npm - @rockcarver/frodo-cli - Versions diffs - 3.0.2 → 3.0.3 - Mend

@rockcarver/frodo-cli 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -9,11 +9,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
+- Update to frodo-lib 3.0.3
+### Fixed
+- \#479: Fixes issues introduced by a recent PingOne Advanced Identity Cloud release (16747.0 on 27 Feb 2025) which prevented Frodo from correctly determining the deployment type of `cloud` and led to failures in the `frodo conn save` and `frodo conn add` commands when Frodo was attempting to create service accounts with scopes that are not available in an environment.
+## [3.0.2] - 2025-03-11
+### Changed
 - Update to frodo-lib 3.0.2
 ### Fixed
-- #479: Fixes issues introduced by a recent PingOne Advanced Identity Cloud release (16747.0 on 27 Feb 2025) which prevented Frodo from correctly determining the deployment type of `cloud` and led to failures in the `frodo conn save` and `frodo conn add` commands when Frodo was attempting to create service accounts with scopes that are not available in an environment.
+- \#479: Fixes issues introduced by a recent PingOne Advanced Identity Cloud release (16747.0 on 27 Feb 2025) which prevented Frodo from correctly determining the deployment type of `cloud` and led to failures in the `frodo conn save` and `frodo conn add` commands when Frodo was attempting to create service accounts with scopes that are not available in an environment.
 - Updated dependencies with vulnerabilities
 ## [3.0.1] - 2025-02-06
@@ -2024,7 +2034,8 @@ Frodo CLI 2.x automatically refreshes session and access tokens before they expi
 - Fixed problem with adding connection profiles
 - Miscellaneous bug fixes
-[unreleased]: https://github.com/rockcarver/frodo-cli/compare/v3.0.1...HEAD
+[unreleased]: https://github.com/rockcarver/frodo-cli/compare/v3.0.2...HEAD
+[3.0.2]: https://github.com/rockcarver/frodo-cli/compare/v3.0.1...v3.0.2
 [3.0.1]: https://github.com/rockcarver/frodo-cli/compare/v3.0.0...v3.0.1
 [3.0.0]: https://github.com/rockcarver/frodo-cli/compare/v2.1.0...v3.0.0
 [2.1.0]: https://github.com/rockcarver/frodo-cli/compare/v2.0.6-2...v2.1.0

package/dist/app.cjs CHANGED Viewed

@@ -85898,7 +85898,7 @@ function stringify(obj) {
 }
 var package_default = {
   name: "@rockcarver/frodo-lib",
-  version: "3.0.2",
+  version: "3.0.3",
   type: "commonjs",
   main: "./dist/index.js",
   module: "./dist/index.mjs",
@@ -117086,14 +117086,72 @@ async function getServerVersionInfo({ state: state2 }) {
   }).get(urlString, {});
   return data2;
 }
+var serviceAccountScopes = "%s/environment/scopes/service-accounts";
+var apiVersion12 = "protocol=1.0,resource=1.0";
+var getApiConfig13 = () => {
+  return {
+    apiVersion: apiVersion12
+  };
+};
+async function getServiceAccountScopes({
+  state: state2
+}) {
+  const urlString = _util2.default.format(
+    serviceAccountScopes,
+    getHostOnlyUrl(state2.getHost())
+  );
+  const { data: data2 } = await generateEnvApi({
+    resource: getApiConfig13(),
+    requestOverride: {
+      headers: {
+        Cookie: `${state2.getCookieName()}=${state2.getCookieValue()}`
+      }
+    },
+    state: state2
+  }).get(urlString, {
+    withCredentials: true
+  });
+  return data2;
+}
+var EnvServiceAccountScopesOps_default = (state2) => {
+  return {
+    async readServiceAccountScopes(flatten) {
+      return readServiceAccountScopes({ flatten, state: state2 });
+    }
+  };
+};
+function flattenScopes(scopes) {
+  const flattenedScopes = [];
+  for (const scope of scopes) {
+    flattenedScopes.push(scope.scope);
+    if (scope.childScopes) {
+      flattenedScopes.push(...flattenScopes(scope.childScopes));
+    }
+  }
+  return flattenedScopes;
+}
+async function readServiceAccountScopes({
+  flatten = false,
+  state: state2
+}) {
+  try {
+    const scopes = await getServiceAccountScopes({ state: state2 });
+    if (flatten) {
+      return flattenScopes(scopes);
+    }
+    return scopes;
+  } catch (error2) {
+    throw new FrodoError(`Error reading service account scopes`, error2);
+  }
+}
 var envInfoURLTemplate = "%s/feature?_queryFilter=true";
-var getApiConfig13 = () => ({});
+var getApiConfig14 = () => ({});
 async function getFeatures({ state: state2 }) {
   const urlString = _util2.default.format(
     envInfoURLTemplate,
     getHostOnlyUrl(state2.getHost())
   );
-  const { data: data2 } = await generateAmApi({ resource: getApiConfig13(), state: state2 }).get(
+  const { data: data2 } = await generateAmApi({ resource: getApiConfig14(), state: state2 }).get(
     urlString,
     {
       withCredentials: true
@@ -117375,64 +117433,6 @@ var DataProtection = class {
   }
 };
 var DataProtection_default = DataProtection;
-var serviceAccountScopes = "%s/environment/scopes/service-accounts";
-var apiVersion12 = "protocol=1.0,resource=1.0";
-var getApiConfig14 = () => {
-  return {
-    apiVersion: apiVersion12
-  };
-};
-async function getServiceAccountScopes({
-  state: state2
-}) {
-  const urlString = _util2.default.format(
-    serviceAccountScopes,
-    getHostOnlyUrl(state2.getHost())
-  );
-  const { data: data2 } = await generateEnvApi({
-    resource: getApiConfig14(),
-    requestOverride: {
-      headers: {
-        Cookie: `${state2.getCookieName()}=${state2.getCookieValue()}`
-      }
-    },
-    state: state2
-  }).get(urlString, {
-    withCredentials: true
-  });
-  return data2;
-}
-var EnvServiceAccountScopesOps_default = (state2) => {
-  return {
-    async readServiceAccountScopes(flatten) {
-      return readServiceAccountScopes({ flatten, state: state2 });
-    }
-  };
-};
-function flattenScopes(scopes) {
-  const flattenedScopes = [];
-  for (const scope of scopes) {
-    flattenedScopes.push(scope.scope);
-    if (scope.childScopes) {
-      flattenedScopes.push(...flattenScopes(scope.childScopes));
-    }
-  }
-  return flattenedScopes;
-}
-async function readServiceAccountScopes({
-  flatten = false,
-  state: state2
-}) {
-  try {
-    const scopes = await getServiceAccountScopes({ state: state2 });
-    if (flatten) {
-      return flattenScopes(scopes);
-    }
-    return scopes;
-  } catch (error2) {
-    throw new FrodoError(`Error reading service account scopes`, error2);
-  }
-}
 var ConnectionProfileOps_default = (state2) => {
   return {
     getConnectionProfilesPath() {
@@ -118571,6 +118571,20 @@ var AuthenticateOps_default = (state2) => {
 var adminClientPassword = "doesnotmatter";
 var redirectUrlTemplate = "/platform/appAuthHelperRedirect.html";
 var s3 = Constants_default.AVAILABLE_SCOPES;
+var CLOUD_ADMIN_MINIMAL_SCOPES = [
+  s3.AnalyticsFullScope,
+  s3.CertificateFullScope,
+  s3.ContentSecurityPolicyFullScope,
+  s3.CookieDomainsFullScope,
+  s3.CustomDomainFullScope,
+  s3.ESVFullScope,
+  s3.AdminFederationFullScope,
+  s3.IdmFullScope,
+  s3.OpenIdScope,
+  s3.PromotionScope,
+  s3.ReleaseFullScope,
+  s3.SSOCookieFullScope
+];
 var CLOUD_ADMIN_DEFAULT_SCOPES = [
   s3.AnalyticsFullScope,
   s3.AutoAccessFullScope,
@@ -118589,7 +118603,6 @@ var CLOUD_ADMIN_DEFAULT_SCOPES = [
   s3.ProxyConnectFullScope
 ];
 var FORGEOPS_ADMIN_DEFAULT_SCOPES = [s3.IdmFullScope, s3.OpenIdScope];
-var cloudAdminScopes = CLOUD_ADMIN_DEFAULT_SCOPES.join(" ");
 var forgeopsAdminScopes = FORGEOPS_ADMIN_DEFAULT_SCOPES.join(" ");
 var serviceAccountDefaultScopes = SERVICE_ACCOUNT_DEFAULT_SCOPES.join(" ");
 var fidcClientId = "idmAdminClient";
@@ -118914,9 +118927,57 @@ async function getUserSessionToken(otpCallback, state2) {
   });
   return token;
 }
+async function getAdminUserScopes({ state: state2 }) {
+  debugMessage({
+    message: `AuthenticateOps.getAdminUserScopes: start`,
+    state: state2
+  });
+  if (state2.getDeploymentType() === Constants_default.FORGEOPS_DEPLOYMENT_TYPE_KEY) {
+    debugMessage({
+      message: `AuthenticateOps.getAdminUserScopes: end with forgeops scopes ${forgeopsAdminScopes}`,
+      state: state2
+    });
+    return forgeopsAdminScopes;
+  } else if (state2.getDeploymentType() === Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY) {
+    try {
+      const availableScopes = await readServiceAccountScopes({
+        flatten: true,
+        state: state2
+      });
+      availableScopes.push(s3.OpenIdScope);
+      const cloudAdminScopes = CLOUD_ADMIN_DEFAULT_SCOPES.filter(
+        (scope) => availableScopes.includes(scope)
+      );
+      debugMessage({
+        message: `AuthenticateOps.getAdminUserScopes: end with cloud scopes ${cloudAdminScopes.join(" ")}`,
+        state: state2
+      });
+      return cloudAdminScopes.join(" ");
+    } catch (error2) {
+      debugMessage({
+        message: `AuthenticateOps.getAdminUserScopes: end with minimal cloud scopes ${CLOUD_ADMIN_MINIMAL_SCOPES.join(" ")}`,
+        state: state2
+      });
+      return CLOUD_ADMIN_MINIMAL_SCOPES.join(" ");
+    }
+  }
+  debugMessage({
+    message: `AuthenticateOps.getAdminUserScopes: end without scopes: Unsupported deployment type: ${state2.getDeploymentType()}, expected ${Constants_default.FORGEOPS_DEPLOYMENT_TYPE_KEY} or ${Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY}`,
+    state: state2
+  });
+  throw new FrodoError(
+    `Unsupported deployment type: ${state2.getDeploymentType()}, expected ${Constants_default.FORGEOPS_DEPLOYMENT_TYPE_KEY} or ${Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY}`
+  );
+}
 async function getAuthCode(redirectUri, codeChallenge, codeChallengeMethod, state2) {
+  debugMessage({
+    message: `AuthenticateOps.getAuthCode: start`,
+    state: state2
+  });
   try {
-    const bodyFormData = `redirect_uri=${redirectUri}&scope=${state2.getDeploymentType() === Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY ? cloudAdminScopes : forgeopsAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
+    const bodyFormData = `redirect_uri=${redirectUri}&scope=${await getAdminUserScopes(
+      { state: state2 }
+    )}&response_type=code&client_id=${adminClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
     const config = {
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -118940,10 +119001,22 @@ async function getAuthCode(redirectUri, codeChallenge, codeChallengeMethod, stat
     const redirectLocationURL = _optionalChain([response, 'access', _156 => _156.headers, 'optionalAccess', _157 => _157.location]);
     const queryObject = _url2.default.parse(redirectLocationURL, true).query;
     if ("code" in queryObject) {
+      debugMessage({
+        message: `AuthenticateOps.getAuthCode: end with code`,
+        state: state2
+      });
       return queryObject.code;
     }
+    debugMessage({
+      message: `AuthenticateOps.getAuthCode: end without code`,
+      state: state2
+    });
     throw new FrodoError(`Authz code not found`);
   } catch (error2) {
+    debugMessage({
+      message: `AuthenticateOps.getAuthCode: end without code`,
+      state: state2
+    });
     throw new FrodoError(`Error getting authz code`, error2);
   }
 }
@@ -160324,7 +160397,7 @@ var compareVersions = (v12, v2) => {
 // package.json
 var package_default2 = {
   name: "@rockcarver/frodo-cli",
-  version: "3.0.2",
+  version: "3.0.3",
   type: "module",
   description: "A command line interface to manage ForgeRock Identity Cloud tenants, ForgeOps deployments, and classic deployments.",
   keywords: [
@@ -160438,7 +160511,7 @@ var package_default2 = {
     ]
   },
   devDependencies: {
-    "@rockcarver/frodo-lib": "3.0.2",
+    "@rockcarver/frodo-lib": "3.0.3",
     "@types/colors": "^1.2.1",
     "@types/fs-extra": "^11.0.1",
     "@types/jest": "^29.2.3",