flow. - federation Manages admin federation configuration. generate-rfc7523-authz-grant-artefacts Generate RFC7523 authorization grant artefacts. get-access-token Get an access token using client credentials grant type. grant-oauth2-client-admin-privileges Grant an oauth2 client admin privileges. help display help for command - hide-generic-extension-attributes Hide generic extension attributes. list-oauth2-clients-with-admin-privileges List oauth2 clients with admin privileges. list-oauth2-clients-with-custom-privileges List oauth2 clients with custom privileges. list-static-user-mappings List all subjects of static user mappings that are not oauth2 clients. remove-static-user-mapping Remove a subject's static user mapping. repair-org-model Repair org model. revoke-oauth2-client-admin-privileges Revoke admin privileges from an oauth2 client. + + (Cloud-only): + add-autoid-static-user-mapping Add AutoId static user mapping to enable dashboards and other AutoId-based functionality. + federation Manages admin federation configuration. + hide-generic-extension-attributes Hide generic extension attributes. show-generic-extension-attributes Show generic extension attributes. " `; diff --git a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap index b1b97101a..dee7264c5 100644 --- a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'agent delete' should be expected english 1`] = Delete agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all agents. Ignored with -i. + -i, --agent-id Agent id. If specified, -a is ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap index 26f7cc65f..01373afd7 100644 --- a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'agent describe' should be expected english 1`] Describe agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -g, --global Describe global agent. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -g, --global Describe global agent. + -i, --agent-id Agent id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-export.test.js.snap index 6af666e89..aa3286266 100644 --- a/test/client_cli/en/__snapshots__/agent-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-export.test.js.snap @@ -6,67 +6,30 @@ exports[`CLI help interface for 'agent export' should be expected english 1`] = Export agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all agents to a single file. Ignored with -i. - -A, --all-separate Export all agents to separate files (*..agent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global Export global agents. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all agents to a single file. Ignored with + -i. + -A, --all-separate Export all agents to separate files + (*..agent.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the export file. + -g, --global Export global agents. + -i, --agent-id Agent id. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap index 920d58651..40d1f4593 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap @@ -6,63 +6,24 @@ exports[`CLI help interface for 'agent gateway delete' should be expected englis Delete identity gateway agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all identity gateway agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all identity gateway agents. Ignored with + -i. + -i, --agent-id Agent id. If specified, -a is ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap index 89f7fb2e9..a323fb2b6 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap @@ -6,62 +6,22 @@ exports[`CLI help interface for 'agent gateway describe' should be expected engl Describe gateway agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --agent-id Agent id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap index 3b28e5909..0773f570a 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap @@ -6,66 +6,29 @@ exports[`CLI help interface for 'agent gateway export' should be expected englis Export gateway agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all gateway agents to a single file. Ignored with -i. - -A, --all-separate Export all gateway agents to separate files (*.identitygatewayagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all gateway agents to a single file. Ignored + with -i. + -A, --all-separate Export all gateway agents to separate files + (*.identitygatewayagent.json) in the current + directory. Ignored with -i or -a. + -f, --file Name of the export file. + -i, --agent-id Agent id. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap index 7a2c09b60..9512ad39a 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap @@ -6,65 +6,29 @@ exports[`CLI help interface for 'agent gateway import' should be expected englis Import gateway agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. Ignored with -i. - -A, --all-separate Import all agents from separate files (*.identitygatewayagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all agents from single file. Ignored with + -i. + -A, --all-separate Import all agents from separate files + (*.identitygatewayagent.json) in the current + directory. Ignored with -i or -a. + -f, --file Name of the file to import. + -i, --agent-id Agent id. If specified, only one agent is imported + and the options -a and -A are ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap index 4d21980d2..199fff8b6 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'agent gateway list' should be expected english List gateway agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -l, --long Long with all fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-gateway.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway.test.js.snap index fcf0cef22..66127393e 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'agent gateway' should be expected english 1`] = Manage gateway agents. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete identity gateway agents. - describe Describe gateway agents. - export Export gateway agents. - help display help for command - import Import gateway agents. - list List gateway agents. + delete Delete identity gateway agents. + describe Describe gateway agents. + export Export gateway agents. + help display help for command + import Import gateway agents. + list List gateway agents. " `; diff --git a/test/client_cli/en/__snapshots__/agent-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-import.test.js.snap index ab91a9965..265280c68 100644 --- a/test/client_cli/en/__snapshots__/agent-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-import.test.js.snap @@ -6,66 +6,30 @@ exports[`CLI help interface for 'agent import' should be expected english 1`] = Import agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. Ignored with -i. - -A, --all-separate Import all agents from separate files (*.agent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -g, --global Import global agents. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all agents from single file. Ignored with + -i. + -A, --all-separate Import all agents from separate files + (*.agent.json) in the current directory. Ignored + with -i or -a. + -f, --file Name of the file to import. + -g, --global Import global agents. + -i, --agent-id Agent id. If specified, only one agent is imported + and the options -a and -A are ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap index fa4c39fb7..6b687b50e 100644 --- a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'agent java delete' should be expected english 1 Delete java agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all java agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all java agents. Ignored with -i. + -i, --agent-id Agent id. If specified, -a is ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap index 78a13797e..b8200fa93 100644 --- a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap @@ -6,62 +6,22 @@ exports[`CLI help interface for 'agent java describe' should be expected english Describe java agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --agent-id Agent id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap index 6f04fe08e..2cfdfd5a9 100644 --- a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap @@ -6,66 +6,29 @@ exports[`CLI help interface for 'agent java export' should be expected english 1 Export java agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all java agents to a single file. Ignored with -i. - -A, --all-separate Export all java agents to separate files (*.javaagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all java agents to a single file. Ignored + with -i. + -A, --all-separate Export all java agents to separate files + (*.javaagent.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the export file. + -i, --agent-id Agent id. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap index 6a7cec029..0a5230610 100644 --- a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap @@ -6,65 +6,29 @@ exports[`CLI help interface for 'agent java import' should be expected english 1 Import java agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. Ignored with -i. - -A, --all-separate Import all agents from separate files (*.javaagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all agents from single file. Ignored with + -i. + -A, --all-separate Import all agents from separate files + (*.javaagent.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the file to import. + -i, --agent-id Agent id. If specified, only one agent is imported + and the options -a and -A are ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap index ef1d8c72f..e5759fbe5 100644 --- a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'agent java list' should be expected english 1`] List java agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -l, --long Long with all fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-java.test.js.snap b/test/client_cli/en/__snapshots__/agent-java.test.js.snap index 6d8de2855..cacd96958 100644 --- a/test/client_cli/en/__snapshots__/agent-java.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'agent java' should be expected english 1`] = ` Manage java agents. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete java agents. - describe Describe java agents. - export Export java agents. - help display help for command - import Import java agents. - list List java agents. + delete Delete java agents. + describe Describe java agents. + export Export java agents. + help display help for command + import Import java agents. + list List java agents. " `; diff --git a/test/client_cli/en/__snapshots__/agent-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-list.test.js.snap index 62a54081d..f869c1fd7 100644 --- a/test/client_cli/en/__snapshots__/agent-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-list.test.js.snap @@ -6,63 +6,22 @@ exports[`CLI help interface for 'agent list' should be expected english 1`] = ` List agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -g, --global List global agents. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -g, --global List global agents. + -l, --long Long with all fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap index 10d038ffc..c9fa73e0c 100644 --- a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'agent web delete' should be expected english 1` Delete web agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all web agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all web agents. Ignored with -i. + -i, --agent-id Agent id. If specified, -a and -A are ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap index 7e3a98042..68cb77de5 100644 --- a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap @@ -6,62 +6,22 @@ exports[`CLI help interface for 'agent web describe' should be expected english Describe web agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --agent-id Agent id. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap index fa3d536d5..340a37d73 100644 --- a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap @@ -6,66 +6,29 @@ exports[`CLI help interface for 'agent web export' should be expected english 1` Export web agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all web agents to a single file. Ignored with -i. - -A, --all-separate Export all web agents to separate files (*.webagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all web agents to a single file. Ignored + with -i. + -A, --all-separate Export all web agents to separate files + (*.webagent.json) in the current directory. Ignored + with -i or -a. + -f, --file Name of the export file. + -i, --agent-id Agent id. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap index 521a0ce44..506d55bdb 100644 --- a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap @@ -6,65 +6,29 @@ exports[`CLI help interface for 'agent web import' should be expected english 1` Import web agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. Ignored with -i. - -A, --all-separate Import all agents from separate files (*.webagent.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all agents from single file. Ignored with + -i. + -A, --all-separate Import all agents from separate files + (*.webagent.json) in the current directory. Ignored + with -i or -a. + -f, --file Name of the file to import. + -i, --agent-id Agent id. If specified, only one agent is imported + and the options -a and -A are ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap index 65be74c21..87380e352 100644 --- a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'agent web list' should be expected english 1`] List web agents. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -l, --long Long with all fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/agent-web.test.js.snap b/test/client_cli/en/__snapshots__/agent-web.test.js.snap index a4c5d774d..887e86f98 100644 --- a/test/client_cli/en/__snapshots__/agent-web.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'agent web' should be expected english 1`] = ` Manage web agents. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete web agents. - describe Describe web agents. - export Export web agents. - help display help for command - import Import web agents. - list List web agents. + delete Delete web agents. + describe Describe web agents. + export Export web agents. + help display help for command + import Import web agents. + list List web agents. " `; diff --git a/test/client_cli/en/__snapshots__/agent.test.js.snap b/test/client_cli/en/__snapshots__/agent.test.js.snap index b3fb88bdf..536173583 100644 --- a/test/client_cli/en/__snapshots__/agent.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent.test.js.snap @@ -6,17 +6,20 @@ exports[`CLI help interface for 'agent' should be expected english 1`] = ` Manage agents. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete agents. - describe Describe agents. - export Export agents. - gateway|ig Manage gateway agents. - help display help for command - import Import agents. - java Manage java agents. - list List agents. - web Manage web agents. + delete Delete agents. + describe Describe agents. + export Export agents. + gateway|ig Manage gateway agents. + help display help for command + import Import agents. + java Manage java agents. + list List agents. + web Manage web agents. " `; diff --git a/test/client_cli/en/__snapshots__/app-delete.test.js.snap b/test/client_cli/en/__snapshots__/app-delete.test.js.snap index 25b282904..52ae0fa83 100644 --- a/test/client_cli/en/__snapshots__/app-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-delete.test.js.snap @@ -6,75 +6,26 @@ exports[`CLI help interface for 'app delete' should be expected english 1`] = ` Delete applications. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all applications. Ignored with -i or -n. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application id. If specified, -n and -a are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --app-name Application name. If specified, -a is ignored. - --no-cache Disable token cache for this operation. - --no-deep No deep delete. This leaves orphaned configuration artifacts behind. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -Important Note: - The frodo app command to manage OAuth2 clients in v1.x has been renamed to frodo oauth client in v2.x - The frodo app command in v2.x manages the new applications created using the new application templates in ForgeRock Identity Cloud. To manage oauth clients, use the frodo oauth client command. - -Usage Examples: - Delete application 'myApp': - $ frodo app delete -i 'myApp' https://openam-matrix.id.forgerock.io/am - Delete all applications: - $ frodo app delete -a matrix - + -a, --all Delete all applications. Ignored with -i or -n. + -i, --app-id Application id. If specified, -n and -a are ignored. + -n, --app-name Application name. If specified, -a is ignored. + --no-deep No deep delete. This leaves orphaned configuration + artifacts behind. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/app-export.test.js.snap b/test/client_cli/en/__snapshots__/app-export.test.js.snap index 9506b99ae..0f07fa75c 100644 --- a/test/client_cli/en/__snapshots__/app-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-export.test.js.snap @@ -6,84 +6,32 @@ exports[`CLI help interface for 'app export' should be expected english 1`] = ` Export applications. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all applications to a single file. Ignored with -i or -n. - -A, --all-separate Export all applications to separate files (*.application.json) in the current directory. Ignored with -i, -n, or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application id. If specified, -n, -a, and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --app-name Application name. If specified, -a and -A are ignored. - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies (scripts). - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -Important Note: - The frodo app command to manage OAuth2 clients in v1.x has been renamed to frodo oauth client in v2.x - The frodo app command in v2.x manages the new applications created using the new application templates in ForgeRock Identity Cloud. To manage oauth clients, use the frodo oauth client command. - -Usage Examples: - Export all applications to a single export file with an auto-generated filename using a connection profile: - $ frodo app export -a matrix - Export the first application to a single export file with a custom filename: - $ frodo app export -f ./allMyApplications.application.json matrix - Export all applications to separate export files with an auto-generated filenames: - $ frodo app export -A matrix - Export all applications without dependencies to a single export file: - $ frodo app export --no-deps -a matrix - Export the application 'myApp' to a file with an auto-generated filename of 'myApp.application.json': - $ frodo app export -i myApp matrix - + -a, --all Export all applications to a single file. Ignored with + -i or -n. + -A, --all-separate Export all applications to separate files + (*.application.json) in the current directory. Ignored + with -i, -n, or -a. + -f, --file Name of the export file. + -i, --app-id Application id. If specified, -n, -a, and -A are + ignored. + -n, --app-name Application name. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + --no-deps Do not include any dependencies (scripts). + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/app-import.test.js.snap b/test/client_cli/en/__snapshots__/app-import.test.js.snap index 5bd848e7c..56a3de8db 100644 --- a/test/client_cli/en/__snapshots__/app-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-import.test.js.snap @@ -6,83 +6,32 @@ exports[`CLI help interface for 'app import' should be expected english 1`] = ` Import applications. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all applications from single file. Ignored with -i or -n. - -A, --all-separate Import all applications from separate files (*.app.json) in the current directory. Ignored with -i, -n, or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application id. If specified, only one application is imported and the options -n, -a, and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --app-name Application name. If specified, only one application is imported and the options -a and -A are ignored. - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies (scripts). - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -Important Note: - The frodo app command to manage OAuth2 clients in v1.x has been renamed to frodo oauth client in v2.x - The frodo app command in v2.x manages the new applications created using the new application templates in ForgeRock Identity Cloud. To manage oauth clients, use the frodo oauth client command. - -Usage Examples: - Import all applications from a single export file using a connection profile: - $ frodo app import -a -f ./allAlphaApplications.application.json matrix - Import the first application from a single export file: - $ frodo app import -f ./allAlphaApplications.application.json matrix - Import all applications from separate export files: - $ frodo app import -A matrix - Import all applications without dependencies from a single export file: - $ frodo app import --no-deps -a -f ./allAlphaApplications.application.json matrix - Import only the application 'myApp' from a file with an export file containing multiple applications: - $ frodo app import -i myApp -f ./allAlphaApplications.application.json matrix - + -a, --all Import all applications from single file. Ignored with + -i or -n. + -A, --all-separate Import all applications from separate files + (*.app.json) in the current directory. Ignored with -i, + -n, or -a. + -f, --file Name of the file to import. + -i, --app-id Application id. If specified, only one application is + imported and the options -n, -a, and -A are ignored. + -n, --app-name Application name. If specified, only one application is + imported and the options -a and -A are ignored. + --no-deps Do not include any dependencies (scripts). + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/app-list.test.js.snap b/test/client_cli/en/__snapshots__/app-list.test.js.snap index ec2ece4d1..bf85d47f2 100644 --- a/test/client_cli/en/__snapshots__/app-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-list.test.js.snap @@ -6,74 +6,21 @@ exports[`CLI help interface for 'app list' should be expected english 1`] = ` List applications. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -Important Note: - The frodo app command to manage OAuth2 clients in v1.x has been renamed to frodo oauth client in v2.x - The frodo app command in v2.x manages the new applications created using the new application templates in ForgeRock Identity Cloud. To manage oauth clients, use the frodo oauth client command. - -Usage Examples: - List applications using AM base URL, username, and password (note the quotes around password to allow special characters): - $ frodo app list https://openam-matrix.id.forgerock.io/am thomas.anderson@metacortex.com 'Blu3P!ll3d' - List applications using a connection profile (identified by the full AM base URL): - $ frodo app list https://openam-matrix.id.forgerock.io/am - List applications using a connection profile (identified by a unique substring of the AM base URL or a saved alias): - $ frodo app list matrix - + -l, --long Long with all fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/app.test.js.snap b/test/client_cli/en/__snapshots__/app.test.js.snap index 07192e26e..4513ed82e 100644 --- a/test/client_cli/en/__snapshots__/app.test.js.snap +++ b/test/client_cli/en/__snapshots__/app.test.js.snap @@ -6,19 +6,16 @@ exports[`CLI help interface for 'app' should be expected english 1`] = ` Manage applications. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete applications. - export Export applications. - help display help for command - import Import applications. - list List applications. - -Important Note: - The frodo app command to manage OAuth2 clients in v1.x has been renamed to frodo oauth client in v2.x - The frodo app command in v2.x manages the new applications created using the new application templates in ForgeRock Identity Cloud. To manage oauth clients, use the frodo oauth client command. - - + delete Delete applications. + export Export applications. + help display help for command + import Import applications. + list List applications. " `; diff --git a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap index 75a3844dd..465a41a0d 100644 --- a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap @@ -6,63 +6,22 @@ exports[`CLI help interface for 'authn describe' should be expected english 1`] Describe authentication settings. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -g, --global Describe global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -g, --global Describe global authentication settings. + --json Output in JSON format. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authn-export.test.js.snap b/test/client_cli/en/__snapshots__/authn-export.test.js.snap index 47837c0d5..ec5fdbb4e 100644 --- a/test/client_cli/en/__snapshots__/authn-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-export.test.js.snap @@ -6,64 +6,23 @@ exports[`CLI help interface for 'authn export' should be expected english 1`] = Export authentication settings. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global Export global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -f, --file Name of the export file. + -g, --global Export global authentication settings. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authn-import.test.js.snap b/test/client_cli/en/__snapshots__/authn-import.test.js.snap index e045aa634..abba37784 100644 --- a/test/client_cli/en/__snapshots__/authn-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-import.test.js.snap @@ -6,63 +6,22 @@ exports[`CLI help interface for 'authn import' should be expected english 1`] = Import authentication settings. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -g, --global Export global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -f, --file Name of the file to import. + -g, --global Export global authentication settings. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authn.test.js.snap b/test/client_cli/en/__snapshots__/authn.test.js.snap index 4de3d5e2b..65bdb97b3 100644 --- a/test/client_cli/en/__snapshots__/authn.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn.test.js.snap @@ -6,12 +6,15 @@ exports[`CLI help interface for 'authn' should be expected english 1`] = ` Manage authentication settings. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - describe Describe authentication settings. - export Export authentication settings. - help display help for command - import Import authentication settings. + describe Describe authentication settings. + export Export authentication settings. + help display help for command + import Import authentication settings. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap index fe41837d7..157612f85 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap @@ -6,64 +6,26 @@ exports[`CLI help interface for 'authz policy delete' should be expected english Delete authorization policies. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all policies in a realm. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id/name. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --set-id Policy set id/name. Ignored with -i. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all policies in a realm. Ignored with -i. + -i, --policy-id Policy id/name. If specified, -a is ignored. + --set-id Policy set id/name. Ignored with -i. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap index 153eaebb7..f25e8c73e 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap @@ -6,63 +6,25 @@ exports[`CLI help interface for 'authz policy describe' should be expected engli Describe authorization policies. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id/name. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --policy-id Policy id/name. + --json Output in JSON format. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap index 8ef8830bc..02d62afbc 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap @@ -6,70 +6,39 @@ exports[`CLI help interface for 'authz policy export' should be expected english Export authorization policies. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export policies to a single file. Ignored with -i. - -A, --all-separate Export policies to separate files (*.policy.authz.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -M, --modified-properties Include modified properties in export (e.g. lastModifiedDate, lastModifiedBy, etc.) (default: false) - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --no-deps Do not include dependencies (scripts). - --passphrase The passphrase for the Amster private key if it is encrypted. - --prereqs Include prerequisites (policy sets, resource types). - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --set-id Export policies in policy set only. Ignored with -i. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export policies to a single file. Ignored with + -i. + -A, --all-separate Export policies to separate files + (*.policy.authz.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the export file. + -i, --policy-id Policy id. If specified, -a and -A are ignored. + -M, --modified-properties Include modified properties in export (e.g. + lastModifiedDate, lastModifiedBy, etc.) (default: + false) + -N, --no-metadata Does not include metadata in the export file. + --no-deps Do not include dependencies (scripts). + --prereqs Include prerequisites (policy sets, resource + types). + --set-id Export policies in policy set only. Ignored with + -i. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap index 8cb9b6918..4adf2cb48 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap @@ -6,68 +6,36 @@ exports[`CLI help interface for 'authz policy import' should be expected english Import authorization policies. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all policies from single file. Ignored with -i. - -A, --all-separate Import all policies from separate files (*.policy.authz.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id. If specified, only one policy is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --no-deps Do not import dependencies (scripts) even if they are available in the import file. - --passphrase The passphrase for the Amster private key if it is encrypted. - --prereqs Import prerequisites (policy sets, resource types) if they are available in the import file. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --set-id Import policies into this policy set. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all policies from single file. Ignored + with -i. + -A, --all-separate Import all policies from separate files + (*.policy.authz.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the file to import. + -i, --policy-id Policy id. If specified, only one policy is + imported and the options -a and -A are ignored. + --no-deps Do not import dependencies (scripts) even if they + are available in the import file. + --prereqs Import prerequisites (policy sets, resource + types) if they are available in the import file. + --set-id Import policies into this policy set. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap index 389fd2069..a94b26b8a 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap @@ -6,63 +6,22 @@ exports[`CLI help interface for 'authz policy list' should be expected english 1 List authorization policies. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --set-id Policy set id/name. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -l, --long Long with all fields. (default: false) + --set-id Policy set id/name. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-policy.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy.test.js.snap index aa29dcd9e..20b823d82 100644 --- a/test/client_cli/en/__snapshots__/authz-policy.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'authz policy' should be expected english 1`] = Manages authorization policies. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete authorization policies. - describe Describe authorization policies. - export Export authorization policies. - help display help for command - import Import authorization policies. - list List authorization policies. + delete Delete authorization policies. + describe Describe authorization policies. + export Export authorization policies. + help display help for command + import Import authorization policies. + list List authorization policies. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap index 9f0358e99..5d980b908 100644 --- a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'authz set delete' should be expected english 1` Delete authorization policy sets. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all policy sets in a realm. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all policy sets in a realm. Ignored with -i. + -i, --set-id Policy set id/name. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap index 5de41b929..7f109d2b0 100644 --- a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap @@ -6,63 +6,23 @@ exports[`CLI help interface for 'authz set describe' should be expected english Describe authorization policy sets. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --set-id Policy set id/name. + --json Output in JSON format. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap index 7bbd579a4..fb7a55623 100644 --- a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap @@ -6,69 +6,36 @@ exports[`CLI help interface for 'authz set export' should be expected english 1` Export authorization policy sets. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all applications/policy sets to a single file. Ignored with -i. - -A, --all-separate Export all applications/policy sets to separate files (*.authz.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -M, --modified-properties Include modified properties in export (e.g. lastModifiedDate, lastModifiedBy, etc.) (default: false) - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies (policies, scripts). - --passphrase The passphrase for the Amster private key if it is encrypted. - --prereqs Include prerequisites (resource types). - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all applications/policy sets to a single + file. Ignored with -i. + -A, --all-separate Export all applications/policy sets to separate + files (*.authz.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the export file. + -i, --set-id Policy set id/name. If specified, -a and -A are + ignored. + -M, --modified-properties Include modified properties in export (e.g. + lastModifiedDate, lastModifiedBy, etc.) (default: + false) + -N, --no-metadata Does not include metadata in the export file. + --no-deps Do not include any dependencies (policies, + scripts). + --prereqs Include prerequisites (resource types). + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap index 102cf47f9..87e456482 100644 --- a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap @@ -6,67 +6,31 @@ exports[`CLI help interface for 'authz set import' should be expected english 1` Import authorization policy sets. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: "alpha" + for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all policy sets from single file. Ignored with -i. - -A, --all-separate Import all policy sets from separate files (*.policyset.authz.json) in the current directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. If specified, only one policy set is imported and the options -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies (policies, scripts). - --passphrase The passphrase for the Amster private key if it is encrypted. - --prereqs Include prerequisites (resource types). - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all policy sets from single file. Ignored with + -i. + -A, --all-separate Import all policy sets from separate files + (*.policyset.authz.json) in the current directory. + Ignored with -i or -a. + -f, --file Name of the file to import. + -i, --set-id Policy set id/name. If specified, only one policy set + is imported and the options -a and -A are ignored. + --no-deps Do not include any dependencies (policies, scripts). + --prereqs Include prerequisites (resource types). + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-list.test.js.snap index 663446126..08eb4e4ad 100644 --- a/test/client_cli/en/__snapshots__/authz-set-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-list.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'authz set' should be expected english 1`] = ` Manage authorization policy sets. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete authorization policy sets. - describe Describe authorization policy sets. - export Export authorization policy sets. - help display help for command - import Import authorization policy sets. - list List authorization policy sets. + delete Delete authorization policy sets. + describe Describe authorization policy sets. + export Export authorization policy sets. + help display help for command + import Import authorization policy sets. + list List authorization policy sets. " `; diff --git a/test/client_cli/en/__snapshots__/authz-set.test.js.snap b/test/client_cli/en/__snapshots__/authz-set.test.js.snap index 663446126..08eb4e4ad 100644 --- a/test/client_cli/en/__snapshots__/authz-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'authz set' should be expected english 1`] = ` Manage authorization policy sets. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete authorization policy sets. - describe Describe authorization policy sets. - export Export authorization policy sets. - help display help for command - import Import authorization policy sets. - list List authorization policy sets. + delete Delete authorization policy sets. + describe Describe authorization policy sets. + export Export authorization policy sets. + help display help for command + import Import authorization policy sets. + list List authorization policy sets. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap index 0d5af09fa..686beca4a 100644 --- a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap @@ -6,64 +6,27 @@ exports[`CLI help interface for 'authz type delete' should be expected english 1 Delete authorization resource types. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Delete all resource types in a realm. Ignored with -i and -n. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Variable id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --type-name Resource type name. If specified, -a is ignored. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Delete all resource types in a realm. Ignored + with -i and -n. + -i, --type-id Variable id. If specified, -a is ignored. + -n, --type-name Resource type name. If specified, -a is ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap index 4a54fe43d..854196752 100644 --- a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap @@ -6,64 +6,26 @@ exports[`CLI help interface for 'authz type describe' should be expected english Describe authorization resource types. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --type-name Resource type name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -i, --type-id Resource type uuid. + --json Output in JSON format. + -n, --type-name Resource type name. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap index c5e03fb78..8f8aaf927 100644 --- a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap @@ -6,68 +6,37 @@ exports[`CLI help interface for 'authz type export' should be expected english 1 Export authorization resource types. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export all resource types to a single file. Ignored with -i. - -A, --all-separate Export all resource types to separate files (*.resourcetype.authz.json) in the current directory. Ignored with -i, -n, or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -M, --modified-properties Include modified properties in export (e.g. lastModifiedDate, lastModifiedBy, etc.) (default: false) - -n, --type-name Resource type name. If specified, -a and -A are ignored. - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Export all resource types to a single file. + Ignored with -i. + -A, --all-separate Export all resource types to separate files + (*.resourcetype.authz.json) in the current + directory. Ignored with -i, -n, or -a. + -f, --file Name of the export file. + -i, --type-id Resource type uuid. If specified, -a and -A are + ignored. + -M, --modified-properties Include modified properties in export (e.g. + lastModifiedDate, lastModifiedBy, etc.) (default: + false) + -n, --type-name Resource type name. If specified, -a and -A are + ignored. + -N, --no-metadata Does not include metadata in the export file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap index 894eac31c..dc527cbc6 100644 --- a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap @@ -6,66 +6,33 @@ exports[`CLI help interface for 'authz type import' should be expected english 1 Import authorization resource types. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all resource types from single file. Ignored with -i. - -A, --all-separate Import all resource types from separate files (*.resourcetype.authz.json) in the current directory. Ignored with -i, -n, or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. If specified, -a and -A are ignored. - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --type-name Resource type name. If specified, -a and -A are ignored. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -a, --all Import all resource types from single file. + Ignored with -i. + -A, --all-separate Import all resource types from separate files + (*.resourcetype.authz.json) in the current + directory. Ignored with -i, -n, or -a. + -f, --file Name of the file to import. + -i, --type-id Resource type uuid. If specified, -a and -A are + ignored. + -n, --type-name Resource type name. If specified, -a and -A are + ignored. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap index 594b5c626..4a0e0a8f3 100644 --- a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap @@ -6,62 +6,21 @@ exports[`CLI help interface for 'authz type list' should be expected english 1`] List authorization resource types. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - -l, --long Long with more fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -l, --long Long with more fields. (default: false) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/authz-type.test.js.snap b/test/client_cli/en/__snapshots__/authz-type.test.js.snap index 5b114eb4b..e391cb20a 100644 --- a/test/client_cli/en/__snapshots__/authz-type.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type.test.js.snap @@ -6,14 +6,17 @@ exports[`CLI help interface for 'authz type' should be expected english 1`] = ` Manage authorization resource types. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - delete Delete authorization resource types. - describe Describe authorization resource types. - export Export authorization resource types. - help display help for command - import Import authorization resource types. - list List authorization resource types. + delete Delete authorization resource types. + describe Describe authorization resource types. + export Export authorization resource types. + help display help for command + import Import authorization resource types. + list List authorization resource types. " `; diff --git a/test/client_cli/en/__snapshots__/authz.test.js.snap b/test/client_cli/en/__snapshots__/authz.test.js.snap index 64a3cf75c..fd05fa5f6 100644 --- a/test/client_cli/en/__snapshots__/authz.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz.test.js.snap @@ -6,12 +6,15 @@ exports[`CLI help interface for 'authz' should be expected english 1`] = ` Manage authorization policies, policy sets, and resource types. Options: - -h, --help Help + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. Commands: - help display help for command - policy Manages authorization policies. - set|policyset Manage authorization policy sets. - type Manage authorization resource types. + help display help for command + policy Manages authorization policies. + set|policyset Manage authorization policy sets. + type Manage authorization resource types. " `; diff --git a/test/client_cli/en/__snapshots__/config-export.test.js.snap b/test/client_cli/en/__snapshots__/config-export.test.js.snap index a1b9e3b26..647ee250c 100644 --- a/test/client_cli/en/__snapshots__/config-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-export.test.js.snap @@ -10,104 +10,67 @@ config would NOT be exported since it can't be imported back into cloud even though it can be imported into classic deployments). There is a flag to export all config including read only config. Additionally, there is a flag to export config for only the specified realm, a -flag to export only global config, and many other flags to customize the -export. Use the -h or --help to see them all and to also see usage examples. +flag to export only global config, and many other flags to customize the export. +Use the -h or --help to see them all and to also see usage examples. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Export everything to a single file. - -A, --all-separate Export everything to separate files in the -D directory. Ignored with -a. - --curlirize Output all network calls in curl format. - -d, --default Export all scripts including the default scripts. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global-only Export only the global config. If -r, --realm-only is also active, then the corresponding active realm config will also be exported. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --include-active-values Include the currently active (and loaded) secret value in the export. By default, secret values are encrypted server-side in the environment they are exported from. Use --target to have another environment perform the encryption. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -M, --modified-properties Include modified properties in export (e.g. lastModifiedDate, lastModifiedBy, etc.) (default: false) - -N, --no-metadata Does not include metadata in the export file. - --no-cache Disable token cache for this operation. - --no-coords Do not include the x and y coordinate positions of the journey/tree nodes. - --no-decode Do not include decoded variable value in variable export - -o, --separate-objects Export managed.idm.json objects separately in their own directory. Ignored with -a. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - -r, --realm-only Export only the config for the active realm. If -g, --global-only is also active, then the global config will also be exported. - -R, --read-only Export read-only config (with the exception of default scripts) in addition to the importable config. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - -s, --separate-mappings Export sync.idm.json mappings separately in their own directory. Ignored with -a. - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --target Host URL of the environment to perform secret value encryption. The URL must resolve to an existing connection profile. Use this option to generate an export that can be imported into the target environment without requiring admin access to the source environment. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --use-string-arrays Where applicable, use string arrays to store multi-line text (e.g. scripts). (default: off) - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -x, --extract Extract scripts and server properties from the exported file, and save it to a separate file. Ignored with -a. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -How Frodo handles secrets: - Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear. - -Usage Examples: - Export global and realm configuration for version control (e.g. Git) into the current directory. - Note that -x and -s separates script and mapping config to better track changes made to them, and -N removes metadata since it changes every export (you may consider using --no-coords as well if you don't care to track node positions in journeys): - $ frodo config export -sxAND . matrix - Export global and realm configuration from cloud to be later imported into a classic, on-prem deployment. - Note -dR is used for exporting all read-only config from cloud since certain cloud read-only config (like the realm config) can be imported into a classic on-prem deployment: - $ frodo config export -adR matrix - Export only the bravo realm configuration: - $ frodo config export -ar matrix bravo - Backup global and realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported): - $ frodo config export -a --include-active-values matrix - Backup global and realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported): - $ frodo config export -A -D matrix-backup --include-active-values matrix - Export global and realm configuration including active secret values for import into another environment. - The --target parameter instructs frodo to encrypt the exported secret values using the target environment so they can be imported into that target environment without requiring the source environment they were exported from. - Using the --target parameter, the target environment must be available at the time of export and the person performing the export must have a connection profile for the target environment. - Without the --target parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment. - $ frodo config export -a --include-active-values --target zion matrix - + -a, --all Export everything to a single file. + -A, --all-separate Export everything to separate files in the -D + directory. Ignored with -a. + -d, --default Export all scripts including the default scripts. + -f, --file Name of the export file. + -g, --global-only Export only the global config. If -r, --realm-only + is also active, then the corresponding active realm + config will also be exported. + --include-active-values Include the currently active (and loaded) secret + value in the export. By default, secret values are + encrypted server-side in the environment they are + exported from. Use --target to have + another environment perform the encryption. + -M, --modified-properties Include modified properties in export (e.g. + lastModifiedDate, lastModifiedBy, etc.) (default: + false) + -N, --no-metadata Does not include metadata in the export file. + --no-coords Do not include the x and y coordinate positions of + the journey/tree nodes. + --no-decode Do not include decoded variable value in variable + export + -o, --separate-objects Export managed.idm.json objects separately in their + own directory. Ignored with -a. + -r, --realm-only Export only the config for the active realm. If -g, + --global-only is also active, then the global + config will also be exported. + -R, --read-only Export read-only config (with the exception of + default scripts) in addition to the importable + config. + -s, --separate-mappings Export sync.idm.json mappings separately in their + own directory. Ignored with -a. + --target Host URL of the environment to perform secret value + encryption. The URL must resolve to an existing + connection profile. Use this option to generate an + export that can be imported into the target + environment without requiring admin access to the + source environment. + --use-string-arrays Where applicable, use string arrays to store + multi-line text (e.g. scripts). (default: off) + -x, --extract Extract scripts and server properties from the + exported file, and save it to a separate file. + Ignored with -a. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-import.test.js.snap b/test/client_cli/en/__snapshots__/config-import.test.js.snap index 8297e1407..6bdfc8905 100644 --- a/test/client_cli/en/__snapshots__/config-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-import.test.js.snap @@ -6,85 +6,50 @@ exports[`CLI help interface for 'config import' should be expected english 1`] = Import full cloud configuration. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - -a, --all Import all configuration from the single file -f. Ignored with -i. - -A, --all-separate Import all configuration from separate (.json) files in the (working) directory -D. Ignored with -i or -a. - -C, --clean Remove existing service(s) before importing. - --curlirize Output all network calls in curl format. - -d, --default Import all scripts including the default scripts. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file Name of the file to import. Ignored with -A. If included without -a, it will import the single entity within the file. - --flush-cache Flush token cache. - -g, --global Import global entity. Ignored with -a and -A. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --include-active-values Import any secret values contained in the import file. By default, secret values are encrypted server-side in the environment they are exported from. Use --source to import a file exported from another environment than the one you are importing to. - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --re-uuid-custom-nodes Create new UUIDs for the custom nodes upon import. Use this to duplicate custom nodes or create a new versions of the same custom nodes. (default: off) - --re-uuid-journeys Generate new UUIDs for all journey nodes during import. (default: off) - --re-uuid-scripts Create new UUIDs for the scripts upon import. Use this to duplicate scripts or create a new versions of the same scripts. (default: off) - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --source Host URL of the environment which performed secret value encryption. The URL must resolve to an existing connection profile. Use this option to import a file that was exported from a different source environment than the one you are importing to. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -How Frodo handles secrets: - Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear. - -Usage Examples: - Restore global and active realm configuration including active secret values from a single file (Note: config export must have been performed using the --include-active-values option): - $ frodo config import -a -f Alpha.everything.json --include-active-values matrix - Restore global and active realm configuration including active secret values from separate files in a directory structure (Note: config export must have been performed using the --include-active-values option): - $ frodo config import -A -D matrix-backup --include-active-values matrix - Import global and active realm configuration including active secret values, wich were exported from another environment using the --include-active-values option but without using the --target parameter, therefore requiring the --source parameter on import: - The --source parameter instructs frodo to decrypt the secret values during import using the source environment, which was used to encrypt them. - Using the --source parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment. - $ frodo config import -a -f Alpha.everything.json --include-active-values --source matrix zion - + -a, --all Import all configuration from the single file -f. + Ignored with -i. + -A, --all-separate Import all configuration from separate (.json) files + in the (working) directory -D. Ignored with -i or -a. + -C, --clean Remove existing service(s) before importing. + -d, --default Import all scripts including the default scripts. + -f, --file Name of the file to import. Ignored with -A. If + included without -a, it will import the single entity + within the file. + -g, --global Import global entity. Ignored with -a and -A. + --include-active-values Import any secret values contained in the import + file. By default, secret values are encrypted + server-side in the environment they are exported + from. Use --source to import a file + exported from another environment than the one you + are importing to. + --re-uuid-custom-nodes Create new UUIDs for the custom nodes upon import. + Use this to duplicate custom nodes or create a new + versions of the same custom nodes. (default: off) + --re-uuid-journeys Generate new UUIDs for all journey nodes during + import. (default: off) + --re-uuid-scripts Create new UUIDs for the scripts upon import. Use + this to duplicate scripts or create a new versions of + the same scripts. (default: off) + --source Host URL of the environment which performed secret + value encryption. The URL must resolve to an existing + connection profile. Use this option to import a file + that was exported from a different source environment + than the one you are importing to. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap index fa07d2991..51edc7f5b 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull access-config [options] [host] [realm] [username] [password] -Export access-config objects. +[Experimental] Export access-config objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap index 0ce7fbf50..5ed9574a1 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull all-static [options] [host] [realm] [username] [password] -Export all static config. +[Experimental] Export all static config. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap index 9a1d3e30a..f8bbd937e 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap @@ -3,7 +3,7 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull all [options] [host] [realm] [username] [password] -Export all config. +[Experimental] Export all config. Arguments: host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. @@ -12,67 +12,10 @@ Arguments: password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. -F, --config-folder Path to the folder containing the config files. - --flush-cache Flush token cache. -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -The following entities require config files to be exported: -- authz-policies -- oauth2-agents -- saml -- service-objects - -Each config file must be named after the command it applies to. For example, -the config file for "authz-policies" should be named "authz-policies.json". -Please refer to the help message of each command to see an example config file by running: -"frodo config-manager pull -h" + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap index cfe453804..76cf7e86c 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull audit [options] [host] [realm] [username] [password] -Export audit objects. +[Experimental] Export audit objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap index 2f8458bac..0b1e2d93d 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap @@ -3,65 +3,26 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull authentication [options] [host] [realm] [username] [password] -Export authentication objects. +[Experimental] Export authentication objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use + a connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - -r, --realm Specifies the realm to export from. Only the entity object from this realm will be exported. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -r, --realm Specifies the realm to export from. Only the entity + object from this realm will be exported. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap index 419ef8a17..9adcbdf7d 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap @@ -3,88 +3,35 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull authz-policies [options] [host] [realm] [username] [password] -Export authorization policies from realm. +[Experimental] Export authorization policies from realm. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file The AUTHZ_POLICY_SETS_CONFIG json file. ex: "/home/trivir/Documents/policy-sets.json", or "policy-sets.json" - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --policy-name Get only a specific policy set with the name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - -r, --realm Specifies the realm to export from. Only policy sets from this realm will be exported. Ignored with -f - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -HELP MESSAGE: -Make sure to create the export config file: authz-policies.json to run this command. -Example command: frodo config-manager pull authz-policies -f authz-policies.json -D ../testDir frodo-dev - -Config file example: ------------------------ Example authz policies export config for authz-policies.json file ------------------------ -{ - "alpha": [ - "oauth2Scopes", - "EdgePolicySet", - "FeatureStorePolicySet", - "data", - "test-policy-set" - ], - "bravo": [ - "oauth2Scopes", - "murphyTestPolicySet" - ] -} -* -------------------------------------------------------------------------------------------- - + -f, --file The AUTHZ_POLICY_SETS_CONFIG json file. + ex: + "/home/trivir/Documents/policy-sets.json", + or "policy-sets.json" + -n, --policy-name Get only a specific policy set with the + name. + -r, --realm Specifies the realm to export from. Only + policy sets from this realm will be + exported. Ignored with -f + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment + variables, and usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap index ac79ec140..1141fb127 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap @@ -3,65 +3,30 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull connector-definitions [options] [host] [realm] [username] [password] -Export aconnector definitions. +[Experimental] Export aconnector definitions. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" + otherwise.) + username Username to login with. Must be an admin user + with appropriate rights to manage authentication + journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Get connector-definition from specified name/id, without the type prefix. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + -n, --name Get connector-definition from specified name/id, + without the type prefix. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap index 2c6f96666..20fe9dbb4 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap @@ -3,64 +3,25 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull connector-mappings [options] [host] [realm] [username] [password] -Export connector mappings. +[Experimental] Export connector mappings. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap index da77b4d38..a36e6983c 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull cookie-domains [options] [host] [realm] [username] [password] -Export cookie-domains objects. +[Experimental] Export cookie-domains objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap index d73fa17bf..5edccf30d 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap @@ -3,64 +3,25 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull cors [options] [host] [realm] [username] [password] -Export CORS configuration. +[Experimental] Export CORS configuration. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. +Deployment: Cloud-only +Options: + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap index 43003027c..6c6ffdef0 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap @@ -3,80 +3,28 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull csp [options] [host] [realm] [username] [password] -Export content security policy. +[Experimental] Export content security policy. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. -Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file The CSP_OVERRIDES json file. ex: "/home/trivir/Documents/csp-overrides.json", or "csp-overrides.json" - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -There is an option to overrides the export file. ------------------------ Example CSP_OVERRIDES json file ---------------------------------- -{ - "enforced": { - "active": { - "$bool": "\${CSP_ENFORCED}" - } - }, - "report-only": { -"active": { -"$bool": "\${CSP_REPORT_ONLY}" -} - } -} +Deployment: Cloud-only +Options: + -f, --file The CSP_OVERRIDES json file. ex: + "/home/trivir/Documents/csp-overrides.json", or + "csp-overrides.json" + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap index 1f65ab678..29390c6b5 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull email-provider [options] [host] [realm] [username] [password] -Export email provider configuration. +[Experimental] Export email provider configuration. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap index 28984a54a..f1a659fa9 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap @@ -3,65 +3,25 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull email-templates [options] [host] [realm] [username] [password] -Export email-templates objects. +[Experimental] Export email-templates objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Email-templates name, It only export the endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name Email-templates name, It only export the endpoint with the + name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap index 7ba10e276..6a30e8b10 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap @@ -3,65 +3,24 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull endpoints [options] [host] [realm] [username] [password] -Export custom endpoints objects. +[Experimental] Export custom endpoints objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Endpoint name, It only export the endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name Endpoint name, It only export the endpoint with the name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap index 0a68887e9..7ef301cbc 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap @@ -3,65 +3,25 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull internal-roles [options] [host] [realm] [username] [password] -Export internal roles. +[Experimental] Export internal roles. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Internal role name, It only export the endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name Internal role name, It only export the endpoint with the + name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap index 790748ab6..f9896ed05 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap @@ -3,67 +3,29 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull journeys [options] [host] [realm] [username] [password] -Export journeys. +[Experimental] Export journeys. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To + use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -d, --pull-dependencies Pull dependencies. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Journey name, It only export the journey with the name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - -r, --realm Specific realm to get journeys from (overrides environment) - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -d, --pull-dependencies Pull dependencies. + -n, --name Journey name, It only export the journey with the + name. + -r, --realm Specific realm to get journeys from (overrides + environment) + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap index 61076a96f..ab4b74e5d 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull kba [options] [host] [realm] [username] [password] -Export kba-config objects. +[Experimental] Export kba-config objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap index 0e9010c69..da7e0feb5 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap @@ -3,65 +3,24 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull locales [options] [host] [realm] [username] [password] -Export custom locales objects. +[Experimental] Export custom locales objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name locale name, It only export the locale with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name locale name, It only export the locale with the name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap index c53657e73..8b0630e9b 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap @@ -3,65 +3,24 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull managed-objects [options] [host] [realm] [username] [password] -Export managed-objects. +[Experimental] Export managed-objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name Endpoint name, It only export the endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name Endpoint name, It only export the endpoint with the name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap index 1b0bc4a9c..b7f522512 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap @@ -3,65 +3,26 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull password-policy [options] [host] [realm] [username] [password] -Export password-policy objects. +[Experimental] Export password-policy objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use + a connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - -r, --realm Specifies the realm to export from. Only the entity object from this realm will be exported. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -r, --realm Specifies the realm to export from. Only the entity + object from this realm will be exported. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap index f5ffc9821..5b760f3f6 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap @@ -3,85 +3,27 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull raw [options] [host] [realm] [username] [password] -Export raw configurations from the tenant. +[Experimental] Export raw configurations from the tenant. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. + To use a connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root realm or + 'realm' or '/parent/child' otherwise. (default: + "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication + journeys/trees. + password Password. + +Deployment: Cloud-only Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --config-file The file path of the service object config file. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -HELP MESSAGE: -Make sure to create an export config file: raw.json to run this command. -Example command: frodo config-manager pull raw -f raw.json -D ../testDir frodo-dev - -Config file example: ------------- Example Oauth2 agents export config for oauth2-agents.json file ----------- -[ - { "path": "/openidm/config/authentication" }, - { - "path": "/am/json/realms/root/realms/alpha/realm-config/webhooks/test-webhook", - "overrides": { "url": "\${TEST_WEBHOOK_URL}" }, - "pushApiVersion": { - "protocol": "2.0", - "resource": "1.0" - } - }, - {"path": "/environment/release"} -] -* -------------------------------------------------------------------------------------------- - + -f, --config-file The file path of the service object config file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and + usage examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap index f149407e0..4577a3f08 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap @@ -3,64 +3,23 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull remote-servers [options] [host] [realm] [username] [password] -Export remote-servers objects. +[Experimental] Export remote-servers objects. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' or + '/parent/child' otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap index 920d3273c..a16ff3499 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap @@ -3,93 +3,24 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull saml [options] [host] [realm] [username] [password] -Export saml. +[Experimental] Export saml. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - -f, --file The file path of the SAML config file. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - -HELP MESSAGE: -Make sure to create the export config file: saml.json to run this command. -Example command: frodo config-manager pull saml -f saml.json -D ../testDir frodo-dev - -Config file example: ------------------------ Example SAML export config for saml.json file ------------------------ -{ - "alpha": { - "samlProviders": [ - { - "entityId": "urn:federation:MicrosoftOnline", - "fileName": "microsoftOnline" - }, - { - "entityId": "iSPAzure", - "replacements": [ - { - "search": "https://idc.scheuber.io/am", - "replacement": "\${TENANT_BASE_URL}" - } - ] - } - ], - "circlesOfTrust": ["AzureCOT", "affiliation-test"] - } -} -* -------------------------------------------------------------------------------------------- - + -f, --file The file path of the SAML config file. + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap index c047c3de2..31c496849 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap @@ -3,65 +3,24 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull schedules [options] [host] [realm] [username] [password] -Export schedules. +[Experimental] Export schedules. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique substring or + alias. + realm Realm. Specify realm as '/' for the root realm or 'realm' + or '/parent/child' otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with + appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --name schedule name, It only export the endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private key if it is encrypted. - --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - --retry Retry failed operations. Valid values for strategy: - everything: Retry all failed operations. - network: Retry only network-related failed operations. - nothing: Do not retry failed operations. - The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. - --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". - --verbose Verbose output during command execution. If specified, may or may not produce additional output. - -Environment Variables: - FRODO_HOST: AM base URL. Overridden by 'host' argument. - FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. - FRODO_REALM: Realm. Overridden by 'realm' argument. - FRODO_USERNAME: Username. Overridden by 'username' argument. - FRODO_PASSWORD: Password. Overridden by 'password' argument. - FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. - FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. - FRODO_AMSTER_PASSPHRASE: Passphrase for the Amster private key if it is encrypted. Overridden by '--passphrase' option. - FRODO_AMSTER_PRIVATE_KEY: Amster private key. Overridden by '--private-key' option but takes the actual private key as a value (i.e. the file contents), not a file name. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. - FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. - FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. - FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. - FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. When using an Amster private key, specifies which journey to use for Amster authentication as opposed to the default 'amsterService' journey. - FRODO_AUTHENTICATION_HEADER_OVERRIDES: Map of headers: '{"host":"am.example.com:8081"}'. These headers are sent with all requests and can be used to override default behavior, for example to set a custom host header for Proxy Connect-protected PingOne Advanced Identity Cloud environments. - FRODO_CONFIGURATION_HEADER_OVERRIDES: Map of headers: '{"X-Configuration-Type":"mutable"}'. These headers are sent with all configuration requests and can be used to override default behavior, for example to set a custom configuration header for mutable PingOne Advanced Identity Cloud environments. - FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. - FRODO_IGA: Set to "true" to enable IGA (Identity Governance) endpoints for cloud deployments, or "false" to disable them, overriding auto-detected value. - FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. - FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. - + -n, --name schedule name, It only export the endpoint with the name + -h, --help Help + -hh, --help-more Help with all options. + -hhh, --help-all Help with all options, environment variables, and usage + examples. " `; diff --git a/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap index 0c8d2f1eb..06e49c74e 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap @@ -3,94 +3,43 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = ` "Usage: frodo config-manager pull scripts [options] [host] [realm] [username] [password] -Export authorization scripts. +[Experimental] Export authorization scripts. Arguments: - host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring or alias. - realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. - password Password. + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a unique + substring or alias. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for Identity + Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". - --just-config Export only the config .json files, no scripts. Ignored with --just-content - --just-content Export only the script .js files, no config files - -k, --insecure Allow insecure connections when using SSL/TLS, including expired certificates. (default: Don't allow insecure connections) - --language Export all scripts written a certain programming language. ALL, GROOVY, or JAVASCRIPT. defaults to JAVASCRIPT. Ignored with -n - --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. Valid values for type: - classic: A classic Access Management-only deployment with custom layout and configuration. - cloud: A ForgeRock Identity Cloud environment. - forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") - -n, --script-name