@rockcarver/frodo-cli 0.10.4 → 0.11.1-2

package/src/ops/LogOps.js

@@ -1,357 +0,0 @@
-import { printMessage } from './utils/Console.js';
-import { getCurrentTimestamp } from './utils/ExportImportUtils.js';
-import {
-  createAPIKeyAndSecret,
-  getAPIKeys,
-  getSources,
-} from '../api/LogApi.js';
-
-import storage from '../storage/SessionStorage.js';
-
-import * as LogApi from '../api/LogApi.js';
-
-const unfilterableNoise = [
-  'text/plain'  // Unfortunately, it is impossible to filter out those without excluding IDM script logging as well
-]
-
-const miscNoise = [
-  'com.iplanet.dpro.session.operations.ServerSessionOperationStrategy',
-  'com.iplanet.dpro.session.SessionIDFactory',
-  'com.iplanet.dpro.session.share.SessionEncodeURL',
-  'com.iplanet.services.naming.WebtopNaming',
-  'com.iplanet.sso.providers.dpro.SSOProviderImpl',
-  'com.sun.identity.authentication.AuthContext',
-  'com.sun.identity.authentication.client.AuthClientUtils',
-  'com.sun.identity.authentication.config.AMAuthConfigType',
-  'com.sun.identity.authentication.config.AMAuthenticationManager',
-  'com.sun.identity.authentication.config.AMAuthLevelManager',
-  'com.sun.identity.authentication.config.AMConfiguration',
-  'com.sun.identity.authentication.jaas.LoginContext',
-  'com.sun.identity.authentication.modules.application.Application',
-  'com.sun.identity.authentication.server.AuthContextLocal',
-  'com.sun.identity.authentication.service.AMLoginContext',
-  'com.sun.identity.authentication.service.AuthContextLookup',
-  'com.sun.identity.authentication.service.AuthD',
-  'com.sun.identity.authentication.service.AuthUtils',
-  'com.sun.identity.authentication.service.DSAMECallbackHandler',
-  'com.sun.identity.authentication.service.LoginState',
-  'com.sun.identity.authentication.spi.AMLoginModule',
-  'com.sun.identity.delegation.DelegationEvaluatorImpl',
-  'com.sun.identity.idm.plugins.internal.AgentsRepo',
-  'com.sun.identity.idm.server.IdCachedServicesImpl',
-  'com.sun.identity.idm.server.IdRepoPluginsCache',
-  'com.sun.identity.idm.server.IdServicesImpl',
-  'com.sun.identity.log.spi.ISDebug',
-  'com.sun.identity.shared.encode.CookieUtils',
-  'com.sun.identity.sm.ldap.SMSLdapObject',
-  'com.sun.identity.sm.CachedSMSEntry',
-  'com.sun.identity.sm.CachedSubEntries',
-  'com.sun.identity.sm.DNMapper',
-  'com.sun.identity.sm.ServiceConfigImpl',
-  'com.sun.identity.sm.ServiceConfigManagerImpl',
-  'com.sun.identity.sm.SMSEntry',
-  'com.sun.identity.sm.SMSUtils',
-  'com.sun.identity.sm.SmsWrapperObject',
-  'oauth2',
-  'org.apache.http.client.protocol.RequestAuthCache',
-  'org.apache.http.impl.conn.PoolingHttpClientConnectionManager',
-  'org.apache.http.impl.nio.client.InternalHttpAsyncClient',
-  'org.apache.http.impl.nio.client.InternalIODispatch',
-  'org.apache.http.impl.nio.client.MainClientExec',
-  'org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl',
-  'org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager',
-  'org.forgerock.audit.AuditServiceImpl',
-  'org.forgerock.oauth2.core.RealmOAuth2ProviderSettings',
-  'org.forgerock.openam.authentication.service.JAASModuleDetector',
-  'org.forgerock.openam.authentication.service.LoginContextFactory',
-  'org.forgerock.openam.blacklist.BloomFilterBlacklist',
-  'org.forgerock.openam.blacklist.CTSBlacklist',
-  'org.forgerock.openam.core.realms.impl.CachingRealmLookup',
-  'org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager',
-  'org.forgerock.openam.core.rest.authn.trees.AuthTrees',
-  'org.forgerock.openam.cors.CorsFilter',
-  'org.forgerock.openam.cts.CTSPersistentStoreImpl',
-  'org.forgerock.openam.cts.impl.CoreTokenAdapter',
-  'org.forgerock.openam.cts.impl.queue.AsyncResultHandler',
-  'org.forgerock.openam.cts.reaper.ReaperDeleteOnQueryResultHandler',
-  'org.forgerock.openam.headers.DisableSameSiteCookiesFilter',
-  'org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo',
-  'org.forgerock.openam.rest.CsrfFilter',
-  'org.forgerock.openam.rest.restAuthenticationFilter',
-  'org.forgerock.openam.rest.fluent.CrestLoggingFilter',
-  'org.forgerock.openam.session.cts.CtsOperations',
-  'org.forgerock.openam.session.stateless.StatelessSessionManager',
-  'org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig',
-  'org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder',
-  'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor',
-  'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread',
-  'org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider',
-  'org.forgerock.openam.sm.file.ConfigFileSystemHandler',
-  'org.forgerock.openam.social.idp.SocialIdentityProviders',
-  'org.forgerock.openam.utils.ClientUtils',
-  'org.forgerock.opendj.ldap.CachedConnectionPool',
-  'org.forgerock.opendj.ldap.LoadBalancer',
-  'org.forgerock.secrets.keystore.KeyStoreSecretStore',
-  'org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore',
-  'org.forgerock.secrets.SecretsProvider',
-];
-
-const journeysNoise = [
-  'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',
-];
-
-// eslint-disable-next-line no-unused-vars
-const journeys = [
-  'org.forgerock.openam.auth.nodes.SelectIdPNode',
-  'org.forgerock.openam.auth.nodes.ValidatedPasswordNode',
-  'org.forgerock.openam.auth.nodes.ValidatedUsernameNode',
-  'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',
-];
-
-const samlNoise = [
-  'com.sun.identity.cot.COTCache',
-  'com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl',
-  'com.sun.identity.saml2.meta.SAML2MetaCache',
-  'com.sun.identity.saml2.profile.CacheCleanUpRunnable',
-  'org.apache.xml.security.keys.KeyInfo',
-  'org.apache.xml.security.signature.XMLSignature',
-  'org.apache.xml.security.utils.SignerOutputStream',
-  'org.apache.xml.security.utils.resolver.ResourceResolver',
-  'org.apache.xml.security.utils.resolver.implementations.ResolverFragment',
-  'org.apache.xml.security.algorithms.JCEMapper',
-  'org.apache.xml.security.algorithms.implementations.SignatureBaseRSA',
-  'org.apache.xml.security.algorithms.SignatureAlgorithm',
-  'org.apache.xml.security.utils.ElementProxy',
-  'org.apache.xml.security.transforms.Transforms',
-  'org.apache.xml.security.utils.DigesterOutputStream',
-  'org.apache.xml.security.signature.Reference',
-  'org.apache.xml.security.signature.Manifest',
-];
-
-// eslint-disable-next-line no-unused-vars
-const saml = [
-  'jsp.saml2.spAssertionConsumer',
-  'com.sun.identity.saml.common.SAMLUtils',
-  'com.sun.identity.saml2.common.SAML2Utils',
-  'com.sun.identity.saml2.meta.SAML2MetaManager',
-  'com.sun.identity.saml2.xmlsig.FMSigProvider',
-];
-
-const noise = miscNoise.concat(samlNoise).concat(journeysNoise);
-
-const numLogLevelMap = {
-  0: ['SEVERE', 'ERROR', 'FATAL'],
-  1: ['WARNING', 'WARN', 'CONFIG'],
-  2: ['INFO', 'INFORMATION'],
-  3: ['DEBUG', 'FINE', 'FINER', 'FINEST'],
-  4: ['ALL'],
-};
-
-const logLevelMap = {
-  SEVERE: ['SEVERE', 'ERROR', 'FATAL'],
-  ERROR: ['SEVERE', 'ERROR', 'FATAL'],
-  FATAL: ['SEVERE', 'ERROR', 'FATAL'],
-  WARN: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],
-  WARNING: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],
-  CONFIG: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],
-  INFO: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-  ],
-  INFORMATION: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-  ],
-  DEBUG: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-    'DEBUG',
-    'FINE',
-    'FINER',
-    'FINEST',
-  ],
-  FINE: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-    'DEBUG',
-    'FINE',
-    'FINER',
-    'FINEST',
-  ],
-  FINER: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-    'DEBUG',
-    'FINE',
-    'FINER',
-    'FINEST',
-  ],
-  FINEST: [
-    'SEVERE',
-    'ERROR',
-    'FATAL',
-    'WARNING',
-    'WARN',
-    'CONFIG',
-    'INFO',
-    'INFORMATION',
-    'DEBUG',
-    'FINE',
-    'FINER',
-    'FINEST',
-  ],
-  ALL: ['ALL'],
-};
-
-export function resolveLevel(level) {
-  //   const levels = ['FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', 'TRACE', 'ALL'];
-  //   levels.splice(levels.indexOf(levelName) + 1, levels.length);
-  if (Number.isNaN(parseInt(level, 10))) {
-    return logLevelMap[level];
-  }
-  return logLevelMap[numLogLevelMap[level][0]];
-}
-
-// It seems that the undesirable 'text/plain' logs start with a date, not a LEVEL 
-// Therefore, for those, this function returns null, and thus filters out the undesirable
-export function resolvePayloadLevel(log) {
-  try {
-    return log.type !== 'text/plain' ? log.payload.level : log.payload.match(/^([^:]*):/)[1];
-  } catch (e) { // Fail-safe for no group match
-    return null
-  }
-}
-
-export async function getLogSources() {
-  const sources = [];
-  await getSources()
-    .then((response) => {
-      response.data.result.forEach((item) => {
-        sources.push(item);
-      });
-    })
-    .catch((error) => {
-      printMessage(
-        `getSources ERROR: get log sources call returned ${error}}`,
-        'error'
-      );
-      return [];
-    });
-  return sources;
-}
-
-export async function tailLogs(source, levels, txid, cookie) {
-  try {
-    const response = await LogApi.tail(source, cookie);
-    if (response.status < 200 || response.status > 399) {
-      printMessage(
-        `tail ERROR: tail call returned ${response.status}`,
-        'error'
-      );
-      return null;
-    }
-    // if (!cookie) {
-    //   await saveConnection();
-    // }
-    const logsObject = response.data;
-    let filteredLogs = [];
-    if (Array.isArray(logsObject.result)) {
-      filteredLogs = logsObject.result.filter(
-        (el) =>
-          !noise.includes(el.payload.logger) &&
-          !noise.includes(el.type) &&
-          (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&
-          (typeof txid === 'undefined' ||
-            txid === null ||
-            el.payload.transactionId.includes(txid))
-      );
-    }
-
-    filteredLogs.forEach((e) => {
-      printMessage(JSON.stringify(e.payload), 'data');
-    });
-
-    setTimeout(() => {
-      tailLogs(source, levels, txid, logsObject.result.pagedResultsCookie);
-    }, 5000);
-    return null;
-  } catch (e) {
-    printMessage(`tail ERROR: tail data error - ${e}`, 'error');
-    return `tail ERROR: tail data error - ${e}`;
-  }
-}
-
-export async function provisionCreds() {
-  try {
-    let keyName = `frodo-${storage.session.getUsername()}`;
-    return getAPIKeys()
-      .then((response) => {
-        response.data.result.forEach((k) => {
-          if (k.name === keyName) {
-            // append current timestamp to name if the named key already exists
-            keyName = `${keyName}-${getCurrentTimestamp()}`;
-          }
-        });
-        return createAPIKeyAndSecret(keyName)
-          .then((resp) => {
-            if (resp.data.name !== keyName) {
-              printMessage(
-                `create keys ERROR: could not create log API key ${keyName}`,
-                'error'
-              );
-              return null;
-            }
-            printMessage(
-              `Created a new log API key [${keyName}] in ${storage.session.getTenant()}`
-            );
-            return resp.data;
-          })
-          .catch((error) => {
-            printMessage(
-              `create keys ERROR: create keys call returned ${error}`,
-              'error'
-            );
-            return null;
-          });
-      })
-      .catch((error) => {
-        printMessage(
-          `get keys ERROR: get keys call returned ${error}`,
-          'error'
-        );
-      });
-  } catch (e) {
-    printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');
-    return null;
-  }
-}

package/src/ops/ManagedObjectOps.js

@@ -1,34 +0,0 @@
-import { getManagedObject } from '../api/ManagedObjectApi.js';
-
-/**
- * Resolve a managed object's uuid to a human readable username
- * @param {String} type managed object type, e.g. teammember or alpha_user
- * @param {String} id managed object _id
- * @returns {String} resolved username or uuid if any error occurs during reslution
- */
-export async function resolveUserName(type, id) {
-  try {
-    return (await getManagedObject(type, id, ['userName'])).data.userName;
-  } catch (error) {
-    // eslint-disable-next-line no-empty
-  }
-  return id;
-}
-
-/**
- * Resolve a managed object's uuid to a human readable full name
- * @param {String} type managed object type, e.g. teammember or alpha_user
- * @param {String} id managed object _id
- * @returns {String} resolved full name or uuid if any error occurs during reslution
- */
-export async function resolveFullName(type, id) {
-  try {
-    const managedObject = (
-      await getManagedObject(type, id, ['givenName', 'sn'])
-    ).data;
-    return `${managedObject.givenName} ${managedObject.sn}`;
-  } catch (error) {
-    // eslint-disable-next-line no-empty
-  }
-  return id;
-}

package/src/ops/OAuth2ClientOps.js

@@ -1,151 +0,0 @@
-import fs from 'fs';
-import { createTable, printMessage } from './utils/Console.js';
-import {
-  getTypedFilename,
-  saveToFile,
-  titleCase,
-  validateImport,
-} from './utils/ExportImportUtils.js';
-import storage from '../storage/SessionStorage.js';
-import {
-  getOAuth2Client,
-  getOAuth2Clients,
-  putOAuth2Client,
-} from '../api/OAuth2ClientApi.js';
-import { getOAuth2Provider } from '../api/OAuth2ProviderApi.js';
-import { getRealmName } from '../api/utils/ApiUtils.js';
-
-/**
- * List OAuth2 clients
- */
-export async function listOAuth2Clients(long = false) {
-  try {
-    const clients = (await getOAuth2Clients()).data.result;
-    clients.sort((a, b) => a._id.localeCompare(b._id));
-    if (long) {
-      const table = createTable([
-        'Client Id',
-        'Status',
-        'Client Type',
-        'Grant Types',
-        'Scopes',
-        'Redirect URIs',
-        // 'Description',
-      ]);
-      const grantTypesMap = {
-        authorization_code: 'Authz Code',
-        client_credentials: 'Client Creds',
-        refresh_token: 'Refresh Token',
-        password: 'ROPC',
-        'urn:ietf:params:oauth:grant-type:uma-ticket': 'UMA',
-        implicit: 'Implicit',
-        'urn:ietf:params:oauth:grant-type:device_code': 'Device Code',
-        'urn:ietf:params:oauth:grant-type:saml2-bearer': 'SAML2 Bearer',
-        'urn:openid:params:grant-type:ciba': 'CIBA',
-        'urn:ietf:params:oauth:grant-type:token-exchange': 'Token Exchange',
-        'urn:ietf:params:oauth:grant-type:jwt-bearer': 'JWT Bearer',
-      };
-      clients.forEach((client) => {
-        table.push([
-          client._id,
-          client.coreOAuth2ClientConfig.status === 'Active'
-            ? 'Active'.brightGreen
-            : client.coreOAuth2ClientConfig.status.brightRed,
-          client.coreOAuth2ClientConfig.clientType,
-          client.advancedOAuth2ClientConfig.grantTypes
-            .map((type) => grantTypesMap[type])
-            .join('\n'),
-          client.coreOAuth2ClientConfig.scopes.join('\n'),
-          client.coreOAuth2ClientConfig.redirectionUris.join('\n'),
-          // wordwrap(client.description, 30),
-        ]);
-      });
-      printMessage(table.toString(), 'data');
-    } else {
-      clients.forEach((client) => {
-        printMessage(`${client._id}`, 'data');
-      });
-    }
-  } catch (error) {
-    printMessage(`Error listing scripts - ${error}`, 'error');
-  }
-}
-
-/**
- * Export OAuth2 client to file
- * @param {String} id client id
- * @param {String} file file name
- */
-export async function exportOAuth2ClientToFile(id, file) {
-  let fileName = getTypedFilename(id, 'oauth2.app');
-  if (file) {
-    fileName = file;
-  }
-  const oauth2Service = (await getOAuth2Provider()).data;
-  const client = (await getOAuth2Client(id)).data;
-  client._provider = oauth2Service;
-  saveToFile('application', [client], '_id', fileName);
-}
-
-/**
- * Export all OAuth2 clients to file
- * @param {String} file file name
- */
-export async function exportOAuth2ClientsToFile(file) {
-  let fileName = getTypedFilename(
-    `all${titleCase(getRealmName(storage.session.getRealm()))}Applications`,
-    'oauth2.app'
-  );
-  if (file) {
-    fileName = file;
-  }
-  const oauth2Service = (await getOAuth2Provider()).data;
-  const clients = (await getOAuth2Clients()).data.result;
-  const exportData = [];
-  for (const client of clients) {
-    client._provider = oauth2Service;
-    exportData.push(client);
-  }
-  saveToFile('application', exportData, '_id', fileName);
-}
-
-/**
- * Export all OAuth2 clients to separate files
- */
-export async function exportOAuth2ClientsToFiles() {
-  const oauth2Service = (await getOAuth2Provider()).data;
-  const clients = (await getOAuth2Clients()).data.result;
-  for (const client of clients) {
-    client._provider = oauth2Service;
-    const fileName = getTypedFilename(client._id, 'oauth2.app');
-    saveToFile('application', [client], '_id', fileName);
-  }
-}
-
-/**
- * Import OAuth2 clients from file
- * @param {String} file file name
- */
-export async function importOAuth2ClientsFromFile(file) {
-  fs.readFile(file, 'utf8', (err, data) => {
-    if (err) throw err;
-    const applicationData = JSON.parse(data);
-    if (validateImport(applicationData.meta)) {
-      for (const id in applicationData.application) {
-        if (
-          Object.prototype.hasOwnProperty.call(applicationData.application, id)
-        ) {
-          delete applicationData.application[id]._provider;
-          delete applicationData.application[id]._rev;
-          putOAuth2Client(id, applicationData.application[id]).then(
-            (result) => {
-              if (!result == null) printMessage(`Imported ${id}`);
-            }
-          );
-        }
-      }
-    } else {
-      printMessage('Import validation failed...', 'error');
-    }
-  });
-}

package/src/ops/OrganizationOps.js

@@ -1,85 +0,0 @@
-import { queryAllManagedObjectsByType } from '../api/IdmConfigApi.js';
-import storage from '../storage/SessionStorage.js';
-import { printMessage } from './utils/Console.js';
-
-/**
- * Get organization managed object type
- * @returns {String} organization managed object type in this realm
- */
-export function getRealmManagedOrganization() {
-  let realmManagedOrg = 'organization';
-  if (
-    storage.session.getDeploymentType() === global.CLOUD_DEPLOYMENT_TYPE_KEY
-  ) {
-    realmManagedOrg = `${storage.session.getRealm()}_organization`;
-  }
-  return realmManagedOrg;
-}
-
-/**
- * Get organizations
- * @returns {Promise} promise resolving to an object containing an array of organization objects
- */
-export async function getOrganizations() {
-  const orgs = [];
-  let result = {
-    result: [],
-    resultCount: 0,
-    pagedResultsCookie: null,
-    totalPagedResultsPolicy: 'NONE',
-    totalPagedResults: -1,
-    remainingPagedResults: -1,
-  };
-  try {
-    do {
-      // eslint-disable-next-line no-await-in-loop
-      result = await queryAllManagedObjectsByType(
-        getRealmManagedOrganization(),
-        ['name', 'parent/*/name', 'children/*/name'],
-        result.pagedResultsCookie
-      ).catch((queryAllManagedObjectsByTypeError) => {
-        printMessage(queryAllManagedObjectsByTypeError, 'error');
-        printMessage(
-          `Error querying ${getRealmManagedOrganization()} objects: ${queryAllManagedObjectsByTypeError}`,
-          'error'
-        );
-      });
-      orgs.concat(result.result);
-      printMessage('.', 'text', false);
-    } while (result.pagedResultsCookie);
-  } catch (error) {
-    printMessage(error.response.data, 'error');
-    printMessage(`Error retrieving all organizations: ${error}`, 'error');
-  }
-  return orgs;
-}
-
-// unfinished work
-export async function listOrganizationsTopDown() {
-  const orgs = [];
-  let result = {
-    result: [],
-    resultCount: 0,
-    pagedResultsCookie: null,
-    totalPagedResultsPolicy: 'NONE',
-    totalPagedResults: -1,
-    remainingPagedResults: -1,
-  };
-  do {
-    // eslint-disable-next-line no-await-in-loop
-    result = await queryAllManagedObjectsByType(
-      getRealmManagedOrganization(),
-      ['name', 'parent/*/name', 'children/*/name'],
-      result.pagedResultsCookie
-    ).catch((queryAllManagedObjectsByTypeError) => {
-      printMessage(queryAllManagedObjectsByTypeError, 'error');
-      printMessage(
-        `Error querying ${getRealmManagedOrganization()} objects: ${queryAllManagedObjectsByTypeError}`,
-        'error'
-      );
-    });
-    orgs.concat(result.result);
-    printMessage('.', 'text', false);
-  } while (result.pagedResultsCookie);
-  return orgs;
-}