@rockcarver/frodo-cli 0.19.5-2 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +144 -37
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,111 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.20.0] - 2023-01-13
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
|
|
14
|
+
- Full support for Identity Cloud Service Accounts across all commands. Three options to leverage service accounts:
|
|
15
|
+
|
|
16
|
+
1. Connection profiles for daily CLI usage:
|
|
17
|
+
|
|
18
|
+
For daily admin and development tasks, using the new `frodo conn save` command (see details under next bullet) is the easiest way to get going with service accounts. To migrate an existing connection profile to service accounts and automatically create a service account for your tenant admin, simply issue the following command:
|
|
19
|
+
|
|
20
|
+
% frodo conn save service-accounts
|
|
21
|
+
Connected to https://openam-service-accounts.forgeblocks.com/am [alpha] as user volker.scheuber@forgerock.com
|
|
22
|
+
Created and added service account Frodo-SA-1673586189578 with id 99c04bba-7213-463b-9a27-ceafa8a95734 to profile.
|
|
23
|
+
Saved connection profile https://openam-service-accounts.forgeblocks.com/am
|
|
24
|
+
%
|
|
25
|
+
|
|
26
|
+
Then validate your connection profile is using the new service account:
|
|
27
|
+
|
|
28
|
+
% frodo info service-accounts
|
|
29
|
+
Connected to https://openam-service-accounts.forgeblocks.com/am [alpha] as service account Frodo-SA-1673586189578 [99c04bba-7213-463b-9a27-ceafa8a95734]
|
|
30
|
+
|
|
31
|
+
Host URL │https://openam-service-accounts.forgeblocks.com/am
|
|
32
|
+
AM Version │7.3.0-2022-10-SNAPSHOT Build 9a1793c301ef579705e59b66ce57587f553e915f (2022-December-13 10:05)
|
|
33
|
+
Subject (Type) │Frodo-SA-1673586189578 [99c04bba-7213-463b-9a27-ceafa8a95734] (Service Account)
|
|
34
|
+
Deployment Type│cloud
|
|
35
|
+
Cookie Name │e8b2bd07d5440d3
|
|
36
|
+
Immutable │false
|
|
37
|
+
Locked │false
|
|
38
|
+
Region │us-west1
|
|
39
|
+
Tier │other
|
|
40
|
+
|
|
41
|
+
Bearer token:
|
|
42
|
+
eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..JD1iu64iGZZoGNwEr-iF2w.af-0-UDDOdusAETjw9YE3YnjOPr6TrdQrBLcl1lxf5RpNThfRhD08xvu1WtJbUZgvjbWdajECEFJfnEinnrUdpe9l0tHU6gAxDrRmu9hAjt0AB3PFSk9BE5SlwvaGoW5vrF4oH0IYtuv4899hFF8KGNYUtou143xmSrsLH37862YiAeiRKtjaQsVUrdbDPAFnKgGRxJIiXp-UE0ZCQQGSqm-Gj0AqVvo-Piib9THrEbbJCzdc00RPaCU2Ra1DH9PDid7ix-zfuind5IgEXxA8XwBM7kSEkiDLUWZ8EaFhn6YXwIHjXetacgYvvDaUav2Fq5baIitnG_LIrCm32XzcDkVnph4mVklBwfbQbWE6BGXEVLK-QLdDupaQw-bic-yVs2d7PBk2y70gbChHCQOm6-MepkYznP4wKoRR1gkqCdl51QIp-tsFB5K2plrKXiwsfHlHKfFKmsbdQUmH7xJFZQRhAtR_pKm-vHPOrPfBh0VbAdLRSkSeOZUABFH56X3gwXIpG_zuH42bQQkM9AlkB-lZrLf4jN0zFq-2ZN-zDgRR9h6qiiD3p9BDmFfaorUDTfFSrfaKas7OIp5ooW8Kqpv28RRtRtvfex0vT_kRbWl5R08MPWZDKZbx4IMyuun-2pYJ-F2-dvfA4A-jRvWIvC6jTUTu-RZZ0Yw1F2lgwFOVbmpMmG2uGHp5GceWePsZ34FVtJuaTd5D-uq_FoAb3HQ7FGEgUMJN_q82hCCX3URv_ocbFMjYwctdUqV_Ed-__A_9lbHHr8D2Uw_Qo0mwku7qwNBTS0-OcrwDvBOJohzRbpbfim-Sq2UzV9SBzzXNK7sMft1pNfu2-saOwPfy6SE0u42-HDqxE9t4MkklSroPY0oDUxO58ET8LXnewGhC9Tt0XTk6WA2rNLcNirhFqdmtKgfrSMQ_t22_DQEDwXpXqtHGmDoltJe7x_6Ofh0W5l7_A71MoHeFpVa_AHpHybnaF4fvUbD284wOV8i22SqrUKuHoJ3o6_g5JlhvMCvb4OZQ-ltxSf98aPsB9nCSthYg5-GkiR_r5mK1w9gZkBTXfYs0qC8-zYEQb4WNiI9.2JGMj9iW6YD-RE_dGkL7_w
|
|
43
|
+
%
|
|
44
|
+
|
|
45
|
+
Once you have verified that your service account works, go ahead and enable MFA for your tenant admin account!
|
|
46
|
+
|
|
47
|
+
2. CLI parameters:
|
|
48
|
+
|
|
49
|
+
All commands support the following new options to use service accounts:
|
|
50
|
+
|
|
51
|
+
- `--sa-id <uuid>` Service account's uuid. If specified, must also include `--sa-jwk-file`.
|
|
52
|
+
- `--sa-jwk-file <file>` File containing the service account's java web key (jwk). Jwk must contain private key! If specified, must also include `--sa-id`.
|
|
53
|
+
|
|
54
|
+
This is a great way to leverage the nice UI to create and manage service accounts and then use one of the accounts with Frodo.
|
|
55
|
+
|
|
56
|
+
3. Environment variables for CI/CD
|
|
57
|
+
|
|
58
|
+
For CI/CD pipelines, environment variables are preferable over command line parameters, because they are not visible in system logs:
|
|
59
|
+
|
|
60
|
+
- `FRODO_SA_ID`: Service account's uuid. If set, must also set `FRODO_SA_JWK`.
|
|
61
|
+
- `FRODO_SA_JWK`: Service account's java web key (jwk) as single-line string. Jwk must contain private key! If set, must also set `FRODO_SA_ID`.
|
|
62
|
+
|
|
63
|
+
- \#143: Support Identity Cloud Service Accounts in `frodo conn save|add` command
|
|
64
|
+
|
|
65
|
+
1. The `frodo conn add` command is renamed to `frodo conn save` and `add` is added as an alias for backwards compatibility.
|
|
66
|
+
2. The `frodo conn save` command supports the following new options to manage service accounts:
|
|
67
|
+
1. `--sa-id <uuid>` Service account's uuid. If specified, must also include `--sa-jwk-file`. Ignored with `--no-sa`.
|
|
68
|
+
2. `--sa-jwk-file <file>` File containing the service account's java web key (jwk). Jwk must contain private key! If specified, must also include `--sa-id`. Ignored with `--no-sa`.
|
|
69
|
+
3. `--no-sa` Do not add service account.
|
|
70
|
+
3. The existing `--no-validate` option also applies to service account operations, allowing to add service account configuration to a connection profile without validating it, typical use case is an offline situation.
|
|
71
|
+
4. The `frodo conn save` command automatically creates a new service account and adds it to an existing ID Cloud profile without service account or to a new ID Cloud profile. It does not do that if the `--no-sa` option is supplied.
|
|
72
|
+
1. If `--sa-id` and `--sa-jwk-file` are supplied, `frodo conn save` adds the existing service account specified by those two parameters to the profile instead of creating a new service account.
|
|
73
|
+
2. The `frodo conn save` command checks if the ID Cloud tenant supports service accounts before performing any service account operations.
|
|
74
|
+
5. The `frodo conn save` command validates service account configuration unless the `--no-validate` options is supplied.
|
|
75
|
+
|
|
76
|
+
- Add support for additional environment variables:
|
|
77
|
+
|
|
78
|
+
- `FRODO_SA_ID`: Service account's uuid. If set, must also set `FRODO_SA_JWK`.
|
|
79
|
+
- `FRODO_SA_JWK`: Service account's java web key (jwk) as single-line string. Jwk must contain private key! If set, must also set `FRODO_SA_ID`.
|
|
80
|
+
- `FRODO_AUTHENTICATION_SERVICE=journey`: Specify a login journey for frodo to use.
|
|
81
|
+
- `FRODO_MOCK=1`: Enable mocking. If enabled, frodo-lib replays recorded API responses instead of connecting to a platform instance.
|
|
82
|
+
- `FRODO_POLLY_LOG_LEVEL=info`: Frodo mock engine log level (`trace`, `debug`, `info`, `warn`, `error`, `silent`). This is helpful for troubleshooting the mock capability, only.
|
|
83
|
+
|
|
84
|
+
Environment variables added in 0.19.0:
|
|
85
|
+
|
|
86
|
+
- `FRODO_HOST`
|
|
87
|
+
- `FRODO_REALM`
|
|
88
|
+
- `FRODO_USERNAME`
|
|
89
|
+
- `FRODO_PASSWORD`
|
|
90
|
+
- `FRODO_SA_ID`
|
|
91
|
+
- `FRODO_SA_JWK`
|
|
92
|
+
- `FRODO_LOG_KEY`
|
|
93
|
+
- `FRODO_LOG_SECRET`
|
|
94
|
+
- `FRODO_DEBUG`
|
|
95
|
+
|
|
96
|
+
- Enhanced the `frodo info` command to give more details for Identity Cloud tenants.
|
|
97
|
+
|
|
98
|
+
- Warn if IDM connector servers are offline
|
|
99
|
+
|
|
100
|
+
- Add mock mode for library to allow unit testing of clients using the library, like frodo-cli. This initial release contains minimal mock data. Enable mock mode using `FRODO_MOCK=1`.
|
|
101
|
+
|
|
102
|
+
- Updated list of contributors in package.json
|
|
103
|
+
|
|
104
|
+
- Add linux arm64 binary builds
|
|
105
|
+
|
|
106
|
+
### Changed
|
|
107
|
+
|
|
108
|
+
- Updated to frodo-lib 0.18.0
|
|
109
|
+
- More automated testing
|
|
110
|
+
|
|
111
|
+
### Fixed
|
|
112
|
+
|
|
113
|
+
- \#161: Frodo now properly adds connection profiles with log credentials
|
|
114
|
+
|
|
10
115
|
## [0.19.5-2] - 2023-01-13
|
|
11
116
|
|
|
12
117
|
## [0.19.5-1] - 2023-01-12
|
|
@@ -59,37 +164,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
59
164
|
2. The `frodo conn save` command checks if the ID Cloud tenant supports service accounts before performing any service account operations.
|
|
60
165
|
5. The `frodo conn save` command validates service account configuration unless the `--no-validate` options is supplied.
|
|
61
166
|
- \#101: Added new `frodo service` set of commands to manage AM realm services (`baseurl`, `DataStoreService`, `oauth-oidc`, `policyconfiguration`, `selfServiceTrees`, `SocialIdentityProviders`, `validation`, etc.) and global services (e.g. `CorsService`, `dashboard`, etc.).
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
167
|
+
frodo service
|
|
168
|
+
delete Delete AM services.
|
|
169
|
+
export Export AM services.
|
|
170
|
+
import Import AM services.
|
|
171
|
+
list List AM services.
|
|
67
172
|
- Added new `frodo idm import` command.
|
|
68
173
|
- \#98: Add support for Agents / Gateways
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
174
|
+
frodo agent Manage agents.
|
|
175
|
+
delete Delete agents of any type.
|
|
176
|
+
describe Describe agents of any type.
|
|
177
|
+
export Export agents of any type.
|
|
178
|
+
import Import agents of any type.
|
|
179
|
+
list List agents of any type.
|
|
180
|
+
gateway Manage gateway agents.
|
|
181
|
+
delete Delete gateway agents.
|
|
182
|
+
describe Describe gateway agents.
|
|
183
|
+
export Export gateway agents.
|
|
184
|
+
import Import gateway agents.
|
|
185
|
+
list List gateway agents.
|
|
186
|
+
java Manage java agents.
|
|
187
|
+
delete Delete java agents.
|
|
188
|
+
describe Describe java agents.
|
|
189
|
+
export Export java agents.
|
|
190
|
+
import Import java agents.
|
|
191
|
+
list List java agents.
|
|
192
|
+
web Manage web agents.
|
|
193
|
+
delete Delete web agents.
|
|
194
|
+
describe Describe web agents.
|
|
195
|
+
export Export web agents.
|
|
196
|
+
import Import web agents.
|
|
197
|
+
list List web agents.
|
|
93
198
|
- Added `--raw` option to `frodo saml import` and `frodo saml export` commands. The new option uses the classic (pre 7.0.0) SAML REST APIs. This allows Frodo to export and import SAML entity providers from pre 7 platform instances.
|
|
94
199
|
- New default options `--verbose`, `--debug`, and `--curlirize` for all commands
|
|
95
200
|
|
|
@@ -188,7 +293,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
188
293
|
|
|
189
294
|
### Fixed
|
|
190
295
|
|
|
191
|
-
- \#88: `frodo idm export` now properly regognizes
|
|
296
|
+
- \#88: `frodo idm export` now properly regognizes `-N`/`--name` option
|
|
192
297
|
|
|
193
298
|
## [0.16.2-1] - 2022-10-11
|
|
194
299
|
|
|
@@ -327,9 +432,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
327
432
|
|
|
328
433
|
- Frodo now allows two new parameters when adding a connection profile:
|
|
329
434
|
|
|
330
|
-
\--authentication-service [service]
|
|
435
|
+
\--authentication-service [service] Name of the authentication service/tree to use.
|
|
331
436
|
|
|
332
|
-
\--authentication-header-overrides [headers]
|
|
437
|
+
\--authentication-header-overrides [headers] Map of headers: {"host":"am.example.com:8081"}.
|
|
333
438
|
|
|
334
439
|
These parameters are currently only supported in the `frodo conn add` command and the configuration elements will be automatically applied to commands issued using that connection profile.
|
|
335
440
|
|
|
@@ -339,13 +444,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
339
444
|
Saving creds in /Users/vscheuber/.frodo/.frodorc...
|
|
340
445
|
Updating connection profile https://platform.example.com:9443/am
|
|
341
446
|
Advanced setting: Authentication Service: ldapService
|
|
342
|
-
Advanced setting: Authentication Header Overrides:
|
|
447
|
+
Advanced setting: Authentication Header Overrides:
|
|
343
448
|
{ host: 'am.example.com:8081' }
|
|
344
449
|
%
|
|
345
450
|
|
|
346
451
|
After the connection profile is created with the additional parameters, the environment can be accessed as usual. In this case it requires the `-k` parameter for every command, as the environment uses a self-signed certificate.
|
|
347
452
|
|
|
348
|
-
% frodo journey list platform alpha -k
|
|
453
|
+
% frodo journey list platform alpha -k
|
|
349
454
|
ForgeOps deployment detected.
|
|
350
455
|
Connected to ForgeRock Access Management 7.2.0 Build 64ef7ebc01ed3df1a1264d7b0400351bc101361f (2022-June-27 08:15)
|
|
351
456
|
Listing journeys in realm "alpha"...
|
|
@@ -622,9 +727,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
622
727
|
|
|
623
728
|
- Changed `idm` sub-commands to align with other commands:
|
|
624
729
|
- The sub-commands `export`, `exportAll`, and `exportAllRaw` have been collapsed into one: `export`
|
|
625
|
-
- `idm export -A` (`--all-separate`) is now the way to export all idm configuration.
|
|
730
|
+
- `idm export -A` (`--all-separate`) is now the way to export all idm configuration.
|
|
626
731
|
- Options `-e` and `-E` select old `exportAll` functionality with variable replacement and filtering
|
|
627
|
-
- Omitting options `-e` and `-E`,
|
|
732
|
+
- Omitting options `-e` and `-E`, selects the old `exportAllRaw` functionality without variable replacement and without filtering
|
|
628
733
|
- Renamed sample resource files for `idm export` command:
|
|
629
734
|
- `<frodo home>/resources/sampleEntitiesFile.json`
|
|
630
735
|
- `<frodo home>/resources/sampleEnvFile.env`
|
|
@@ -849,7 +954,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
849
954
|
- Fixed problem with adding connection profiles
|
|
850
955
|
- Miscellaneous bug fixes
|
|
851
956
|
|
|
852
|
-
[Unreleased]: https://github.com/rockcarver/frodo-cli/compare/v0.
|
|
957
|
+
[Unreleased]: https://github.com/rockcarver/frodo-cli/compare/v0.20.0...HEAD
|
|
958
|
+
|
|
959
|
+
[0.20.0]: https://github.com/rockcarver/frodo-cli/compare/v0.19.5-2...v0.20.0
|
|
853
960
|
|
|
854
961
|
[0.19.5-2]: https://github.com/rockcarver/frodo-cli/compare/v0.19.5-1...v0.19.5-2
|
|
855
962
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rockcarver/frodo-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.20.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "A command line interface to manage ForgeRock Identity Cloud tenants, ForgeOps deployments, and classic deployments.",
|
|
6
6
|
"keywords": [
|
|
@@ -104,7 +104,7 @@
|
|
|
104
104
|
]
|
|
105
105
|
},
|
|
106
106
|
"dependencies": {
|
|
107
|
-
"@rockcarver/frodo-lib": "0.
|
|
107
|
+
"@rockcarver/frodo-lib": "0.18.0",
|
|
108
108
|
"cli-progress": "^3.11.2",
|
|
109
109
|
"cli-table3": "^0.6.3",
|
|
110
110
|
"colors": "^1.4.0",
|