npm - @rockcarver/frodo-lib - Versions diffs - 0.18.0 → 0.18.1 - Mend

@rockcarver/frodo-lib 0.18.0 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/CHANGELOG.md +33 -4
package/cjs/api/ManagedObjectApi.js +15 -9
package/cjs/api/ManagedObjectApi.js.map +1 -1
package/cjs/ops/AuthenticateOps.js +5 -4
package/cjs/ops/AuthenticateOps.js.map +1 -1
package/cjs/ops/ConnectionProfileOps.js +47 -16
package/cjs/ops/ConnectionProfileOps.js.map +1 -1
package/cjs/ops/InfoOps.js +2 -2
package/cjs/ops/InfoOps.js.map +1 -1
package/cjs/ops/ManagedObjectOps.js +2 -2
package/cjs/ops/ManagedObjectOps.js.map +1 -1
package/cjs/ops/cloud/ServiceAccountOps.js +11 -0
package/cjs/ops/cloud/ServiceAccountOps.js.map +1 -1
package/cjs/utils/SetupPollyForFrodoLib.js +63 -20
package/cjs/utils/SetupPollyForFrodoLib.js.map +1 -1
package/esm/api/ManagedObjectApi.mjs +10 -5
package/esm/ops/AuthenticateOps.mjs +5 -4
package/esm/ops/ConnectionProfileOps.mjs +48 -17
package/esm/ops/InfoOps.mjs +2 -2
package/esm/ops/ManagedObjectOps.mjs +2 -2
package/esm/ops/cloud/ServiceAccountOps.mjs +5 -1
package/esm/utils/SetupPollyForFrodoLib.mjs +64 -19
package/mocks/github_584874290/recording.har +12 -12
package/mocks/info_263456517/am_1076162899/recording.har +596 -0
package/mocks/{environment_1072573434 → info_263456517/environment_1072573434}/recording.har +10 -10
package/mocks/info_263456517/oauth2_393036114/recording.har +424 -0
package/mocks/{am_1076162899 → journey_3464291987/list_217798785/am_1076162899}/recording.har +18667 -18667
package/mocks/{oauth2_393036114 → journey_3464291987/list_217798785/oauth2_393036114}/recording.har +37 -37
package/mocks/npmjs_1455397529/recording.har +15 -15
package/package.json +1 -1
package/types/api/ManagedObjectApi.d.ts +5 -3
package/types/api/ManagedObjectApi.d.ts.map +1 -1
package/types/ops/AuthenticateOps.d.ts.map +1 -1
package/types/ops/ConnectionProfileOps.d.ts.map +1 -1
package/types/ops/InfoOps.d.ts.map +1 -1
package/types/ops/ManagedObjectOps.d.ts.map +1 -1
package/types/ops/cloud/ServiceAccountOps.d.ts +3 -1
package/types/ops/cloud/ServiceAccountOps.d.ts.map +1 -1
package/types/utils/SetupPollyForFrodoLib.d.ts.map +1 -1
package/mocks/openidm_3290118515/recording.har +0 -150

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rockcarver/frodo-lib",
-  "version": "0.18.0",
+  "version": "0.18.1",
   "type": "commonjs",
   "main": "./cjs/index.js",
   "module": "./esm/index.mjs",

package/types/api/ManagedObjectApi.d.ts CHANGED Viewed

@@ -1,10 +1,12 @@
 import { ObjectSkeletonInterface } from './ApiTypes';
 /**
  * Get managed object
- * @param {String} id managed object id
- * @returns {Promise} a promise that resolves to an object containing a managed object
+ * @param {string} type managed object type, e.g. alpha_user or user
+ * @param {string} id managed object id
+ * @param {string[]} id array of fields to include
+ * @returns {Promise<ObjectSkeletonInterface>} a promise that resolves to an ObjectSkeletonInterface
  */
-export declare function getManagedObject(type: any, id: any, fields: any): Promise<import("axios").AxiosResponse<any, any>>;
+export declare function getManagedObject(type: string, id: string, fields?: string[]): Promise<ObjectSkeletonInterface>;
 /**
  * Create managed object with server-generated id
  * @param {string} moType managed object type

package/types/api/ManagedObjectApi.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/api/ManagedObjectApi.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAOrD~~;;;;GAIG~~;AACH,wBAAsB,gBAAgB,~~CAAC~~,IAAI,~~KAAA~~,EAAE,EAAE,~~KAAA~~,~~EAAE~~,MAAM,~~KAAA~~,~~oDAUtD~~;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,EACd,MAAM,KAAA,GACL,OAAO,CAAC,uBAAuB,CAAC,CAQlC;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,EAAE,IAAI,KAAA,oDAQpD;AAED;;;;;;GAMG;AACH,wBAAsB,4BAA4B,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,KAAA,oDAY1E","file":"ManagedObjectApi.d.ts","sourcesContent":["import util from 'util';\nimport { generateIdmApi } from './BaseApi';\nimport { getTenantURL } from './utils/ApiUtils';\nimport * as state from '../shared/State';\nimport { ObjectSkeletonInterface } from './ApiTypes';\n\nconst managedObjectURLTemplate = '%s/openidm/managed/%s';\nconst createManagedObjectURLTemplate = '%s/openidm/managed/%s?_action=create';\nconst managedObjectByIdURLTemplate = '%s/openidm/managed/%s/%s';\nconst managedObjectQueryAllURLTemplate = `${managedObjectURLTemplate}?_queryFilter=true&_pageSize=10000`;\n\n/*\n Get managed object\n * @param {~~String~~} id managed object id\n * @returns {Promise} a promise that resolves to an ~~object containing a managed object~~\n /\nexport async function getManagedObject(type, id, fields) {\n const fieldsParam ~~=\n fields.length~~ ~~> 0 ?~~ `_fields=${fields.join(',')}~~` : '_fields=';\~~n const urlString = util.format(\n `${managedObjectByIdURLTemplate}?${fieldsParam}`,\n getTenantURL(state.getHost()),\n type,\n id\n );\n ~~return~~ generateIdmApi().get(urlString);\n}\n\n/*\n Create managed object with server-generated id\n * @param {string} moType managed object type\n * @param {any} moData managed object data\n * @returns {Promise<ObjectSkeletonInterface>} a promise that resolves to an object containing a managed object\n /\nexport async function createManagedObject(\n moType: string,\n moData\n): Promise<ObjectSkeletonInterface> {\n const urlString = util.format(\n createManagedObjectURLTemplate,\n getTenantURL(state.getHost()),\n moType\n );\n const { data } = await generateIdmApi().post(urlString, moData);\n return data;\n}\n\n/\n Create or update managed object\n * @param {String} id managed object id\n * @param {String} data managed object\n * @returns {Promise} a promise that resolves to an object containing a managed object\n /\nexport async function putManagedObject(type, id, data) {\n const urlString = util.format(\n managedObjectByIdURLTemplate,\n getTenantURL(state.getHost()),\n type,\n id\n );\n return generateIdmApi().put(urlString, data);\n}\n\n/\n Query managed objects\n * @param {String} type managed object type\n * @param {String} fields fields to retrieve\n * @param {String} pageCookie paged results cookie\n * @returns {Promise} a promise that resolves to an object containing managed objects of the desired type\n */\nexport async function queryAllManagedObjectsByType(type, fields, pageCookie) {\n const fieldsParam =\n fields.length > 0 ? `&_fields=${fields.join(',')}` : '&_fields=_id';\n const urlTemplate = pageCookie\n ? `${managedObjectQueryAllURLTemplate}${fieldsParam}&_pagedResultsCookie=${pageCookie}`\n : `${managedObjectQueryAllURLTemplate}${fieldsParam}`;\n const urlString = util.format(\n urlTemplate,\n getTenantURL(state.getHost()),\n type\n );\n return generateIdmApi().get(urlString);\n}\n"]}
1	+ {"version":3,"sources":["../src/api/ManagedObjectApi.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAOrD;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,EAAE,EAAE,MAAM,EACV,MAAM,GAAE,MAAM,EAAU,GACvB,OAAO,CAAC,uBAAuB,CAAC,CAUlC;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,EACd,MAAM,KAAA,GACL,OAAO,CAAC,uBAAuB,CAAC,CAQlC;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,EAAE,IAAI,KAAA,oDAQpD;AAED;;;;;;GAMG;AACH,wBAAsB,4BAA4B,CAAC,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,UAAU,KAAA,oDAY1E","file":"ManagedObjectApi.d.ts","sourcesContent":["import util from 'util';\nimport { generateIdmApi } from './BaseApi';\nimport { getTenantURL } from './utils/ApiUtils';\nimport * as state from '../shared/State';\nimport { ObjectSkeletonInterface } from './ApiTypes';\n\nconst managedObjectURLTemplate = '%s/openidm/managed/%s';\nconst createManagedObjectURLTemplate = '%s/openidm/managed/%s?_action=create';\nconst managedObjectByIdURLTemplate = '%s/openidm/managed/%s/%s';\nconst managedObjectQueryAllURLTemplate = `${managedObjectURLTemplate}?_queryFilter=true&_pageSize=10000`;\n\n/*\n Get managed object\n * @param {string} type managed object type, e.g. alpha_user or user\n * @param {string} id managed object id\n * @param {string[]} id array of fields to include\n * @returns {Promise<ObjectSkeletonInterface>} a promise that resolves to an ObjectSkeletonInterface\n /\nexport async function getManagedObject(\n type: string,\n id: string,\n fields: string[] = ['']\n): Promise<ObjectSkeletonInterface> {\n const fieldsParam = `_fields=${fields.join(',')}`;\n const urlString = util.format(\n `${managedObjectByIdURLTemplate}?${fieldsParam}`,\n getTenantURL(state.getHost()),\n type,\n id\n );\n const { data } = await generateIdmApi().get(urlString);\n return data as ObjectSkeletonInterface;\n}\n\n/*\n Create managed object with server-generated id\n * @param {string} moType managed object type\n * @param {any} moData managed object data\n * @returns {Promise<ObjectSkeletonInterface>} a promise that resolves to an object containing a managed object\n /\nexport async function createManagedObject(\n moType: string,\n moData\n): Promise<ObjectSkeletonInterface> {\n const urlString = util.format(\n createManagedObjectURLTemplate,\n getTenantURL(state.getHost()),\n moType\n );\n const { data } = await generateIdmApi().post(urlString, moData);\n return data;\n}\n\n/\n Create or update managed object\n * @param {String} id managed object id\n * @param {String} data managed object\n * @returns {Promise} a promise that resolves to an object containing a managed object\n /\nexport async function putManagedObject(type, id, data) {\n const urlString = util.format(\n managedObjectByIdURLTemplate,\n getTenantURL(state.getHost()),\n type,\n id\n );\n return generateIdmApi().put(urlString, data);\n}\n\n/\n Query managed objects\n * @param {String} type managed object type\n * @param {String} fields fields to retrieve\n * @param {String} pageCookie paged results cookie\n * @returns {Promise} a promise that resolves to an object containing managed objects of the desired type\n */\nexport async function queryAllManagedObjectsByType(type, fields, pageCookie) {\n const fieldsParam =\n fields.length > 0 ? `&_fields=${fields.join(',')}` : '&_fields=_id';\n const urlTemplate = pageCookie\n ? `${managedObjectQueryAllURLTemplate}${fieldsParam}&_pagedResultsCookie=${pageCookie}`\n : `${managedObjectQueryAllURLTemplate}${fieldsParam}`;\n const urlString = util.format(\n urlTemplate,\n getTenantURL(state.getHost()),\n type\n );\n return generateIdmApi().get(urlString);\n}\n"]}

package/types/ops/AuthenticateOps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,MAAM,EAAwB,MAAM,WAAW,CAAC;AAqTzD;;;;;GAKG;AACH,wBAAsB,+BAA+B,CACnD,gBAAgB,EAAE,MAAM,EACxB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAqCD;;;;GAIG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAgHlD","file":"AuthenticateOps.d.ts","sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getManagedObject } from '../api/ManagedObjectApi';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst idmAdminScopes = 'fr:idm:* fr:idc:esv:';\nconst serviceAccountScopes = 'fr:am: fr:idm:* fr:idc:esv:';\n\nlet adminClientId = 'idmAdminClient';\n\n/\n Helper function to get cookie name\n * @returns {String} cookie name\n /\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/\n Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n /\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/\n Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n /\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() \|\|\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/\n Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n /\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/\n Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n /\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d]))/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/*\n Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n /\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/\n Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n /\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 \|\| response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/\n Helper function to obtain oauth2 access token\n * @returns {Promise<string \| null>} access token or null\n /\nasync function getAccessTokenForUser(): Promise<string \| null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/\n Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string \| null} Access token or null\n /\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string \| null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (\n await getManagedObject('svcacct', state.getServiceAccountId(), ['name'])\n ).data.name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/\n Get tokens\n * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (state.getServiceAccountId() && state.getServiceAccountJwk()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description \|\|\n saErr.response?.data?.message\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY \|\|\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() \|\|\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack \|\| new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"]}
1	+ {"version":3,"sources":["../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,MAAM,EAAwB,MAAM,WAAW,CAAC;AAqTzD;;;;;GAKG;AACH,wBAAsB,+BAA+B,CACnD,gBAAgB,EAAE,MAAM,EACxB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAmCD;;;;GAIG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAiHlD","file":"AuthenticateOps.d.ts","sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst idmAdminScopes = 'fr:idm:* fr:idc:esv:';\nconst serviceAccountScopes = 'fr:am: fr:idm:* fr:idc:esv:';\n\nlet adminClientId = 'idmAdminClient';\n\n/\n Helper function to get cookie name\n * @returns {String} cookie name\n /\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/\n Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n /\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/\n Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n /\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() \|\|\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/\n Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n /\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/\n Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n /\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d]))/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/*\n Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n /\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/\n Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n /\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 \|\| response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/\n Helper function to obtain oauth2 access token\n * @returns {Promise<string \| null>} access token or null\n /\nasync function getAccessTokenForUser(): Promise<string \| null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/\n Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string \| null} Access token or null\n /\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string \| null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/\n Get tokens\n * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (state.getServiceAccountId() && state.getServiceAccountJwk()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n debugMessage(saErr.response?.data);\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description \|\|\n saErr.response?.data?.message\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY \|\|\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() \|\|\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack \|\| new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"]}

package/types/ops/ConnectionProfileOps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/ops/ConnectionProfileOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAA6C,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAU1D,MAAM,WAAW,gCAAgC;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,6BAA6B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,6BAA6B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,wBAAwB;IACvC,CAAC,GAAG,EAAE,MAAM,GAAG,gCAAgC,CAAC;CACjD;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAMlD;AAuBD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,UAAQ,QA2BlD;AAeD;;;;;GAKG;AACH,wBAAsB,sBAAsB,kBAiD3C;AAED;;;;GAIG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,0BAA0B,CAAC,CAgDrC;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,0BAA0B,CAAC,CAEhF;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA4F1E;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,KAAA,QAiC3C;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,OAAO,iBAgDrB;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,uBAAuB,CAAC,CAqB7E","file":"ConnectionProfileOps.d.ts","sourcesContent":["import fs from 'fs';\nimport os from 'os';\nimport path from 'path';\nimport * as state from '../shared/State';\nimport DataProtection from './utils/DataProtection';\nimport {\n createObjectTable,\n createTable,\n debugMessage,\n printMessage,\n verboseMessage,\n} from './utils/Console';\nimport { FRODO_CONNECTION_PROFILES_PATH_KEY } from '../storage/StaticStorage';\nimport { createJwkRsa, createJwks, getJwkRsaPublic, JwkRsa } from './JoseOps';\nimport { createServiceAccount } from './cloud/ServiceAccountOps';\nimport { ObjectSkeletonInterface } from '../api/ApiTypes';\nimport { saveJsonToFile } from './utils/ExportImportUtils';\nimport { isValidUrl } from './utils/OpsUtils';\n\nconst crypto = new DataProtection();\n\nconst fileOptions = {\n indentation: 4,\n};\n\nexport interface SecureConnectionProfileInterface {\n tenant: string;\n username?: string \| null;\n encodedPassword?: string \| null;\n logApiKey?: string \| null;\n encodedLogApiSecret?: string \| null;\n authenticationService?: string \| null;\n authenticationHeaderOverrides?: Record<string, string>;\n svcacctId?: string \| null;\n encodedSvcacctJwk?: string \| null;\n svcacctName?: string \| null;\n}\n\nexport interface ConnectionProfileInterface {\n tenant: string;\n username?: string \| null;\n password?: string \| null;\n logApiKey?: string \| null;\n logApiSecret?: string \| null;\n authenticationService?: string \| null;\n authenticationHeaderOverrides?: Record<string, string>;\n svcacctId?: string \| null;\n svcacctJwk?: JwkRsa;\n svcacctName?: string \| null;\n}\n\nexport interface ConnectionsFileInterface {\n [key: string]: SecureConnectionProfileInterface;\n}\n\nconst legacyProfileFilename = '.frodorc';\nconst newProfileFilename = 'Connections.json';\n\n/*\n Get connection profiles file name\n * @returns {String} connection profiles file name\n /\nexport function getConnectionProfilesPath(): string {\n return (\n state.getConnectionProfilesPath() \|\|\n process.env[FRODO_CONNECTION_PROFILES_PATH_KEY] \|\|\n `${os.homedir()}/.frodo/${newProfileFilename}`\n );\n}\n\n/\n Find connection profiles\n * @param {ConnectionsFileInterface} connectionProfiles connection profile object\n * @param {string} host host url or unique substring\n * @returns {SecureConnectionProfileInterface[]} Array of connection profiles\n /\nfunction findConnectionProfiles(\n connectionProfiles: ConnectionsFileInterface,\n host: string\n): SecureConnectionProfileInterface[] {\n const profiles: SecureConnectionProfileInterface[] = [];\n for (const tenant in connectionProfiles) {\n if (tenant.includes(host)) {\n const foundProfile = { ...connectionProfiles[tenant] };\n foundProfile.tenant = tenant;\n profiles.push(foundProfile);\n }\n }\n return profiles;\n}\n\n/\n List connection profiles\n * @param {boolean} long Long list format with details\n /\nexport function listConnectionProfiles(long = false) {\n const filename = getConnectionProfilesPath();\n try {\n const data = fs.readFileSync(filename, 'utf8');\n const connectionsData = JSON.parse(data);\n if (long) {\n const table = createTable(['Host', 'Username', 'Log API Key']);\n Object.keys(connectionsData).forEach((c) => {\n table.push([\n c,\n connectionsData[c].username,\n connectionsData[c].logApiKey,\n ]);\n });\n printMessage(table.toString(), 'data');\n } else {\n Object.keys(connectionsData).forEach((c) => {\n printMessage(`${c}`, 'data');\n });\n }\n printMessage(\n 'Any unique substring of a saved host can be used as the value for host parameter in all commands',\n 'info'\n );\n } catch (e) {\n printMessage(`No connections found in ${filename} (${e.message})`, 'error');\n }\n}\n\n/\n Migrate from .frodorc to Connections.json\n /\nfunction migrateFromLegacyProfile() {\n const legacyPath = `${os.homedir()}/.frodo/${legacyProfileFilename}`;\n if (fs.existsSync(legacyPath)) {\n fs.copyFileSync(legacyPath, `${os.homedir()}/.frodo/${newProfileFilename}`);\n // for now, just add a \"deprecated\" suffix. May delete the old file\n // in a future release\n fs.renameSync(legacyPath, `${legacyPath}.deprecated`);\n }\n}\n\n/\n Initialize connection profiles\n \n This method is called from app.ts and runs before any of the message handlers are registered.\n * Therefore none of the Console message functions will produce any output.\n /\nexport async function initConnectionProfiles() {\n // create connections.json file if it doesn't exist\n const filename = getConnectionProfilesPath();\n const folderName = path.dirname(filename);\n if (!fs.existsSync(folderName)) {\n fs.mkdirSync(folderName, { recursive: true });\n if (!fs.existsSync(filename)) {\n fs.writeFileSync(\n filename,\n JSON.stringify({}, null, fileOptions.indentation)\n );\n }\n }\n // encrypt the password and logApiSecret from clear text to aes-256-GCM\n else {\n migrateFromLegacyProfile();\n const data = fs.readFileSync(filename, 'utf8');\n const connectionsData: ConnectionsFileInterface = JSON.parse(data);\n let convert = false;\n for (const conn of Object.keys(connectionsData)) {\n if (connectionsData[conn]['password']) {\n convert = true;\n connectionsData[conn].encodedPassword = await crypto.encrypt(\n connectionsData[conn]['password']\n );\n delete connectionsData[conn]['password'];\n }\n if (connectionsData[conn]['logApiSecret']) {\n convert = true;\n connectionsData[conn].encodedLogApiSecret = await crypto.encrypt(\n connectionsData[conn]['logApiSecret']\n );\n delete connectionsData[conn]['logApiSecret'];\n }\n if (connectionsData[conn]['svcacctJwk']) {\n convert = true;\n connectionsData[conn].encodedSvcacctJwk = await crypto.encrypt(\n connectionsData[conn]['svcacctJwk']\n );\n delete connectionsData[conn]['svcacctJwk'];\n }\n }\n if (convert) {\n fs.writeFileSync(\n filename,\n JSON.stringify(connectionsData, null, fileOptions.indentation)\n );\n }\n }\n}\n\n/\n Get connection profile by host\n * @param {String} host host tenant host url or unique substring\n * @returns {Object} connection profile or null\n /\nexport async function getConnectionProfileByHost(\n host: string\n): Promise<ConnectionProfileInterface> {\n try {\n const filename = getConnectionProfilesPath();\n const connectionsData = JSON.parse(fs.readFileSync(filename, 'utf8'));\n const profiles = findConnectionProfiles(connectionsData, host);\n if (profiles.length == 0) {\n printMessage(\n `Profile for ${host} not found. Please specify credentials on command line`,\n 'error'\n );\n return null;\n }\n if (profiles.length > 1) {\n printMessage(`Multiple matching profiles found.`, 'error');\n profiles.forEach((p) => {\n printMessage(`- ${p.tenant}`, 'error');\n });\n printMessage(`Please specify a unique sub-string`, 'error');\n return null;\n }\n return {\n tenant: profiles[0].tenant,\n username: profiles[0].username ? profiles[0].username : null,\n password: profiles[0].encodedPassword\n ? await crypto.decrypt(profiles[0].encodedPassword)\n : null,\n logApiKey: profiles[0].logApiKey ? profiles[0].logApiKey : null,\n logApiSecret: profiles[0].encodedLogApiSecret\n ? await crypto.decrypt(profiles[0].encodedLogApiSecret)\n : null,\n authenticationService: profiles[0].authenticationService\n ? profiles[0].authenticationService\n : null,\n authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides\n ? profiles[0].authenticationHeaderOverrides\n : {},\n svcacctId: profiles[0].svcacctId ? profiles[0].svcacctId : null,\n svcacctJwk: profiles[0].encodedSvcacctJwk\n ? await crypto.decrypt(profiles[0].encodedSvcacctJwk)\n : null,\n };\n } catch (e) {\n printMessage(\n `Can not read saved connection info, please specify credentials on command line: ${e}`,\n 'error'\n );\n return null;\n }\n}\n\n/\n Get connection profile\n * @returns {Object} connection profile or null\n /\nexport async function getConnectionProfile(): Promise<ConnectionProfileInterface> {\n return getConnectionProfileByHost(state.getHost());\n}\n\n/\n Save connection profile\n * @param {string} host host url for new profiles or unique substring for existing profiles\n * @returns {Promise<boolean>} true if the operation succeeded, false otherwise\n /\nexport async function saveConnectionProfile(host: string): Promise<boolean> {\n const filename = getConnectionProfilesPath();\n verboseMessage(`Saving connection profile in ${filename}`);\n let profiles: ConnectionsFileInterface = {};\n let profile: SecureConnectionProfileInterface = { tenant: '' };\n try {\n fs.statSync(filename);\n const data = fs.readFileSync(filename, 'utf8');\n profiles = JSON.parse(data);\n\n // find tenant\n const found = findConnectionProfiles(profiles, host);\n\n // replace tenant in session with real tenant url if necessary\n if (found.length === 1) {\n profile = found[0];\n state.setHost(profile.tenant);\n verboseMessage(`Existing profile: ${profile.tenant}`);\n }\n\n // connection profile not found, validate host is a real URL\n if (found.length === 0) {\n if (isValidUrl(host)) {\n state.setHost(host);\n verboseMessage(`New profile: ${host}`);\n } else {\n printMessage(\n `No existing profile found matching '${host}'. Provide a valid URL as the host argument to create a new profile.`,\n 'error'\n );\n return false;\n }\n }\n } catch (error) {\n verboseMessage(`New profiles file ${filename} with new profile ${host}`);\n }\n\n // user account\n if (state.getUsername()) profile.username = state.getUsername();\n if (state.getPassword())\n profile.encodedPassword = await crypto.encrypt(state.getPassword());\n\n // log API\n if (state.getLogApiKey()) profile.logApiKey = state.getLogApiKey();\n if (state.getLogApiSecret())\n profile.encodedLogApiSecret = await crypto.encrypt(state.getLogApiSecret());\n\n // service account\n if (state.getServiceAccountId())\n profile.svcacctId = state.getServiceAccountId();\n if (state.getServiceAccountJwk())\n profile.encodedSvcacctJwk = await crypto.encrypt(\n state.getServiceAccountJwk()\n );\n\n // advanced settings\n if (state.getAuthenticationService()) {\n profile.authenticationService = state.getAuthenticationService();\n printMessage(\n 'Advanced setting: Authentication Service: ' +\n state.getAuthenticationService(),\n 'info'\n );\n }\n if (\n state.getAuthenticationHeaderOverrides() &&\n Object.entries(state.getAuthenticationHeaderOverrides()).length\n ) {\n profile.authenticationHeaderOverrides =\n state.getAuthenticationHeaderOverrides();\n printMessage('Advanced setting: Authentication Header Overrides: ', 'info');\n printMessage(state.getAuthenticationHeaderOverrides(), 'info');\n }\n\n // remove the helper key 'tenant'\n delete profile.tenant;\n\n // update profiles\n profiles[state.getHost()] = profile;\n\n // sort profiles\n const orderedProfiles = Object.keys(profiles)\n .sort()\n .reduce((obj, key) => {\n obj[key] = profiles[key];\n return obj;\n }, {});\n\n // save profiles\n saveJsonToFile(orderedProfiles, filename, false);\n verboseMessage(`Saved connection profile ${state.getHost()} in ${filename}`);\n return true;\n}\n\n/\n Delete connection profile\n * @param {String} host host tenant host url or unique substring\n /\nexport function deleteConnectionProfile(host) {\n const filename = getConnectionProfilesPath();\n let connectionsData: ConnectionsFileInterface = {};\n fs.stat(filename, (err) => {\n if (err == null) {\n const data = fs.readFileSync(filename, 'utf8');\n connectionsData = JSON.parse(data);\n const profiles = findConnectionProfiles(connectionsData, host);\n if (profiles.length == 1) {\n delete connectionsData[profiles[0].tenant];\n fs.writeFileSync(filename, JSON.stringify(connectionsData, null, 2));\n printMessage(`Deleted connection profile ${profiles[0].tenant}`);\n } else {\n if (profiles.length > 1) {\n printMessage(`Multiple matching profiles found.`, 'error');\n profiles.forEach((p) => {\n printMessage(`- ${p.tenant}`, 'error');\n });\n printMessage(`Please specify a unique sub-string`, 'error');\n return null;\n } else {\n printMessage(`No connection profile ${host} found`);\n }\n }\n } else if (err.code === 'ENOENT') {\n printMessage(`Connection profile file ${filename} not found`);\n } else {\n printMessage(\n `Error in deleting connection profile: ${err.code}`,\n 'error'\n );\n }\n });\n}\n\n/\n Describe connection profile\n * @param {string} host Host URL or unique substring\n * @param {boolean} showSecrets Whether secrets should be shown in clear text or not\n /\nexport async function describeConnectionProfile(\n host: string,\n showSecrets: boolean\n) {\n const profile = await getConnectionProfileByHost(host);\n if (profile) {\n const present = '[present]';\n const jwk = profile.svcacctJwk;\n if (!showSecrets) {\n if (profile.password) profile.password = present;\n if (profile.logApiSecret) profile.logApiSecret = present;\n if (profile.svcacctJwk) (profile as unknown)['svcacctJwk'] = present;\n }\n if (!profile.username) {\n delete profile.username;\n delete profile.password;\n }\n if (!profile.logApiKey) {\n delete profile.logApiKey;\n delete profile.logApiSecret;\n }\n if (!profile.svcacctId) {\n delete profile.svcacctId;\n delete profile.svcacctJwk;\n }\n if (showSecrets && jwk) {\n (profile as unknown)['svcacctJwk'] = 'see below';\n }\n if (!profile.authenticationService) {\n delete profile.authenticationService;\n }\n const keyMap = {\n tenant: 'Host',\n username: 'Username',\n password: 'Password',\n logApiKey: 'Log API Key',\n logApiSecret: 'Log API Secret',\n authenticationService: 'Authentication Service',\n authenticationHeaderOverrides: 'Authentication Header Overrides',\n svcacctId: 'Service Account Id',\n svcacctJwk: 'Service Account JWK',\n };\n const table = createObjectTable(profile, keyMap);\n printMessage(table.toString(), 'data');\n if (showSecrets && jwk) {\n printMessage(jwk, 'data');\n }\n } else {\n printMessage(`No connection profile ${host} found`);\n }\n}\n\n/\n Create a new service account using auto-generated parameters\n * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object\n /\nexport async function addNewServiceAccount(): Promise<ObjectSkeletonInterface> {\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: start`);\n const name = `Frodo-SA-${new Date().getTime()}`;\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: name=${name}...`);\n const description = `${state.getUsername()}'s Frodo Service Account`;\n const scope = ['fr:am:', 'fr:idm:', 'fr:idc:esv:'];\n const jwkPrivate = await createJwkRsa();\n const jwkPublic = await getJwkRsaPublic(jwkPrivate);\n const jwks = createJwks(jwkPublic);\n const sa = await createServiceAccount(\n name,\n description,\n 'Active',\n scope,\n jwks\n );\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: id=${sa._id}`);\n state.setServiceAccountId(sa._id);\n state.setServiceAccountJwk(jwkPrivate);\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: end`);\n return sa;\n}\n"]}
1	+ {"version":3,"sources":["../src/ops/ConnectionProfileOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAA6C,MAAM,EAAE,MAAM,WAAW,CAAC;AAK9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAU1D,MAAM,WAAW,gCAAgC;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,6BAA6B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,6BAA6B,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,wBAAwB;IACvC,CAAC,GAAG,EAAE,MAAM,GAAG,gCAAgC,CAAC;CACjD;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAMlD;AAuBD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,UAAQ,QAsClD;AAyBD;;;;;GAKG;AACH,wBAAsB,sBAAsB,kBAiD3C;AAED;;;;GAIG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,0BAA0B,CAAC,CAiDrC;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,0BAA0B,CAAC,CAEhF;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA2G1E;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,KAAA,QAiC3C;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,OAAO,iBAqDrB;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,uBAAuB,CAAC,CAqB7E","file":"ConnectionProfileOps.d.ts","sourcesContent":["import fs from 'fs';\nimport os from 'os';\nimport path from 'path';\nimport * as state from '../shared/State';\nimport DataProtection from './utils/DataProtection';\nimport {\n createObjectTable,\n createTable,\n debugMessage,\n printMessage,\n verboseMessage,\n} from './utils/Console';\nimport { FRODO_CONNECTION_PROFILES_PATH_KEY } from '../storage/StaticStorage';\nimport { createJwkRsa, createJwks, getJwkRsaPublic, JwkRsa } from './JoseOps';\nimport {\n createServiceAccount,\n getServiceAccount,\n} from './cloud/ServiceAccountOps';\nimport { ObjectSkeletonInterface } from '../api/ApiTypes';\nimport { saveJsonToFile } from './utils/ExportImportUtils';\nimport { isValidUrl } from './utils/OpsUtils';\n\nconst crypto = new DataProtection();\n\nconst fileOptions = {\n indentation: 4,\n};\n\nexport interface SecureConnectionProfileInterface {\n tenant: string;\n username?: string \| null;\n encodedPassword?: string \| null;\n logApiKey?: string \| null;\n encodedLogApiSecret?: string \| null;\n authenticationService?: string \| null;\n authenticationHeaderOverrides?: Record<string, string>;\n svcacctId?: string \| null;\n encodedSvcacctJwk?: string \| null;\n svcacctName?: string \| null;\n}\n\nexport interface ConnectionProfileInterface {\n tenant: string;\n username?: string \| null;\n password?: string \| null;\n logApiKey?: string \| null;\n logApiSecret?: string \| null;\n authenticationService?: string \| null;\n authenticationHeaderOverrides?: Record<string, string>;\n svcacctId?: string \| null;\n svcacctJwk?: JwkRsa;\n svcacctName?: string \| null;\n}\n\nexport interface ConnectionsFileInterface {\n [key: string]: SecureConnectionProfileInterface;\n}\n\nconst legacyProfileFilename = '.frodorc';\nconst newProfileFilename = 'Connections.json';\n\n/*\n Get connection profiles file name\n * @returns {String} connection profiles file name\n /\nexport function getConnectionProfilesPath(): string {\n return (\n state.getConnectionProfilesPath() \|\|\n process.env[FRODO_CONNECTION_PROFILES_PATH_KEY] \|\|\n `${os.homedir()}/.frodo/${newProfileFilename}`\n );\n}\n\n/\n Find connection profiles\n * @param {ConnectionsFileInterface} connectionProfiles connection profile object\n * @param {string} host host url or unique substring\n * @returns {SecureConnectionProfileInterface[]} Array of connection profiles\n /\nfunction findConnectionProfiles(\n connectionProfiles: ConnectionsFileInterface,\n host: string\n): SecureConnectionProfileInterface[] {\n const profiles: SecureConnectionProfileInterface[] = [];\n for (const tenant in connectionProfiles) {\n if (tenant.includes(host)) {\n const foundProfile = { ...connectionProfiles[tenant] };\n foundProfile.tenant = tenant;\n profiles.push(foundProfile);\n }\n }\n return profiles;\n}\n\n/\n List connection profiles\n * @param {boolean} long Long list format with details\n /\nexport function listConnectionProfiles(long = false) {\n const filename = getConnectionProfilesPath();\n try {\n const data = fs.readFileSync(filename, 'utf8');\n const connectionsData = JSON.parse(data);\n if (Object.keys(connectionsData).length < 1) {\n printMessage(`No connections defined yet in ${filename}`, 'info');\n } else {\n if (long) {\n const table = createTable([\n 'Host',\n 'Service Account',\n 'Username',\n 'Log API Key',\n ]);\n Object.keys(connectionsData).forEach((c) => {\n table.push([\n c,\n connectionsData[c].svcacctName \|\| connectionsData[c].svcacctId,\n connectionsData[c].username,\n connectionsData[c].logApiKey,\n ]);\n });\n printMessage(table.toString(), 'data');\n } else {\n Object.keys(connectionsData).forEach((c) => {\n printMessage(`${c}`, 'data');\n });\n // getUniqueNames(5, Object.keys(connectionsData));\n }\n printMessage(\n 'Any unique substring of a saved host can be used as the value for host parameter in all commands',\n 'info'\n );\n }\n } catch (e) {\n printMessage(`No connections found in ${filename} (${e.message})`, 'error');\n }\n}\n\n/\n Migrate from .frodorc to Connections.json\n /\nfunction migrateFromLegacyProfile() {\n const legacyPath = `${os.homedir()}/.frodo/${legacyProfileFilename}`;\n const newPath = `${os.homedir()}/.frodo/${newProfileFilename}`;\n if (!fs.existsSync(legacyPath) && !fs.existsSync(newPath)) {\n // no connections file (old or new), create empty new one\n fs.writeFileSync(\n newPath,\n JSON.stringify({}, null, fileOptions.indentation)\n );\n } else if (fs.existsSync(legacyPath) && !fs.existsSync(newPath)) {\n // old exists, new one does not - so copy old to new one\n fs.copyFileSync(legacyPath, newPath);\n // for now, just add a \"deprecated\" suffix. May delete the old file\n // in a future release\n fs.renameSync(legacyPath, `${legacyPath}.deprecated`);\n }\n // in other cases, where\n // (both old and new exist) OR (only new one exists) don't do anything\n}\n\n/\n Initialize connection profiles\n \n This method is called from app.ts and runs before any of the message handlers are registered.\n * Therefore none of the Console message functions will produce any output.\n /\nexport async function initConnectionProfiles() {\n // create connections.json file if it doesn't exist\n const filename = getConnectionProfilesPath();\n const folderName = path.dirname(filename);\n if (!fs.existsSync(folderName)) {\n fs.mkdirSync(folderName, { recursive: true });\n if (!fs.existsSync(filename)) {\n fs.writeFileSync(\n filename,\n JSON.stringify({}, null, fileOptions.indentation)\n );\n }\n }\n // encrypt the password and logApiSecret from clear text to aes-256-GCM\n else {\n migrateFromLegacyProfile();\n const data = fs.readFileSync(filename, 'utf8');\n const connectionsData: ConnectionsFileInterface = JSON.parse(data);\n let convert = false;\n for (const conn of Object.keys(connectionsData)) {\n if (connectionsData[conn]['password']) {\n convert = true;\n connectionsData[conn].encodedPassword = await crypto.encrypt(\n connectionsData[conn]['password']\n );\n delete connectionsData[conn]['password'];\n }\n if (connectionsData[conn]['logApiSecret']) {\n convert = true;\n connectionsData[conn].encodedLogApiSecret = await crypto.encrypt(\n connectionsData[conn]['logApiSecret']\n );\n delete connectionsData[conn]['logApiSecret'];\n }\n if (connectionsData[conn]['svcacctJwk']) {\n convert = true;\n connectionsData[conn].encodedSvcacctJwk = await crypto.encrypt(\n connectionsData[conn]['svcacctJwk']\n );\n delete connectionsData[conn]['svcacctJwk'];\n }\n }\n if (convert) {\n fs.writeFileSync(\n filename,\n JSON.stringify(connectionsData, null, fileOptions.indentation)\n );\n }\n }\n}\n\n/\n Get connection profile by host\n * @param {String} host host tenant host url or unique substring\n * @returns {Object} connection profile or null\n /\nexport async function getConnectionProfileByHost(\n host: string\n): Promise<ConnectionProfileInterface> {\n try {\n const filename = getConnectionProfilesPath();\n const connectionsData = JSON.parse(fs.readFileSync(filename, 'utf8'));\n const profiles = findConnectionProfiles(connectionsData, host);\n if (profiles.length == 0) {\n printMessage(\n `Profile for ${host} not found. Please specify credentials on command line`,\n 'error'\n );\n return null;\n }\n if (profiles.length > 1) {\n printMessage(`Multiple matching profiles found.`, 'error');\n profiles.forEach((p) => {\n printMessage(`- ${p.tenant}`, 'error');\n });\n printMessage(`Please specify a unique sub-string`, 'error');\n return null;\n }\n return {\n tenant: profiles[0].tenant,\n username: profiles[0].username ? profiles[0].username : null,\n password: profiles[0].encodedPassword\n ? await crypto.decrypt(profiles[0].encodedPassword)\n : null,\n logApiKey: profiles[0].logApiKey ? profiles[0].logApiKey : null,\n logApiSecret: profiles[0].encodedLogApiSecret\n ? await crypto.decrypt(profiles[0].encodedLogApiSecret)\n : null,\n authenticationService: profiles[0].authenticationService\n ? profiles[0].authenticationService\n : null,\n authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides\n ? profiles[0].authenticationHeaderOverrides\n : {},\n svcacctName: profiles[0].svcacctName ? profiles[0].svcacctName : null,\n svcacctId: profiles[0].svcacctId ? profiles[0].svcacctId : null,\n svcacctJwk: profiles[0].encodedSvcacctJwk\n ? await crypto.decrypt(profiles[0].encodedSvcacctJwk)\n : null,\n };\n } catch (e) {\n printMessage(\n `Can not read saved connection info, please specify credentials on command line: ${e}`,\n 'error'\n );\n return null;\n }\n}\n\n/\n Get connection profile\n * @returns {Object} connection profile or null\n /\nexport async function getConnectionProfile(): Promise<ConnectionProfileInterface> {\n return getConnectionProfileByHost(state.getHost());\n}\n\n/\n Save connection profile\n * @param {string} host host url for new profiles or unique substring for existing profiles\n * @returns {Promise<boolean>} true if the operation succeeded, false otherwise\n /\nexport async function saveConnectionProfile(host: string): Promise<boolean> {\n debugMessage(`ConnectionProfileOps.saveConnectionProfile: start`);\n const filename = getConnectionProfilesPath();\n debugMessage(`Saving connection profile in ${filename}`);\n let profiles: ConnectionsFileInterface = {};\n let profile: SecureConnectionProfileInterface = { tenant: '' };\n try {\n fs.statSync(filename);\n const data = fs.readFileSync(filename, 'utf8');\n profiles = JSON.parse(data);\n\n // find tenant\n const found = findConnectionProfiles(profiles, host);\n\n // replace tenant in session with real tenant url if necessary\n if (found.length === 1) {\n profile = found[0];\n state.setHost(profile.tenant);\n verboseMessage(`Existing profile: ${profile.tenant}`);\n debugMessage(profile);\n }\n\n // connection profile not found, validate host is a real URL\n if (found.length === 0) {\n if (isValidUrl(host)) {\n state.setHost(host);\n debugMessage(`New profile: ${host}`);\n } else {\n printMessage(\n `No existing profile found matching '${host}'. Provide a valid URL as the host argument to create a new profile.`,\n 'error'\n );\n debugMessage(`ConnectionProfileOps.saveConnectionProfile: end [false]`);\n return false;\n }\n }\n } catch (error) {\n debugMessage(`New profiles file ${filename} with new profile ${host}`);\n }\n\n // user account\n if (state.getUsername()) profile.username = state.getUsername();\n if (state.getPassword())\n profile.encodedPassword = await crypto.encrypt(state.getPassword());\n\n // log API\n if (state.getLogApiKey()) profile.logApiKey = state.getLogApiKey();\n if (state.getLogApiSecret())\n profile.encodedLogApiSecret = await crypto.encrypt(state.getLogApiSecret());\n\n // service account\n if (state.getServiceAccountId()) {\n profile.svcacctId = state.getServiceAccountId();\n profile.svcacctName = (\n await getServiceAccount(state.getServiceAccountId())\n ).name;\n }\n if (state.getServiceAccountJwk())\n profile.encodedSvcacctJwk = await crypto.encrypt(\n state.getServiceAccountJwk()\n );\n // update existing service account profile\n if (profile.svcacctId && !profile.svcacctName) {\n profile.svcacctName = (await getServiceAccount(profile.svcacctId)).name;\n debugMessage(\n `ConnectionProfileOps.saveConnectionProfile: added missing service account name`\n );\n }\n\n // advanced settings\n if (state.getAuthenticationService()) {\n profile.authenticationService = state.getAuthenticationService();\n printMessage(\n 'Advanced setting: Authentication Service: ' +\n state.getAuthenticationService(),\n 'info'\n );\n }\n if (\n state.getAuthenticationHeaderOverrides() &&\n Object.entries(state.getAuthenticationHeaderOverrides()).length\n ) {\n profile.authenticationHeaderOverrides =\n state.getAuthenticationHeaderOverrides();\n printMessage('Advanced setting: Authentication Header Overrides: ', 'info');\n printMessage(state.getAuthenticationHeaderOverrides(), 'info');\n }\n\n // remove the helper key 'tenant'\n delete profile.tenant;\n\n // update profiles\n profiles[state.getHost()] = profile;\n\n // sort profiles\n const orderedProfiles = Object.keys(profiles)\n .sort()\n .reduce((obj, key) => {\n obj[key] = profiles[key];\n return obj;\n }, {});\n\n // save profiles\n saveJsonToFile(orderedProfiles, filename, false);\n verboseMessage(`Saved connection profile ${state.getHost()} in ${filename}`);\n debugMessage(`ConnectionProfileOps.saveConnectionProfile: end [true]`);\n return true;\n}\n\n/\n Delete connection profile\n * @param {String} host host tenant host url or unique substring\n /\nexport function deleteConnectionProfile(host) {\n const filename = getConnectionProfilesPath();\n let connectionsData: ConnectionsFileInterface = {};\n fs.stat(filename, (err) => {\n if (err == null) {\n const data = fs.readFileSync(filename, 'utf8');\n connectionsData = JSON.parse(data);\n const profiles = findConnectionProfiles(connectionsData, host);\n if (profiles.length == 1) {\n delete connectionsData[profiles[0].tenant];\n fs.writeFileSync(filename, JSON.stringify(connectionsData, null, 2));\n printMessage(`Deleted connection profile ${profiles[0].tenant}`);\n } else {\n if (profiles.length > 1) {\n printMessage(`Multiple matching profiles found.`, 'error');\n profiles.forEach((p) => {\n printMessage(`- ${p.tenant}`, 'error');\n });\n printMessage(`Please specify a unique sub-string`, 'error');\n return null;\n } else {\n printMessage(`No connection profile ${host} found`);\n }\n }\n } else if (err.code === 'ENOENT') {\n printMessage(`Connection profile file ${filename} not found`);\n } else {\n printMessage(\n `Error in deleting connection profile: ${err.code}`,\n 'error'\n );\n }\n });\n}\n\n/\n Describe connection profile\n * @param {string} host Host URL or unique substring\n * @param {boolean} showSecrets Whether secrets should be shown in clear text or not\n /\nexport async function describeConnectionProfile(\n host: string,\n showSecrets: boolean\n) {\n debugMessage(`ConnectionProfileOps.describeConnectionProfile: start`);\n const profile = await getConnectionProfileByHost(host);\n if (profile) {\n debugMessage(profile);\n const present = '[present]';\n const jwk = profile.svcacctJwk;\n if (!showSecrets) {\n if (profile.password) profile.password = present;\n if (profile.logApiSecret) profile.logApiSecret = present;\n if (profile.svcacctJwk) (profile as unknown)['svcacctJwk'] = present;\n }\n if (!profile.username) {\n delete profile.username;\n delete profile.password;\n }\n if (!profile.logApiKey) {\n delete profile.logApiKey;\n delete profile.logApiSecret;\n }\n if (!profile.svcacctId) {\n delete profile.svcacctId;\n delete profile.svcacctJwk;\n delete profile.svcacctName;\n }\n if (showSecrets && jwk) {\n (profile as unknown)['svcacctJwk'] = 'see below';\n }\n if (!profile.authenticationService) {\n delete profile.authenticationService;\n }\n const keyMap = {\n tenant: 'Host',\n username: 'Username',\n password: 'Password',\n logApiKey: 'Log API Key',\n logApiSecret: 'Log API Secret',\n authenticationService: 'Authentication Service',\n authenticationHeaderOverrides: 'Authentication Header Overrides',\n svcacctName: 'Service Account Name',\n svcacctId: 'Service Account Id',\n svcacctJwk: 'Service Account JWK',\n };\n const table = createObjectTable(profile, keyMap);\n printMessage(table.toString(), 'data');\n if (showSecrets && jwk) {\n printMessage(jwk, 'data');\n }\n } else {\n printMessage(`No connection profile ${host} found`);\n }\n debugMessage(`ConnectionProfileOps.describeConnectionProfile: end`);\n}\n\n/\n Create a new service account using auto-generated parameters\n * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object\n /\nexport async function addNewServiceAccount(): Promise<ObjectSkeletonInterface> {\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: start`);\n const name = `Frodo-SA-${new Date().getTime()}`;\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: name=${name}...`);\n const description = `${state.getUsername()}'s Frodo Service Account`;\n const scope = ['fr:am:', 'fr:idm:', 'fr:idc:esv:'];\n const jwkPrivate = await createJwkRsa();\n const jwkPublic = await getJwkRsaPublic(jwkPrivate);\n const jwks = createJwks(jwkPublic);\n const sa = await createServiceAccount(\n name,\n description,\n 'Active',\n scope,\n jwks\n );\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: id=${sa._id}`);\n state.setServiceAccountId(sa._id);\n state.setServiceAccountJwk(jwkPrivate);\n debugMessage(`ConnectionProfileOps.addNewServiceAccount: end`);\n return sa;\n}\n"]}

package/types/ops/InfoOps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/ops/InfoOps.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAM3D,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,EAAE,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,MAAM,YAAY,GAAG,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;~~AAoC7E~~;;;GAGG;AACH,wBAAsB,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC,CAerD","file":"InfoOps.d.ts","sourcesContent":["import { getEnvInfo } from '../api/cloud/EnvInfoApi';\nimport * as state from '../shared/State';\nimport { EnvInfoInterface } from '../api/cloud/EnvInfoApi';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { getServerVersionInfo } from '../api/ServerInfoApi';\nimport { ~~getManagedObject~~ } from '~~../api~~/~~ManagedObjectApi~~';\nimport { ~~printMessage~~ } from './~~utils~~/~~Console~~';\n\nexport interface PlatformInfoInterface {\n host: string;\n authenticatedSubject: string;\n amVersion: string;\n cookieName: string;\n sessionToken: string;\n bearerToken?: string;\n deploymentType: string;\n}\n\nexport type PlatformInfo = PlatformInfoInterface & Partial<EnvInfoInterface>;\n\nasync function getCloudInfo(): Promise<Partial<EnvInfoInterface>> {\n let info: Partial<EnvInfoInterface> = {};\n try {\n info = await getEnvInfo();\n delete info.message_box_html;\n delete info.message_box_title;\n delete info.message_variant;\n delete info.warning_message_html;\n if (!info.placeholder_management_migration_date)\n delete info.placeholder_management_migration_date;\n } catch (error) {\n printMessage(error.response?.data, 'error');\n printMessage(`Error getting env info: ${error.message}`, 'error');\n }\n return info;\n}\n\nasync function getAmVersion(): Promise<string> {\n const versionObj = await getServerVersionInfo();\n const amVersion = `${versionObj['version']} Build ${versionObj['revision']} (${versionObj['date']})`;\n return amVersion;\n}\n\nasync function getAuthenticatedSubject(): Promise<string> {\n let subjectString = `${state.getUsername()} (User)`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (\n await ~~getManagedObject~~(~~'svcacct',~~ state.getServiceAccountId()~~, ['name']~~)\n ).~~data.~~name;\n subjectString = `${name} [${state.getServiceAccountId()}] (Service Account)`;\n }\n return subjectString;\n}\n\n/*\n Get info about the platform instance\n * @returns {Promise<PlatformInfo>} a promise that resolves to a json blob with information about the instance and tokens\n */\nexport async function getInfo(): Promise<PlatformInfo> {\n const info: PlatformInfo = {\n host: state.getHost(),\n amVersion: await getAmVersion(),\n authenticatedSubject: await getAuthenticatedSubject(),\n deploymentType: state.getDeploymentType(),\n cookieName: state.getCookieName(),\n sessionToken: state.getCookieValue(),\n // only add bearerToken if we have it\n ...(state.getBearerToken() && { bearerToken: state.getBearerToken() }),\n // only add cloud env info if deployment type is cloud\n ...(state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY &&\n (await getCloudInfo())),\n };\n return info;\n}\n"]}
1	+ {"version":3,"sources":["../src/ops/InfoOps.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAM3D,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,EAAE,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,MAAM,YAAY,GAAG,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAkC7E;;;GAGG;AACH,wBAAsB,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC,CAerD","file":"InfoOps.d.ts","sourcesContent":["import { getEnvInfo } from '../api/cloud/EnvInfoApi';\nimport * as state from '../shared/State';\nimport { EnvInfoInterface } from '../api/cloud/EnvInfoApi';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { getServerVersionInfo } from '../api/ServerInfoApi';\nimport { printMessage } from './utils/Console';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nexport interface PlatformInfoInterface {\n host: string;\n authenticatedSubject: string;\n amVersion: string;\n cookieName: string;\n sessionToken: string;\n bearerToken?: string;\n deploymentType: string;\n}\n\nexport type PlatformInfo = PlatformInfoInterface & Partial<EnvInfoInterface>;\n\nasync function getCloudInfo(): Promise<Partial<EnvInfoInterface>> {\n let info: Partial<EnvInfoInterface> = {};\n try {\n info = await getEnvInfo();\n delete info.message_box_html;\n delete info.message_box_title;\n delete info.message_variant;\n delete info.warning_message_html;\n if (!info.placeholder_management_migration_date)\n delete info.placeholder_management_migration_date;\n } catch (error) {\n printMessage(error.response?.data, 'error');\n printMessage(`Error getting env info: ${error.message}`, 'error');\n }\n return info;\n}\n\nasync function getAmVersion(): Promise<string> {\n const versionObj = await getServerVersionInfo();\n const amVersion = `${versionObj['version']} Build ${versionObj['revision']} (${versionObj['date']})`;\n return amVersion;\n}\n\nasync function getAuthenticatedSubject(): Promise<string> {\n let subjectString = `${state.getUsername()} (User)`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `${name} [${state.getServiceAccountId()}] (Service Account)`;\n }\n return subjectString;\n}\n\n/*\n Get info about the platform instance\n * @returns {Promise<PlatformInfo>} a promise that resolves to a json blob with information about the instance and tokens\n */\nexport async function getInfo(): Promise<PlatformInfo> {\n const info: PlatformInfo = {\n host: state.getHost(),\n amVersion: await getAmVersion(),\n authenticatedSubject: await getAuthenticatedSubject(),\n deploymentType: state.getDeploymentType(),\n cookieName: state.getCookieName(),\n sessionToken: state.getCookieValue(),\n // only add bearerToken if we have it\n ...(state.getBearerToken() && { bearerToken: state.getBearerToken() }),\n // only add cloud env info if deployment type is cloud\n ...(state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY &&\n (await getCloudInfo())),\n };\n return info;\n}\n"]}

package/types/ops/ManagedObjectOps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/ops/ManagedObjectOps.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,gBAO7C;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,~~gBAU7C~~","file":"ManagedObjectOps.d.ts","sourcesContent":["import { getManagedObject } from '../api/ManagedObjectApi';\n\n/*\n Resolve a managed object's uuid to a human readable username\n * @param {String} type managed object type, e.g. teammember or alpha_user\n * @param {String} id managed object _id\n * @returns {String} resolved username or uuid if any error occurs during reslution\n /\nexport async function resolveUserName(type, id) {\n try {\n return (await getManagedObject(type, id, ['userName'])).~~data.~~userName;\n } catch (error) {\n // eslint-disable-next-line no-empty\n }\n return id;\n}\n\n/\n Resolve a managed object's uuid to a human readable full name\n * @param {String} type managed object type, e.g. teammember or alpha_user\n * @param {String} id managed object _id\n * @returns {String} resolved full name or uuid if any error occurs during reslution\n */\nexport async function resolveFullName(type, id) {\n try {\n const managedObject = ~~(\n~~ await getManagedObject(type, id, ['givenName', 'sn'])~~\n ).data~~;\n return `${managedObject.givenName} ${managedObject.sn}`;\n } catch (error) {\n // eslint-disable-next-line no-empty\n }\n return id;\n}\n"]}
1	+ {"version":3,"sources":["../src/ops/ManagedObjectOps.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,gBAO7C;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,IAAI,KAAA,EAAE,EAAE,KAAA,gBAQ7C","file":"ManagedObjectOps.d.ts","sourcesContent":["import { getManagedObject } from '../api/ManagedObjectApi';\n\n/*\n Resolve a managed object's uuid to a human readable username\n * @param {String} type managed object type, e.g. teammember or alpha_user\n * @param {String} id managed object _id\n * @returns {String} resolved username or uuid if any error occurs during reslution\n /\nexport async function resolveUserName(type, id) {\n try {\n return (await getManagedObject(type, id, ['userName'])).userName;\n } catch (error) {\n // eslint-disable-next-line no-empty\n }\n return id;\n}\n\n/\n Resolve a managed object's uuid to a human readable full name\n * @param {String} type managed object type, e.g. teammember or alpha_user\n * @param {String} id managed object _id\n * @returns {String} resolved full name or uuid if any error occurs during reslution\n */\nexport async function resolveFullName(type, id) {\n try {\n const managedObject = await getManagedObject(type, id, ['givenName', 'sn']);\n return `${managedObject.givenName} ${managedObject.sn}`;\n } catch (error) {\n // eslint-disable-next-line no-empty\n }\n return id;\n}\n"]}

package/types/ops/cloud/ServiceAccountOps.d.ts CHANGED Viewed

@@ -1,12 +1,13 @@
 import { JwksInterface } from '../JoseOps';
 import { ObjectSkeletonInterface } from '../../api/ApiTypes';
-export interface ServiceAccountInterface {
+export interface ServiceAccountPayloadInterface {
     name: string;
     description: string;
     accountStatus: 'Active' | 'Inactive';
     scopes: string[];
     jwks: string;
 }
+export type ServiceAccount = ObjectSkeletonInterface & ServiceAccountPayloadInterface;
 /**
  * Check if service accounts are available
  * @returns {Promise<boolean>} true if service accounts are available, false otherwise
@@ -22,3 +23,4 @@ export declare function isServiceAccountsFeatureAvailable(): Promise<boolean>;
  * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object
  */
 export declare function createServiceAccount(name: string, description: string, accountStatus: 'Active' | 'Inactive', scopes: string[], jwks: JwksInterface): Promise<ObjectSkeletonInterface>;
+export declare function getServiceAccount(serviceAccountId: string): Promise<ServiceAccount>;

package/types/ops/cloud/ServiceAccountOps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/ops/cloud/ServiceAccountOps.ts"],"names":[],"mappings":"~~AACA~~,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAM7D,MAAM,WAAW,~~uBAAuB~~;~~IACtC~~,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,QAAQ,GAAG,UAAU,CAAC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;~~AAOD~~;;;GAGG;AACH,wBAAsB,iCAAiC,IAAI,OAAO,CAAC,OAAO,CAAC,CAU1E;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,QAAQ,GAAG,UAAU,EACpC,MAAM,EAAE,MAAM,EAAE,EAChB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,uBAAuB,CAAC,CAclC","file":"ServiceAccountOps.d.ts","sourcesContent":["import { createManagedObject } from '../../api/ManagedObjectApi';\nimport { JwksInterface } from '../JoseOps';\nimport { ObjectSkeletonInterface } from '../../api/ApiTypes';\nimport { debugMessage } from '../utils/Console';\nimport { hasFeature } from './FeatureOps';\n\nconst moType = 'svcacct';\n\nexport interface ~~ServiceAccountInterface~~ {\n name: string;\n description: string;\n accountStatus: 'Active' \| 'Inactive';\n scopes: string[];\n jwks: string;\n}\n\n/*\n Global flag indicating if service accounts are available\n /\nlet _featureAvailable: boolean = undefined;\n\n/\n Check if service accounts are available\n * @returns {Promise<boolean>} true if service accounts are available, false otherwise\n /\nexport async function isServiceAccountsFeatureAvailable(): Promise<boolean> {\n debugMessage(`ServiceAccountOps.isServiceAccountsFeatureAvailable: start`);\n // only perform check once\n if (typeof _featureAvailable !== 'undefined') return _featureAvailable;\n\n _featureAvailable = await hasFeature('service-accounts');\n debugMessage(\n `ServiceAccountOps.isServiceAccountsFeatureAvailable: end, available=${_featureAvailable}`\n );\n return _featureAvailable;\n}\n\n/\n Create service account\n * @param {string} name Human-readable name of service account\n * @param {string} description Description of service account\n * @param {'Active' \| 'Inactive'} accountStatus Service account status\n * @param {string[]} scopes Scopes.\n * @param {JwksInterface} jwks Java Web Key Set\n * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object\n */\nexport async function createServiceAccount(\n name: string,\n description: string,\n accountStatus: 'Active' \| 'Inactive',\n scopes: string[],\n jwks: JwksInterface\n): Promise<ObjectSkeletonInterface> {\n debugMessage(`ServiceAccountOps.createServiceAccount: start`);\n const payload: ~~ServiceAccountInterface~~ = {\n name,\n description,\n accountStatus,\n scopes,\n jwks: JSON.stringify(jwks),\n };\n debugMessage(`ServiceAccountOps: createServiceAccount: payload:`);\n debugMessage(payload);\n const result = await createManagedObject(moType, payload);\n debugMessage(`ServiceAccountOps.createServiceAccount: end`);\n return result;\n}\n"]}
1	+ {"version":3,"sources":["../src/ops/cloud/ServiceAccountOps.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAM7D,MAAM,WAAW,8BAA8B;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,QAAQ,GAAG,UAAU,CAAC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,cAAc,GAAG,uBAAuB,GAClD,8BAA8B,CAAC;AAOjC;;;GAGG;AACH,wBAAsB,iCAAiC,IAAI,OAAO,CAAC,OAAO,CAAC,CAU1E;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,QAAQ,GAAG,UAAU,EACpC,MAAM,EAAE,MAAM,EAAE,EAChB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,uBAAuB,CAAC,CAclC;AAED,wBAAsB,iBAAiB,CAAC,gBAAgB,EAAE,MAAM,2BAG/D","file":"ServiceAccountOps.d.ts","sourcesContent":["import {\n createManagedObject,\n getManagedObject,\n} from '../../api/ManagedObjectApi';\nimport { JwksInterface } from '../JoseOps';\nimport { ObjectSkeletonInterface } from '../../api/ApiTypes';\nimport { debugMessage } from '../utils/Console';\nimport { hasFeature } from './FeatureOps';\n\nconst moType = 'svcacct';\n\nexport interface ServiceAccountPayloadInterface {\n name: string;\n description: string;\n accountStatus: 'Active' \| 'Inactive';\n scopes: string[];\n jwks: string;\n}\n\nexport type ServiceAccount = ObjectSkeletonInterface &\n ServiceAccountPayloadInterface;\n\n/*\n Global flag indicating if service accounts are available\n /\nlet _featureAvailable: boolean = undefined;\n\n/\n Check if service accounts are available\n * @returns {Promise<boolean>} true if service accounts are available, false otherwise\n /\nexport async function isServiceAccountsFeatureAvailable(): Promise<boolean> {\n debugMessage(`ServiceAccountOps.isServiceAccountsFeatureAvailable: start`);\n // only perform check once\n if (typeof _featureAvailable !== 'undefined') return _featureAvailable;\n\n _featureAvailable = await hasFeature('service-accounts');\n debugMessage(\n `ServiceAccountOps.isServiceAccountsFeatureAvailable: end, available=${_featureAvailable}`\n );\n return _featureAvailable;\n}\n\n/\n Create service account\n * @param {string} name Human-readable name of service account\n * @param {string} description Description of service account\n * @param {'Active' \| 'Inactive'} accountStatus Service account status\n * @param {string[]} scopes Scopes.\n * @param {JwksInterface} jwks Java Web Key Set\n * @returns {Promise<ObjectSkeletonInterface>} A promise resolving to a service account object\n */\nexport async function createServiceAccount(\n name: string,\n description: string,\n accountStatus: 'Active' \| 'Inactive',\n scopes: string[],\n jwks: JwksInterface\n): Promise<ObjectSkeletonInterface> {\n debugMessage(`ServiceAccountOps.createServiceAccount: start`);\n const payload: ServiceAccountPayloadInterface = {\n name,\n description,\n accountStatus,\n scopes,\n jwks: JSON.stringify(jwks),\n };\n debugMessage(`ServiceAccountOps: createServiceAccount: payload:`);\n debugMessage(payload);\n const result = await createManagedObject(moType, payload);\n debugMessage(`ServiceAccountOps.createServiceAccount: end`);\n return result;\n}\n\nexport async function getServiceAccount(serviceAccountId: string) {\n const serviceAccount = await getManagedObject(moType, serviceAccountId);\n return serviceAccount as ServiceAccount;\n}\n"]}

package/types/utils/SetupPollyForFrodoLib.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/utils/SetupPollyForFrodoLib.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;~~AAiFtC~~,wBAAgB,qBAAqB,CACnC,eAAe,MAA2B,GACzC,KAAK,~~CAsDP~~","file":"SetupPollyForFrodoLib.d.ts","sourcesContent":["import path from 'path';\nimport { fileURLToPath } from 'url';\nimport { Polly } from '@pollyjs/core';\nimport { MODES } from '@pollyjs/utils';\nimport NodeHttpAdapter from '@pollyjs/adapter-node-http';\nimport FSPersister from '@pollyjs/persister-fs';\nimport { LogLevelDesc } from 'loglevel';\nimport { debugMessage } from '../ops/utils/Console';\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url));\n\nconst FRODO_MOCK_HOSTS = [\n 'https://openam-frodo-dev.forgeblocks.com',\n 'https://openam-service-accounts.forgeblocks.com',\n 'https://openam-volker-dev.forgeblocks.com',\n];\n\nlet recordIfMissing = false;\nlet mode = MODES.REPLAY;\n\n// resolve \"/home/sandeepc/work/ForgeRock/sources/frodo-lib/esm/api\" to\n// \"/home/sandeepc/work/ForgeRock/sources/frodo-lib/src/test/recordings\"\nconst recordingsDir = __dirname.replace(\n /^(.\\/frodo-\\w{3})(.)$/gi,\n '$1/mocks'\n);\n\nif (process.env.FRODO_MOCK) {\n Polly.register(NodeHttpAdapter);\n Polly.register(FSPersister);\n if (process.env.FRODO_MOCK === 'record') {\n mode = MODES.RECORD;\n recordIfMissing = true;\n }\n}\n\nfunction defaultMatchRequestsBy() {\n return JSON.parse(\n JSON.stringify({\n method: true,\n headers: false, // do not match headers, because \"Authorization\" header is sent only at recording time\n body: true,\n order: false,\n url: {\n protocol: false,\n username: false,\n password: false,\n hostname: false, // we will record from different envs but run tests always against `frodo-dev`\n port: false,\n pathname: true,\n query: true,\n hash: true,\n },\n })\n );\n}\n\nfunction authenticationMatchRequestsBy() {\n const matchRequestsBy = defaultMatchRequestsBy();\n matchRequestsBy.body = false;\n matchRequestsBy.order = true;\n return matchRequestsBy;\n}\n\n// returns a delayed promise\nasync function delay(ms) {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\~~n// performs a specific (mathematical) operation every \"ms\" (milliseconds)\~~nasync function countdown(i, ms) {\n await delay(ms);\n return --i;\n}\n\nasync function scheduleShutdown(polly: Polly~~, i = 30~~) {\n ++i;\n while (~~(i =~~ await countdown(i, 1000)))\n console.log(`Polly stopping in ${i}s~~...`~~);\n await polly.stop();\n console.log(`Polly stopped.`);\n}\n\nexport function setupPollyForFrodoLib(\n matchRequestsBy = defaultMatchRequestsBy()\n): Polly {\n const polly = new Polly('default');\n\n polly.configure({\n adapters: ['node-http'],\n mode,\n recordIfMissing,\n flushRequestsOnStop: true,\n logLevel: (process.env.FRODO_POLLY_LOG_LEVEL as LogLevelDesc) \|\| 'warn',\n recordFailedRequests: true,\n persister: 'fs',\n persisterOptions: {\n fs: {\n recordingsDir,\n },\n },\n matchRequestsBy,\n });\n\n for (const host of FRODO_MOCK_HOSTS) {\n if (mode === MODES.RECORD) console.log(`***** Host: ${host}`);\n polly.server.host(host, () => {\n polly.server\n .any('/am/oauth2/')\n .recordingName('oauth2')\n .on('request', (req) => {\n req.configure({ matchRequestsBy: authenticationMatchRequestsBy() });\n });\n polly.server.any('/am/json/').recordingName('am');\n polly.server.any('/openidm/').recordingName('openidm');\n polly.server.any('/environment/').recordingName('environment');\n polly.server.any('/monitoring/').recordingName('monitoring');\n polly.server.any('/feature').recordingName('feature');\n polly.server.any('/dashboard/').recordingName('dashboard');\n });\n }\n polly.server.host('https://api.github.com', () => {\n polly.server.any('/').recordingName('github');\n });\n polly.server.host('https://registry.npmjs.org', () => {\n polly.server.any('/').recordingName('npmjs');\n });\n\n if (mode === MODES.RECORD) {\n scheduleShutdown(polly~~, 60~~);\n } else {\n // only output debug messages if not recording as this polly instance is\n // primarily used by frodo-cli e2e tests, which capture stdout in snapshots.\n // debug messages falsify the snapshot recordings.\n debugMessage(`Polly config:`);\n debugMessage(polly.config);\n }\n\n return polly;\n}\n"]}
1	+ {"version":3,"sources":["../src/utils/SetupPollyForFrodoLib.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AA8HtC,wBAAgB,qBAAqB,CACnC,eAAe,MAA2B,GACzC,KAAK,CAsEP","file":"SetupPollyForFrodoLib.d.ts","sourcesContent":["import path from 'path';\nimport { fileURLToPath } from 'url';\nimport { Polly } from '@pollyjs/core';\nimport { MODES } from '@pollyjs/utils';\nimport NodeHttpAdapter from '@pollyjs/adapter-node-http';\nimport FSPersister from '@pollyjs/persister-fs';\nimport { LogLevelDesc } from 'loglevel';\nimport { debugMessage, printMessage } from '../ops/utils/Console';\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url));\n\nconst FRODO_MOCK_HOSTS = [\n 'https://openam-frodo-dev.forgeblocks.com',\n 'https://openam-service-accounts.forgeblocks.com',\n 'https://openam-volker-dev.forgeblocks.com',\n];\n\nlet recordIfMissing = false;\nlet mode = MODES.REPLAY;\n\n// resolve \"/home/sandeepc/work/ForgeRock/sources/frodo-lib/esm/api\" to\n// \"/home/sandeepc/work/ForgeRock/sources/frodo-lib/src/test/recordings\"\nconst recordingsDir = __dirname.replace(\n /^(.\\/frodo-\\w{3})(.)$/gi,\n '$1/mocks'\n);\n\nif (process.env.FRODO_MOCK) {\n Polly.register(NodeHttpAdapter);\n Polly.register(FSPersister);\n if (process.env.FRODO_MOCK === 'record') {\n mode = MODES.RECORD;\n recordIfMissing = true;\n }\n}\n\nfunction defaultMatchRequestsBy() {\n return JSON.parse(\n JSON.stringify({\n method: true,\n headers: false, // do not match headers, because \"Authorization\" header is sent only at recording time\n body: true,\n order: false,\n url: {\n protocol: false,\n username: false,\n password: false,\n hostname: false, // we will record from different envs but run tests always against `frodo-dev`\n port: false,\n pathname: true,\n query: true,\n hash: true,\n },\n })\n );\n}\n\nfunction authenticationMatchRequestsBy() {\n const matchRequestsBy = defaultMatchRequestsBy();\n matchRequestsBy.body = false;\n matchRequestsBy.order = true;\n return matchRequestsBy;\n}\n\n// returns a delayed promise\nasync function delay(ms) {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nasync function countdown(ms) {\n await delay(ms);\n return --ttl;\n}\n\nconst timeout = 15;\nlet ttl = timeout;\nasync function scheduleShutdown(polly: Polly) {\n ++ttl;\n while (await countdown(1000)) {\n if (ttl < 4)\n console.log(\n `Polly instance '${getFrodoCommand()}' stopping in ${ttl}s...`\n );\n }\n await polly.stop();\n console.log(`Polly instance '${getFrodoCommand()}' stopped.`);\n}\n\n/\nargv:\n[\n '/Users/vscheuber/.nvm/versions/node/v18.7.0/bin/node',\n '/usr/local/bin/frodo',\n 'journey',\n 'list',\n '-l',\n 'https://openam-volker-dev.forgeblocks.com/am',\n 'alpha',\n 'volker.scheuber@forgerock.com',\n 'Sup3rS3cr3t!'\n]\nargv:\n[\n '/Users/vscheuber/.nvm/versions/node/v18.7.0/bin/node',\n '/Users/vscheuber/Projects/frodo-cli/esm/cli/journey/journey-list.js',\n '-l',\n 'https://openam-volker-dev.forgeblocks.com/am',\n 'alpha',\n 'volker.scheuber@forgerock.com',\n 'Sup3rS3cr3t!'\n]\n/\nfunction getFrodoCommand() {\n try {\n if (\n !process.argv[1].endsWith('frodo') &&\n !process.argv[1].endsWith('frodo.exe')\n ) {\n return path.parse(process.argv[1]).name.replace('-', '/');\n }\n return process.argv[2];\n } catch (error) {\n printMessage(`SetupPollyForFrodoLib.getFrodoCommand: ${error}`, 'error');\n printMessage(process.argv, 'error');\n return 'error';\n }\n}\n\nexport function setupPollyForFrodoLib(\n matchRequestsBy = defaultMatchRequestsBy()\n): Polly {\n const polly = new Polly('default');\n\n polly.configure({\n adapters: ['node-http'],\n mode,\n recordIfMissing,\n flushRequestsOnStop: true,\n logLevel: (process.env.FRODO_POLLY_LOG_LEVEL as LogLevelDesc) \|\| 'warn',\n recordFailedRequests: true,\n persister: 'fs',\n persisterOptions: {\n fs: {\n recordingsDir,\n },\n },\n matchRequestsBy,\n });\n\n for (const host of FRODO_MOCK_HOSTS) {\n if (mode === MODES.RECORD) console.log(`***** Host: ${host}`);\n polly.server.host(host, () => {\n polly.server\n .any('/am/oauth2/')\n .recordingName(`${getFrodoCommand()}/oauth2`)\n .on('request', (req) => {\n req.configure({ matchRequestsBy: authenticationMatchRequestsBy() });\n });\n polly.server.any('/am/json/').recordingName(`${getFrodoCommand()}/am`);\n polly.server\n .any('/openidm/')\n .recordingName(`${getFrodoCommand()}/openidm`);\n polly.server\n .any('/environment/')\n .recordingName(`${getFrodoCommand()}/environment`);\n polly.server\n .any('/monitoring/')\n .recordingName(`${getFrodoCommand()}/monitoring`);\n polly.server\n .any('/feature')\n .recordingName(`${getFrodoCommand()}/feature`);\n polly.server\n .any('/dashboard/')\n .recordingName(`${getFrodoCommand()}/dashboard`);\n });\n }\n polly.server.host('https://api.github.com', () => {\n polly.server.any('/').recordingName(`github`);\n });\n polly.server.host('https://registry.npmjs.org', () => {\n polly.server.any('/').recordingName(`npmjs`);\n });\n polly.server.any().on('request', () => {\n if (ttl < timeout) {\n // console.log(`Reset polly stop ttl (${ttl}) to ${timeout}`);\n ttl = timeout;\n }\n });\n\n if (mode === MODES.RECORD) {\n scheduleShutdown(polly);\n } else {\n // only output debug messages if not recording as this polly instance is\n // primarily used by frodo-cli e2e tests, which capture stdout in snapshots.\n // debug messages falsify the snapshot recordings.\n debugMessage(`Polly config:`);\n debugMessage(polly.config);\n }\n\n return polly;\n}\n"]}

package/mocks/openidm_3290118515/recording.har DELETED Viewed

@@ -1,150 +0,0 @@
-{
-  "log": {
-    "_recordingName": "openidm",
-    "creator": {
-      "comment": "persister:fs",
-      "name": "Polly.JS",
-      "version": "6.0.5"
-    },
-    "entries": [
-      {
-        "_id": "1084cae627e9260fd7cf7094529aa4e1",
-        "_order": 0,
-        "cache": {},
-        "request": {
-          "bodySize": 0,
-          "cookies": [],
-          "headers": [
-            {
-              "name": "accept",
-              "value": "application/json, text/plain, */*"
-            },
-            {
-              "name": "user-agent",
-              "value": "@rockcarver/frodo-lib/0.17.6"
-            },
-            {
-              "name": "x-forgerock-transactionid",
-              "value": "frodo-4d7bee5a-311a-44e6-8d50-178299d28cc3"
-            },
-            {
-              "name": "content-type",
-              "value": "application/json"
-            },
-            {
-              "name": "authorization",
-              "value": "Bearer eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..eBf7vtBp5SfpV2iHHyO4pA.HDhg6RnLZyzousp-akNfcOfZiJNF3gWvWPHBU8GdGnfkj383AIJV9AUUMMLI_bb7HVbkqAZrswf9dL5QQeBhjZozfBSr0cO2LlflQ6Io9F4VqVA6DuRgcPn1KLg4ilNglL2f1EGZ4CbnoP5tXrMjCN2hcYEDhs7_PaK-d-jTz3yyDnQvi_Ju5EtAS1l_xkRoCBcRi6CJMqLm7hZoddGzRZj6ICwO9KdjZJ1hkbaymKpMswOAXrTgIUVDymjZ2bl0QwSfWTPvSINMdqft7sssRrvgZEaZ3vMBXLlTvl2GtDhRtWmuEAQsFwWsN-6Hof_hF8os-WgRO5UWQ7lAz5HBoBSLwkBZkyvWGazg34PkSr8sTxlQ_uVmxT9OuNq1QvzLU8BhVh9WYnPqQoxgY9sCZxH61Zgi9AXerFVyyORueiD-mHCcCB43ftWtpOZDyyvFn6g8dtpS2dYEAtv1cD2NvKA6sBWgEb3g3xb_AE9TzPy82hD3OVyZlE7S4QUDTRNlZzNqw41iYAXEiLXIfpsz8rvsEmM2hB7AANTSrOuBPC0UywV2ldpmPLdAVsweq3WbGGqZ-ByPXNLDAEP-9V5khx1vJb1xva2LwaRYVHoXSkg39ptfwjzW0F2KkvPFXBzEmo23lclrQNudmjYDXAdxwpvpn5EvNfiqBLieg25WpprCroS50JGKJP0qU54tF9eYumHtcBLSipLR-JLehGt5IKJZR4o9zIbCMz9vR6OX4iHIv1J_Q4mP_jW0IhONKeGUe5WxJNNvLJZc66TI50SuFolqbn3deRYTWqCHV9Lm_kTvzYhEq5On6VN6TmlU0pFzmCUZUWLx8uocsz0_CSV63bdcpb9PfuwJNIpTz38f1qW9By8rR5dfFCaCoewH26EfRHUCmZKlj1jPahBvfK78w1CIYhBOE795xwFRJW2_cxDdcQPDrVkzimtmfeCF9zhou6MYzV4D88OvV6Yl1jCPzJJ4bAgW3_nsir-_CQwjBBmoZLwTqW_fraev10snzVP3d7_hY_0pEGMYSL2UriO2GUuT4lOZdR6mrMcyTOsQ-6hBau6tyQwiydunQf18OJ3n.Hwc3QVpk7vlh_0JnibZrKA"
-            },
-            {
-              "name": "host",
-              "value": "openam-service-accounts.forgeblocks.com"
-            }
-          ],
-          "headersSize": 1596,
-          "httpVersion": "HTTP/1.1",
-          "method": "GET",
-          "queryString": [
-            {
-              "name": "_fields",
-              "value": "name"
-            }
-          ],
-          "url": "https://openam-service-accounts.forgeblocks.com/openidm/managed/svcacct/1f361790-a4c5-48e5-8c2d-194414095c4f?_fields=name"
-        },
-        "response": {
-          "bodySize": 129,
-          "content": {
-            "mimeType": "application/json;charset=utf-8",
-            "size": 129,
-            "text": "{\"_id\":\"1f361790-a4c5-48e5-8c2d-194414095c4f\",\"_rev\":\"443c355d-d0f7-401a-adae-312797b9b5cb-3458\",\"name\":\"Frodo-SA-1673325246229\"}"
-          },
-          "cookies": [],
-          "headers": [
-            {
-              "name": "date",
-              "value": "Wed, 11 Jan 2023 18:18:48 GMT"
-            },
-            {
-              "name": "cache-control",
-              "value": "no-store"
-            },
-            {
-              "name": "content-security-policy",
-              "value": "default-src 'none';frame-ancestors 'none';sandbox"
-            },
-            {
-              "name": "content-type",
-              "value": "application/json;charset=utf-8"
-            },
-            {
-              "name": "cross-origin-opener-policy",
-              "value": "same-origin"
-            },
-            {
-              "name": "cross-origin-resource-policy",
-              "value": "same-origin"
-            },
-            {
-              "name": "etag",
-              "value": "\"443c355d-d0f7-401a-adae-312797b9b5cb-3458\""
-            },
-            {
-              "name": "expires",
-              "value": "0"
-            },
-            {
-              "name": "pragma",
-              "value": "no-cache"
-            },
-            {
-              "name": "x-content-type-options",
-              "value": "nosniff"
-            },
-            {
-              "name": "x-frame-options",
-              "value": "DENY"
-            },
-            {
-              "name": "content-length",
-              "value": "129"
-            },
-            {
-              "name": "x-forgerock-transactionid",
-              "value": "frodo-4d7bee5a-311a-44e6-8d50-178299d28cc3"
-            },
-            {
-              "name": "strict-transport-security",
-              "value": "max-age=31536000; includeSubDomains; preload;"
-            },
-            {
-              "name": "via",
-              "value": "1.1 google"
-            },
-            {
-              "name": "alt-svc",
-              "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
-            }
-          ],
-          "headersSize": 647,
-          "httpVersion": "HTTP/1.1",
-          "redirectURL": "",
-          "status": 200,
-          "statusText": "OK"
-        },
-        "startedDateTime": "2023-01-11T18:18:46.728Z",
-        "time": 83,
-        "timings": {
-          "blocked": -1,
-          "connect": -1,
-          "dns": -1,
-          "receive": 0,
-          "send": 0,
-          "ssl": -1,
-          "wait": 83
-        }
-      }
-    ],
-    "pages": [],
-    "version": "1.2"
-  }
-}