trivir · dallinjsevy · Mar 20, 2026
diff --git a/src/cli/config-manager/config-manager-push/config-manager-push-services.ts b/src/cli/config-manager/config-manager-push/config-manager-push-services.ts
@@ -0,0 +1,67 @@
+import { frodo } from '@rockcarver/frodo-lib';
+import { Option } from 'commander';
+
+import { configManagerImportServices } from '../../../configManagerOps/FrConfigServiceOps';
+import { getTokens } from '../../../ops/AuthenticateOps';
+import { printMessage, verboseMessage } from '../../../utils/Console';
+import { FrodoCommand } from '../../FrodoCommand';
+
+const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } =
+  frodo.utils.constants;
+
+const deploymentTypes = [
+  CLOUD_DEPLOYMENT_TYPE_KEY,
+  FORGEOPS_DEPLOYMENT_TYPE_KEY,
+];
+
+export default function setup() {
+  const program = new FrodoCommand(
+    'frodo config-manager push services',
+    [],
+    deploymentTypes
+  );
+
+  program
+    .description('Import authentication services.')
+    .addOption(
+      new Option(
+        '-n, --name <name>',
+        'Service name, It only Import the specified service name.'
+      )
+    )
+    .addOption(
+      new Option('-r, --realm <realm>', 'Specific realm to import services to')
+    )
+
+    .action(async (host, realm, user, password, options, command) => {
+      command.handleDefaultArgsAndOpts(
+        host,
+        realm,
+        user,
+        password,
+        options,
+        command
+      );
+
+      if (options.realm) {
+        realm = options.realm;
+      }
+
+      if (await getTokens(false, true, deploymentTypes)) {
+        verboseMessage('Importing services');
+        const outcome = await configManagerImportServices(realm);
+        if (!outcome) process.exitCode = 1;
+      }
+      // unrecognized combination of options or no options
+      else {
+        printMessage(
+          'Unrecognized combination of options or no options...',
+          'error'
+        );
+        program.help();
+        process.exitCode = 1;
+      }
+    });
+
+  return program;
+}
diff --git a/src/cli/config-manager/config-manager-push/config-manager-push.ts b/src/cli/config-manager/config-manager-push/config-manager-push.ts
@@ -13,6 +13,7 @@ import OrgPrivileges from './config-manager-push-org-privileges';
 import PasswordPolicy from './config-manager-push-password-policy';
 import Schedules from './config-manager-push-schedules';
 import ServiceObjects from './config-manager-push-service-objects';
+import Services from './config-manager-push-services';
 import TermsAndConditions from './config-manager-push-terms-and-conditions';
 import Themes from './config-manager-push-themes';
 import UiConfig from './config-manager-push-ui-config';
@@ -39,6 +40,6 @@ export default function setup() {
   program.addCommand(CookieDomains().name('cookie-domains'));
   program.addCommand(ServiceObjects().name('service-objects'));
   program.addCommand(UiConfig().name('ui-config'));
-
+  program.addCommand(Services().name('services'));
   return program;
 }
diff --git a/src/configManagerOps/FrConfigServiceOps.ts b/src/configManagerOps/FrConfigServiceOps.ts
@@ -1,10 +1,11 @@
 import { frodo, state } from '@rockcarver/frodo-lib';
+import fs from 'fs';
 
 import { printError } from '../utils/Console';
 import { realmList } from '../utils/FrConfig';
 
 const { getFilePath, saveJsonToFile } = frodo.utils;
-const { getFullServices } = frodo.service;
+const { getFullServices, importService } = frodo.service;
 
 /**
  * Export all services to separate files in fr-config-manager format
@@ -61,3 +62,92 @@ async function processServices(services, realm, name) {
     );
   }
 }
+
+async function processImportServices(realm: string, dir?: string) {
+  if (
+    realm === '/' &&
+    state.getDeploymentType() ===
+      frodo.utils.constants.CLOUD_DEPLOYMENT_TYPE_KEY
+  ) {
+    return [];
+  }
+
+  const getDir = dir ?? getFilePath(`realms/${realm}/services/`);
+
+  if (!fs.existsSync(getDir)) {
+    return [];
+  }
+
+  const entries = fs.readdirSync(getDir, { withFileTypes: true });
+
+  const results = [];
+  for (const entry of entries) {
+    const fullPath = `${getDir}/${entry.name}`;
+
+    if (entry.name.endsWith('.json')) {
+      const serviceData = JSON.parse(fs.readFileSync(fullPath, 'utf8'));
+      const baseName = entry.name.replace('.json', '');
+      const subDirPath = `${getDir}${baseName}`;
+
+      let descendants = [];
+      if (fs.existsSync(subDirPath) && fs.statSync(subDirPath).isDirectory()) {
+        const subEntries = fs.readdirSync(subDirPath, { withFileTypes: true });
+        descendants = subEntries
+          .filter((e) => e.name.endsWith('.json'))
+          .map((e) => ({
+            id: e.name.replace('.json', ''),
+            data: JSON.parse(
+              fs.readFileSync(`${subDirPath}/${e.name}`, 'utf8')
+            ),
+          }));
+      }
+      results.push({ filePath: fullPath, serviceData, descendants });
+    }
+  }
+
+  return results;
+}
+
+export async function configManagerImportServices(realm?): Promise<boolean> {
+  try {
+    let realms: string[] = [];
+
+    if (realm === '__default__realm__' || !realm) {
+      const realmsDir = getFilePath('realms/');
+      if (fs.existsSync(realmsDir)) {
+        realms = fs
+          .readdirSync(realmsDir, { withFileTypes: true })
+          .filter((e) => e.isDirectory())
+          .map((e) => e.name);
+      }
+    } else {
+      realms = [realm];
+    }
+
+    for (const realmName of realms) {
+      state.setRealm(`/${realmName}`);
+
+      const services = await processImportServices(realmName);
+
+      for (const { serviceData, descendants = [] } of services) {
+        const serviceId = serviceData._type._id;
+
+        if (descendants.length > 0) {
+          serviceData.nextDescendents = descendants.map(({ data }) => data);
+        }
+
+        const importData = { service: { [serviceId]: serviceData } };
+
+        await importService(serviceId, importData, {
+          clean: false,
+          global: false,
+          realm: true,
+        });
+      }
+    }
+    return true;
+  } catch (error) {
+    printError(error);
+  }
+  return false;
+}
diff --git a/test/client_cli/en/__snapshots__/config-manager-push-services.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push-services.test.js.snap
@@ -0,0 +1,28 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`CLI help interface for 'config-manager push services' should be expected english 1`] = `
+"Usage: frodo config-manager push services [options] [host] [realm] [username] [password]
+
+[Experimental] Import authentication services.
+
+Arguments:
+  host                 AM base URL, e.g.: https://cdk.iam.example.com/am. To use
+                       a connection profile, just specify a unique substring or
+                       alias.
+  realm                Realm. Specify realm as '/' for the root realm or 'realm'
+                       or '/parent/child' otherwise. (default: "alpha" for
+                       Identity Cloud tenants, "/" otherwise.)
+  username             Username to login with. Must be an admin user with
+                       appropriate rights to manage authentication
+                       journeys/trees.
+  password             Password.
+
+Options:
+  -n, --name <name>    Service name, It only Import the specified service name.
+  -r, --realm <realm>  Specific realm to import services to
+  -h, --help           Help
+  -hh, --help-more     Help with all options.
+  -hhh, --help-all     Help with all options, environment variables, and usage
+                       examples.
+"
+`;
diff --git a/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-push.test.js.snap
@@ -28,6 +28,7 @@ Commands:
   password-policy       [Experimental] Import password-policy objects.
   schedules             [Experimental] Import schedules.
   service-objects       [Experimental] Import service objects.
+  services              [Experimental] Import authentication services.
   terms-and-conditions  [Experimental] Import terms and conditions.
   themes                [Experimental] Import themes.
   ui-config             [Experimental] Import UI configuration.

diff --git a/test/client_cli/en/config-manager-push-services.test.js b/test/client_cli/en/config-manager-push-services.test.js
@@ -0,0 +1,10 @@
+import cp from 'child_process';
+import { promisify } from 'util';
+
+const exec = promisify(cp.exec);
+const CMD = 'frodo config-manager push services --help';
+const { stdout } = await exec(CMD);
+
+test("CLI help interface for 'config-manager push services' should be expected english", async () => {
+    expect(stdout).toMatchSnapshot();
+});
diff --git a/test/e2e/__snapshots__/config-manager-push-services.e2e.test.js.snap b/test/e2e/__snapshots__/config-manager-push-services.e2e.test.js.snap
@@ -0,0 +1,5 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`frodo config-manager push service-objects "frodo config-manager push services -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import the service into forgeops" 1`] = `""`;
+
+exports[`frodo config-manager push service-objects "frodo config-manager push services -r alpha -D test/e2e/exports/fr-config-manager/forgeops -m forgeops": should import a specific service by realm into forgeops" 1`] = `""`;
diff --git a/test/e2e/config-manager-push-services.e2e.test.js b/test/e2e/config-manager-push-services.e2e.test.js
@@ -0,0 +1,79 @@
+/**
+ * Follow this process to write e2e tests for the CLI project:
+ *
+ * 1. Test if all the necessary mocks for your tests already exist.
+ *    In mock mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=1 frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    If your command completes without errors and with the expected results,
+ *    all the required mocks already exist and you are good to write your
+ *    test and skip to step #4.
+ *
+ *    If, however, your command fails and you see errors like the one below,
+ *    you know you need to record the mock responses first:
+ *
+ *    [Polly] [adapter:node-http] Recording for the following request is not found and `recordIfMissing` is `false`.
+ *
+ * 2. Record mock responses for your exact command.
+ *    In mock record mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=record frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    Wait until you see all the Polly instances (mock recording adapters) have
+ *    shutdown before you try to run step #1 again.
+ *    Messages like these indicate mock recording adapters shutting down:
+ *
+ *    Polly instance 'conn/4' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 2s...
+ *    Polly instance 'conn/save/3' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopping in 2s...
+ *    Polly instance 'conn/4' stopped.
+ *    Polly instance 'conn/save/3' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopped.
+ *
+ * 3. Validate your freshly recorded mock responses are complete and working.
+ *    Re-run the exact command you want to test in mock mode (see step #1).
+ *
+ * 4. Write your test.
+ *    Make sure to use the exact command including number of arguments and params.
+ *
+ * 5. Commit both your test and your new recordings to the repository.
+ *    Your tests are likely going to reside outside the frodo-lib project but
+ *    the recordings must be committed to the frodo-lib project.
+ */
+
+/*
+// ForgeOps
+FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://nightly.gcp.forgeops.com/am frodo config-manager push services -D test/e2e/exports/fr-config-manager/forgeops -m forgeops
+FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://nightly.gcp.forgeops.com/am frodo config-manager push services -r alpha -D test/e2e/exports/fr-config-manager/forgeops -m forgeops
+*/
+
+import cp from 'child_process';
+import { promisify } from 'util';
+import { getEnv, removeAnsiEscapeCodes } from './utils/TestUtils';
+import { forgeops_connection as fc } from './utils/TestConfig';
+
+const exec = promisify(cp.exec);
+
+process.env['FRODO_MOCK'] = '1';
+const forgeopsEnv = getEnv(fc);
+
+const allDirectory = "test/e2e/exports/fr-config-manager/forgeops";
+
+describe('frodo config-manager push service-objects', () => {
+    test(`"frodo config-manager push services -D ${allDirectory} -m forgeops": should import the service into forgeops"`, async () => {
+        const CMD = `frodo config-manager push services -D ${allDirectory} -m forgeops`;
+        const { stdout,stderr } = await exec(CMD, forgeopsEnv);
+        expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot();
+    });
+
+    test(`"frodo config-manager push services -r alpha -D ${allDirectory} -m forgeops": should import a specific service by realm into forgeops"`, async () => {
+        const CMD = `frodo config-manager push services -r alpha -D ${allDirectory} -m forgeops`;
+        const { stdout } = await exec(CMD, forgeopsEnv);
+        expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot();
+    });
+});
diff --git a/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/services/baseurl.json b/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/services/baseurl.json
@@ -0,0 +1,12 @@
+{
+  "_id": "",
+  "_rev": "-1889820858",
+  "_type": {
+    "_id": "baseurl",
+    "collection": false,
+    "name": "Base URL Source"
+  },
+  "contextPath": "/am",
+  "fixedValue": "https://&{fqdn}",
+  "source": "REQUEST_VALUES"
+}
diff --git a/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/services/id-repositories.json b/test/e2e/exports/fr-config-manager/forgeops/realms/alpha/services/id-repositories.json
@@ -0,0 +1,15 @@
+{
+  "_id": "",
+  "_rev": "-1741783487",
+  "_type": {
+    "_id": "id-repositories",
+    "collection": false,
+    "name": "sunIdentityRepositoryService"
+  },
+  "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner",
+  "sunIdRepoAttributeValidator": [
+    "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl",
+    "minimumPasswordLength=8",
+    "usernameInvalidChars=*|(|)|&|!"
+  ]
+}