diff --git a/package-lock.json b/package-lock.json index 1a0b16134..cb876b778 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "frodo": "dist/launch.cjs" }, "devDependencies": { - "@rockcarver/frodo-lib": "4.0.0-6", + "@rockcarver/frodo-lib": "4.0.0-7", "@types/colors": "^1.2.1", "@types/fs-extra": "^11.0.1", "@types/jest": "^29.2.3", @@ -92,7 +92,6 @@ "integrity": "sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@babel/code-frame": "^7.29.0", "@babel/generator": "^7.29.0", @@ -1777,9 +1776,9 @@ } }, "node_modules/@rockcarver/frodo-lib": { - "version": "4.0.0-6", - "resolved": "https://registry.npmjs.org/@rockcarver/frodo-lib/-/frodo-lib-4.0.0-6.tgz", - "integrity": "sha512-P50Rsqa9/jAs0ECikxrGIkLZ+2Y4vdlaqicc1XDaMa2iRqIJNyfmTS9aa8hrSpr8Wm3u2cjWzNlMDaMq5HuTrA==", + "version": "4.0.0-7", + "resolved": "https://registry.npmjs.org/@rockcarver/frodo-lib/-/frodo-lib-4.0.0-7.tgz", + "integrity": "sha512-KrPNQhj8NdAy8aaqpAiYO4OBc0Inr0sSGp7ZUPefe/Y10bDZjA+dvBepUu6NYxp4k6UmlOJH8HjOhw0fk4EkGg==", "dev": true, "license": "MIT", "engines": { @@ -2362,7 +2361,6 @@ "integrity": "sha512-94EQTWZ40mzBc42ATNIBimBEDltSJ9RQHCC8vc/PDbxi4k8dVwUAv4o98dk50M1zB+JGFxp43FP7f8+FP8R6Sw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/regexpp": "^4.10.0", "@typescript-eslint/scope-manager": "7.18.0", @@ -2397,7 +2395,6 @@ "integrity": "sha512-4Z+L8I2OqhZV8qA132M4wNL30ypZGYOQVBfMgxDH/K5UX0PNqTu1c6za9ST5r9+tavvHiTWmBnKzpCJ/GlVFtg==", "dev": true, "license": "BSD-2-Clause", - "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "7.18.0", "@typescript-eslint/types": "7.18.0", @@ -2613,7 +2610,6 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -3315,7 +3311,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", @@ -4334,7 +4329,6 @@ "dev": true, "hasInstallScript": true, "license": "MIT", - "peer": true, "bin": { "esbuild": "bin/esbuild" }, @@ -4400,7 +4394,6 @@ "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -4457,7 +4450,6 @@ "integrity": "sha512-82GZUjRS0p/jganf6q1rEO25VSoHH0hKPCTrgillPjdI/3bgBhAE1QzHrHTizjpRvy6pGAvKjDJtk2pF9NDq8w==", "dev": true, "license": "MIT", - "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -6366,7 +6358,6 @@ "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -8336,7 +8327,6 @@ "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "prettier": "bin/prettier.cjs" }, @@ -10048,7 +10038,6 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", - "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/package.json b/package.json index f4cd7f792..0a29f4736 100644 --- a/package.json +++ b/package.json @@ -95,7 +95,7 @@ ] }, "devDependencies": { - "@rockcarver/frodo-lib": "4.0.0-6", + "@rockcarver/frodo-lib": "4.0.0-7", "@types/colors": "^1.2.1", "@types/fs-extra": "^11.0.1", "@types/jest": "^29.2.3", diff --git a/src/cli/FrodoCommand.ts b/src/cli/FrodoCommand.ts index 4040a5d2b..feb36695d 100644 --- a/src/cli/FrodoCommand.ts +++ b/src/cli/FrodoCommand.ts @@ -120,6 +120,14 @@ const noCacheOption = new Option( 'Disable token cache for this operation.' ); +const useRealmPrefixOnManagedObjects = new Option( + '--use-realm-prefix-on-managed-objects', + 'Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user,\ + managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user \ + etc. is retained. \ + This option is ignored when the deployment type is "cloud".' +); + const flushCacheOption = new Option('--flush-cache', 'Flush token cache.'); const retryOption = new Option( @@ -157,6 +165,7 @@ const defaultOpts = [ noCacheOption, flushCacheOption, retryOption, + useRealmPrefixOnManagedObjects, ]; const stateMap = { @@ -226,6 +235,8 @@ const stateMap = { state.setCurlirize(curlirize), [noCacheOption.attributeName()]: (cache: boolean) => state.setUseTokenCache(cache), + [useRealmPrefixOnManagedObjects.attributeName()]: () => + state.setUseRealmPrefixOnManagedObjects(true), [flushCacheOption.attributeName()]: (flush: boolean) => { if (flush) frodo.cache.flush(); }, diff --git a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap index 0f4b0a0ad..d3abf57ab 100644 --- a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap @@ -7,96 +7,37 @@ Add AutoId static user mapping to enable dashboards and other AutoId-based functionality. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap index f03533a1a..200d447a0 100644 --- a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap @@ -6,123 +6,45 @@ exports[`CLI help interface for 'admin create-oauth2-client-with-admin-privilege Create an oauth2 client with admin privileges. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --client-id [id] Client id. - --client-secret [secret] Client secret. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --llt Create a long-lived token and store it - in a secret. The default secret name is - esv-admin-token and the default token - lifetime is 315,360,000 seconds (10 - years). Both can be overwritten with the - --llt-esv and --llt-ttl options. - --llt-esv [esv] Name of the secret to store the token - in. This option only applies if used - with the --llt option. (default: - esv-admin-token) - --llt-scope [scope] Request the following scope(s). This - option only applies if used with the - --llt option. (default: fr:idm:*) - --llt-ttl [ttl] Token lifetime (seconds). This option - only applies if used with the --llt - option. (default: 315,360,000 seconds - (10 years)) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --no-llt-esv Don't store the token in a secret and - output to console instead. This option - only applies if used with the --llt - option. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --client-id [id] Client id. + --client-secret [secret] Client secret. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --llt Create a long-lived token and store it in a secret. The default secret name is esv-admin-token and the default token lifetime is 315,360,000 seconds (10 years). Both can be overwritten with the --llt-esv and --llt-ttl options. + --llt-esv [esv] Name of the secret to store the token in. This option only applies if used with the --llt option. (default: esv-admin-token) + --llt-scope [scope] Request the following scope(s). This option only applies if used with the --llt option. (default: fr:idm:*) + --llt-ttl [ttl] Token lifetime (seconds). This option only applies if used with the --llt option. (default: 315,360,000 seconds (10 years)) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --no-llt-esv Don't store the token in a secret and output to console instead. This option only applies if used with the --llt option. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap index fffdc69f1..056fc9930 100644 --- a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap @@ -6,104 +6,41 @@ exports[`CLI help interface for 'admin get-access-token' should be expected engl Get an access token using client credentials grant type. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id [id] Client id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - -s, --client-secret [secret] Client secret. - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --scope [scope] Request the following scope(s). - (default: fr:idm:*) - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --client-id [id] Client id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + -s, --client-secret [secret] Client secret. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --scope [scope] Request the following scope(s). (default: fr:idm:*) + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap index 911d4973c..61f4e3e41 100644 --- a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'admin grant-oauth2-client-admin-privileges' sho Grant an oauth2 client admin privileges. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id OAuth2 client id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --client-id OAuth2 client id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap index dce4f039a..20f9f7b7f 100644 --- a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'admin hide-generic-extension-attributes' should Hide generic extension attributes. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --dry-run Dry-run only, do not perform changes. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --include-customized Include customized attributes. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --dry-run Dry-run only, do not perform changes. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --include-customized Include customized attributes. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap index 5ee240eac..ae5b2c576 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'admin list-oauth2-clients-with-admin-privileges List oauth2 clients with admin privileges. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap index 4b4e3258b..19ed229ff 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'admin list-oauth2-clients-with-custom-privilege List oauth2 clients with custom privileges. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap index 27e7a0ec4..bce53803d 100644 --- a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'admin list-static-user-mappings' should be expe List all subjects of static user mappings that are not oauth2 clients. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --show-protected Show protected (system) subjects. - (default: false) - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --show-protected Show protected (system) subjects. (default: false) + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap index 4812fee57..23da983f8 100644 --- a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'admin remove-static-user-mapping' should be exp Remove a subject's static user mapping. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --sub-id Subject identifier. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --sub-id Subject identifier. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap index c788006a1..37bcd72b2 100644 --- a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap @@ -6,105 +6,41 @@ exports[`CLI help interface for 'admin repair-org-model' should be expected engl Repair org model. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --dry-run Dry-run only, do not perform changes. - --exclude-customized Exclude customized properties from - repair. - --extend-permissions Extend permissions to include custom - attributes. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --dry-run Dry-run only, do not perform changes. + --exclude-customized Exclude customized properties from repair. + --extend-permissions Extend permissions to include custom attributes. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap index c0e5a8bd0..b2365883a 100644 --- a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'admin revoke-oauth2-client-admin-privileges' sh Revoke admin privileges from an oauth2 client. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --client-id OAuth2 client id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --client-id OAuth2 client id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap index 9fc80ec04..da7479538 100644 --- a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap @@ -6,104 +6,40 @@ exports[`CLI help interface for 'admin show-generic-extension-attributes' should Show generic extension attributes. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --dry-run Dry-run only, do not perform changes. - (default: false) - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --include-customized Include customized attributes. (default: - false) - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --dry-run Dry-run only, do not perform changes. (default: false) + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --include-customized Include customized attributes. (default: false) + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap index 7787427e0..19caed683 100644 --- a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'agent delete' should be expected english 1`] = Delete agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all agents. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a is ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap index c76416e62..325856f17 100644 --- a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'agent describe' should be expected english 1`] Describe agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -g, --global Describe global agent. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -g, --global Describe global agent. + -h, --help Help + -i, --agent-id Agent id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-export.test.js.snap index 457f3d05a..26b275f4a 100644 --- a/test/client_cli/en/__snapshots__/agent-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-export.test.js.snap @@ -6,111 +6,44 @@ exports[`CLI help interface for 'agent export' should be expected english 1`] = Export agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all agents to a single file. - Ignored with -i. - -A, --all-separate Export all agents to separate files - (*..agent.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global Export global agents. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all agents to a single file. Ignored with -i. + -A, --all-separate Export all agents to separate files (*..agent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -g, --global Export global agents. + -h, --help Help + -i, --agent-id Agent id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap index 7833a9fb0..c4e5a4da7 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap @@ -6,103 +6,40 @@ exports[`CLI help interface for 'agent gateway delete' should be expected englis Delete identity gateway agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all identity gateway agents. - Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all identity gateway agents. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a is ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap index 33c59e268..9a5920c5a 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent gateway describe' should be expected engl Describe gateway agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap index cc9efdf5a..56bf09b69 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap @@ -6,111 +6,43 @@ exports[`CLI help interface for 'agent gateway export' should be expected englis Export gateway agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all gateway agents to a single - file. Ignored with -i. - -A, --all-separate Export all gateway agents to separate - files (*.identitygatewayagent.json) in - the current directory. Ignored with -i - or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all gateway agents to a single file. Ignored with -i. + -A, --all-separate Export all gateway agents to separate files (*.identitygatewayagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap index 0506a4159..f32641122 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap @@ -6,110 +6,42 @@ exports[`CLI help interface for 'agent gateway import' should be expected englis Import gateway agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. - Ignored with -i. - -A, --all-separate Import all agents from separate files - (*.identitygatewayagent.json) in the - current directory. Ignored with -i or - -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent - is imported and the options -a and -A - are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all agents from single file. Ignored with -i. + -A, --all-separate Import all agents from separate files (*.identitygatewayagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap index 62f91e026..12674569e 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent gateway list' should be expected english List gateway agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-import.test.js.snap index 1e570390d..5fba96ed2 100644 --- a/test/client_cli/en/__snapshots__/agent-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-import.test.js.snap @@ -6,110 +6,43 @@ exports[`CLI help interface for 'agent import' should be expected english 1`] = Import agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. - Ignored with -i. - -A, --all-separate Import all agents from separate files - (*.agent.json) in the current directory. - Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -g, --global Import global agents. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent - is imported and the options -a and -A - are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all agents from single file. Ignored with -i. + -A, --all-separate Import all agents from separate files (*.agent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -g, --global Import global agents. + -h, --help Help + -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap index 2bfa8c668..4d404e556 100644 --- a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'agent java delete' should be expected english 1 Delete java agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all java agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a is ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all java agents. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a is ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap index 3276d27e1..0f5c41fd3 100644 --- a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent java describe' should be expected english Describe java agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap index 6a1c2214c..6b88f0e4c 100644 --- a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap @@ -6,110 +6,43 @@ exports[`CLI help interface for 'agent java export' should be expected english 1 Export java agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all java agents to a single file. - Ignored with -i. - -A, --all-separate Export all java agents to separate files - (*.javaagent.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all java agents to a single file. Ignored with -i. + -A, --all-separate Export all java agents to separate files (*.javaagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap index 378f60f0e..98c382241 100644 --- a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap @@ -6,109 +6,42 @@ exports[`CLI help interface for 'agent java import' should be expected english 1 Import java agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. - Ignored with -i. - -A, --all-separate Import all agents from separate files - (*.javaagent.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent - is imported and the options -a and -A - are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all agents from single file. Ignored with -i. + -A, --all-separate Import all agents from separate files (*.javaagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap index 88144880e..386a2c305 100644 --- a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent java list' should be expected english 1`] List java agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-list.test.js.snap index bd6146b6e..92360dbff 100644 --- a/test/client_cli/en/__snapshots__/agent-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-list.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'agent list' should be expected english 1`] = ` List agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -g, --global List global agents. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -g, --global List global agents. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap index 6256568bb..97de812e9 100644 --- a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap @@ -6,103 +6,40 @@ exports[`CLI help interface for 'agent web delete' should be expected english 1` Delete web agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all web agents. Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all web agents. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap index df573dffd..ffcc56d97 100644 --- a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent web describe' should be expected english Describe web agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap index c35814d05..7ce930aa1 100644 --- a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap @@ -6,110 +6,43 @@ exports[`CLI help interface for 'agent web export' should be expected english 1` Export web agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all web agents to a single file. - Ignored with -i. - -A, --all-separate Export all web agents to separate files - (*.webagent.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all web agents to a single file. Ignored with -i. + -A, --all-separate Export all web agents to separate files (*.webagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap index 0eefd3a11..bccfb3b33 100644 --- a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap @@ -6,109 +6,42 @@ exports[`CLI help interface for 'agent web import' should be expected english 1` Import web agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all agents from single file. - Ignored with -i. - -A, --all-separate Import all agents from separate files - (*.webagent.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --agent-id Agent id. If specified, only one agent - is imported and the options -a and -A - are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all agents from single file. Ignored with -i. + -A, --all-separate Import all agents from separate files (*.webagent.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --agent-id Agent id. If specified, only one agent is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap index ba06436ee..fc5a6744b 100644 --- a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'agent web list' should be expected english 1`] List web agents. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/app-delete.test.js.snap b/test/client_cli/en/__snapshots__/app-delete.test.js.snap index 7316f769b..277078eb7 100644 --- a/test/client_cli/en/__snapshots__/app-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-delete.test.js.snap @@ -6,106 +6,41 @@ exports[`CLI help interface for 'app delete' should be expected english 1`] = ` Delete applications. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all applications. Ignored with - -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application name. If specified, -a and - -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --no-deep No deep delete. This leaves orphaned - configuration artifacts behind. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all applications. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --app-id Application name. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --no-deep No deep delete. This leaves orphaned configuration artifacts behind. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/app-export.test.js.snap b/test/client_cli/en/__snapshots__/app-export.test.js.snap index e8e20b3ce..0f3ff4e09 100644 --- a/test/client_cli/en/__snapshots__/app-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-export.test.js.snap @@ -6,113 +6,44 @@ exports[`CLI help interface for 'app export' should be expected english 1`] = ` Export applications. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all applications to a single - file. Ignored with -i. - -A, --all-separate Export all applications to separate - files (*.application.json) in the - current directory. Ignored with -i or - -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application name. If specified, -a and - -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies - (scripts). - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all applications to a single file. Ignored with -i. + -A, --all-separate Export all applications to separate files (*.application.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --app-id Application name. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --no-deps Do not include any dependencies (scripts). + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/app-import.test.js.snap b/test/client_cli/en/__snapshots__/app-import.test.js.snap index 5b6f6c15a..40e152704 100644 --- a/test/client_cli/en/__snapshots__/app-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-import.test.js.snap @@ -6,111 +6,43 @@ exports[`CLI help interface for 'app import' should be expected english 1`] = ` Import applications. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all applications from single - file. Ignored with -i. - -A, --all-separate Import all applications from separate - files (*.app.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --app-id Application name. If specified, only one - application is imported and the options - -a and -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies - (scripts). - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all applications from single file. Ignored with -i. + -A, --all-separate Import all applications from separate files (*.app.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --app-id Application name. If specified, only one application is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --no-deps Do not include any dependencies (scripts). + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/app-list.test.js.snap b/test/client_cli/en/__snapshots__/app-list.test.js.snap index 609d8be81..1fa18bc78 100644 --- a/test/client_cli/en/__snapshots__/app-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-list.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'app list' should be expected english 1`] = ` List applications. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap index 18cb3daa5..b6b36440a 100644 --- a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'authn describe' should be expected english 1`] Describe authentication settings. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -g, --global Describe global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -g, --global Describe global authentication settings. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --json Output in JSON format. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authn-export.test.js.snap b/test/client_cli/en/__snapshots__/authn-export.test.js.snap index 4bfbe6f6d..6397e73f0 100644 --- a/test/client_cli/en/__snapshots__/authn-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-export.test.js.snap @@ -6,104 +6,41 @@ exports[`CLI help interface for 'authn export' should be expected english 1`] = Export authentication settings. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global Export global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -g, --global Export global authentication settings. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authn-import.test.js.snap b/test/client_cli/en/__snapshots__/authn-import.test.js.snap index 26c8300ea..7d97e18a9 100644 --- a/test/client_cli/en/__snapshots__/authn-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-import.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'authn import' should be expected english 1`] = Import authentication settings. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -g, --global Export global authentication settings. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -g, --global Export global authentication settings. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap index 7e2773831..783ce4a45 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap @@ -6,105 +6,41 @@ exports[`CLI help interface for 'authz policy delete' should be expected english Delete authorization policies. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all policies in a realm. Ignored - with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id/name. If specified, -a is - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --set-id Policy set id/name. Ignored with -i. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all policies in a realm. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --policy-id Policy id/name. If specified, -a is ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --set-id Policy set id/name. Ignored with -i. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap index f76b9f04d..057079d68 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'authz policy describe' should be expected engli Describe authorization policies. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id/name. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --policy-id Policy id/name. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --json Output in JSON format. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap index 527d4d185..035f48b63 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap @@ -6,115 +6,46 @@ exports[`CLI help interface for 'authz policy export' should be expected english Export authorization policies. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export policies to a single file. - Ignored with -i. - -A, --all-separate Export policies to separate files - (*.policy.authz.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id. If specified, -a and -A are - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --no-deps Do not include dependencies (scripts). - --passphrase The passphrase for the Amster private - key if it is encrypted. - --prereqs Include prerequisites (policy sets, - resource types). - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --set-id Export policies in policy set only. - Ignored with -i. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export policies to a single file. Ignored with -i. + -A, --all-separate Export policies to separate files (*.policy.authz.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --policy-id Policy id. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --no-deps Do not include dependencies (scripts). + --passphrase The passphrase for the Amster private key if it is encrypted. + --prereqs Include prerequisites (policy sets, resource types). + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --set-id Export policies in policy set only. Ignored with -i. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap index 6bc1040ec..cfbba83b5 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap @@ -6,116 +6,45 @@ exports[`CLI help interface for 'authz policy import' should be expected english Import authorization policies. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all policies from single file. - Ignored with -i. - -A, --all-separate Import all policies from separate files - (*.policy.authz.json) in the current - directory. Ignored with -i or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --policy-id Policy id. If specified, only one policy - is imported and the options -a and -A - are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --no-deps Do not import dependencies (scripts) - even if they are available in the import - file. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --prereqs Import prerequisites (policy sets, - resource types) if they are available in - the import file. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --set-id Import policies into this policy set. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all policies from single file. Ignored with -i. + -A, --all-separate Import all policies from separate files (*.policy.authz.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --policy-id Policy id. If specified, only one policy is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --no-deps Do not import dependencies (scripts) even if they are available in the import file. + --passphrase The passphrase for the Amster private key if it is encrypted. + --prereqs Import prerequisites (policy sets, resource types) if they are available in the import file. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --set-id Import policies into this policy set. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap index 8f121e18c..f45b08187 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'authz policy list' should be expected english 1 List authorization policies. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with all fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --set-id Policy set id/name. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with all fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --set-id Policy set id/name. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap index a70011e65..f339765fd 100644 --- a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap @@ -6,103 +6,40 @@ exports[`CLI help interface for 'authz set delete' should be expected english 1` Delete authorization policy sets. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all policy sets in a realm. - Ignored with -i. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all policy sets in a realm. Ignored with -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --set-id Policy set id/name. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap index dbd098595..a8701aca5 100644 --- a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap @@ -6,102 +6,40 @@ exports[`CLI help interface for 'authz set describe' should be expected english Describe authorization policy sets. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --set-id Policy set id/name. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --json Output in JSON format. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap index 1bb3fe6b3..2c69870ce 100644 --- a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap @@ -6,114 +6,45 @@ exports[`CLI help interface for 'authz set export' should be expected english 1` Export authorization policy sets. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all applications/policy sets to a - single file. Ignored with -i. - -A, --all-separate Export all applications/policy sets to - separate files (*.authz.json) in the - current directory. Ignored with -i or - -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. If specified, -a and - -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies - (policies, scripts). - --passphrase The passphrase for the Amster private - key if it is encrypted. - --prereqs Include prerequisites (resource types). - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all applications/policy sets to a single file. Ignored with -i. + -A, --all-separate Export all applications/policy sets to separate files (*.authz.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --set-id Policy set id/name. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --no-deps Do not include any dependencies (policies, scripts). + --passphrase The passphrase for the Amster private key if it is encrypted. + --prereqs Include prerequisites (resource types). + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap index 610cc2156..021a8a0cf 100644 --- a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap @@ -6,113 +6,44 @@ exports[`CLI help interface for 'authz set import' should be expected english 1` Import authorization policy sets. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all policy sets from single file. - Ignored with -i. - -A, --all-separate Import all policy sets from separate - files (*.policyset.authz.json) in the - current directory. Ignored with -i or - -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --set-id Policy set id/name. If specified, only - one policy set is imported and the - options -a and -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --no-deps Do not include any dependencies - (policies, scripts). - --passphrase The passphrase for the Amster private - key if it is encrypted. - --prereqs Include prerequisites (resource types). - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all policy sets from single file. Ignored with -i. + -A, --all-separate Import all policy sets from separate files (*.policyset.authz.json) in the current directory. Ignored with -i or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --set-id Policy set id/name. If specified, only one policy set is imported and the options -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --no-deps Do not include any dependencies (policies, scripts). + --passphrase The passphrase for the Amster private key if it is encrypted. + --prereqs Include prerequisites (resource types). + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap index 6c7088541..4f94c3ce1 100644 --- a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap @@ -6,106 +6,41 @@ exports[`CLI help interface for 'authz type delete' should be expected english 1 Delete authorization resource types. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Delete all resource types in a realm. - Ignored with -i and -n. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Variable id. If specified, -a is - ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --type-name Resource type name. If specified, -a is - ignored. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Delete all resource types in a realm. Ignored with -i and -n. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --type-id Variable id. If specified, -a is ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --type-name Resource type name. If specified, -a is ignored. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap index 2b4ac1019..3435f762e 100644 --- a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap @@ -6,103 +6,41 @@ exports[`CLI help interface for 'authz type describe' should be expected english Describe authorization resource types. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --json Output in JSON format. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --type-name Resource type name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --type-id Resource type uuid. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --json Output in JSON format. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --type-name Resource type name. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap index 7712e3e26..03794d8c7 100644 --- a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap @@ -6,113 +6,44 @@ exports[`CLI help interface for 'authz type export' should be expected english 1 Export authorization resource types. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export all resource types to a single - file. Ignored with -i. - -A, --all-separate Export all resource types to separate - files (*.resourcetype.authz.json) in the - current directory. Ignored with -i, -n, - or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. If specified, -a and - -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --type-name Resource type name. If specified, -a and - -A are ignored. - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Export all resource types to a single file. Ignored with -i. + -A, --all-separate Export all resource types to separate files (*.resourcetype.authz.json) in the current directory. Ignored with -i, -n, or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -h, --help Help + -i, --type-id Resource type uuid. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --type-name Resource type name. If specified, -a and -A are ignored. + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap index 48200183c..0ef5b04b7 100644 --- a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap @@ -6,111 +6,43 @@ exports[`CLI help interface for 'authz type import' should be expected english 1 Import authorization resource types. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all resource types from single - file. Ignored with -i. - -A, --all-separate Import all resource types from separate - files (*.resourcetype.authz.json) in the - current directory. Ignored with -i, -n, - or -a. - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. - --flush-cache Flush token cache. - -h, --help Help - -i, --type-id Resource type uuid. If specified, -a and - -A are ignored. - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --type-name Resource type name. If specified, -a and - -A are ignored. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all resource types from single file. Ignored with -i. + -A, --all-separate Import all resource types from separate files (*.resourcetype.authz.json) in the current directory. Ignored with -i, -n, or -a. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. + --flush-cache Flush token cache. + -h, --help Help + -i, --type-id Resource type uuid. If specified, -a and -A are ignored. + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --type-name Resource type name. If specified, -a and -A are ignored. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap index 728706b71..656703ded 100644 --- a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'authz type list' should be expected english 1`] List authorization resource types. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - -l, --long Long with more fields. (default: false) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + -l, --long Long with more fields. (default: false) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-export.test.js.snap b/test/client_cli/en/__snapshots__/config-export.test.js.snap index 29e7a1828..7f482dfec 100644 --- a/test/client_cli/en/__snapshots__/config-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-export.test.js.snap @@ -14,148 +14,54 @@ flag to export only global config, and many other flags to customize the export. Use the -h or --help to see them all and to also see usage examples. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Export everything to a single file. - -A, --all-separate Export everything to separate files in - the -D directory. Ignored with -a. - --curlirize Output all network calls in curl format. - -d, --default Export all scripts including the default - scripts. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the export file. - --flush-cache Flush token cache. - -g, --global-only Export only the global config. If -r, - --realm-only is also active, then the - corresponding active realm config will - also be exported. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --include-active-values Include the currently active (and - loaded) secret value in the export. By - default, secret values are encrypted - server-side in the environment they are - exported from. Use --target - to have another environment perform the - encryption. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -N, --no-metadata Does not include metadata in the export - file. - --no-cache Disable token cache for this operation. - --no-coords Do not include the x and y coordinate - positions of the journey/tree nodes. - --no-decode Do not include decoded variable value in - variable export - -o, --separate-objects Export managed.idm.json objects - separately in their own directory. - Ignored with -a. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - -r, --realm-only Export only the config for the active - realm. If -g, --global-only is also - active, then the global config will also - be exported. - -R, --read-only Export read-only config (with the - exception of default scripts) in - addition to the importable config. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - -s, --separate-mappings Export sync.idm.json mappings separately - in their own directory. Ignored with -a. - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --target Host URL of the environment to perform - secret value encryption. The URL must - resolve to an existing connection - profile. Use this option to generate an - export that can be imported into the - target environment without requiring - admin access to the source environment. - --use-string-arrays Where applicable, use string arrays to - store multi-line text (e.g. scripts). - (default: off) - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. - -x, --extract Extract scripts and server properties - from the exported file, and save it to a - separate file. Ignored with -a. + -a, --all Export everything to a single file. + -A, --all-separate Export everything to separate files in the -D directory. Ignored with -a. + --curlirize Output all network calls in curl format. + -d, --default Export all scripts including the default scripts. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the export file. + --flush-cache Flush token cache. + -g, --global-only Export only the global config. If -r, --realm-only is also active, then the corresponding active realm config will also be exported. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --include-active-values Include the currently active (and loaded) secret value in the export. By default, secret values are encrypted server-side in the environment they are exported from. Use --target to have another environment perform the encryption. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -N, --no-metadata Does not include metadata in the export file. + --no-cache Disable token cache for this operation. + --no-coords Do not include the x and y coordinate positions of the journey/tree nodes. + --no-decode Do not include decoded variable value in variable export + -o, --separate-objects Export managed.idm.json objects separately in their own directory. Ignored with -a. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + -r, --realm-only Export only the config for the active realm. If -g, --global-only is also active, then the global config will also be exported. + -R, --read-only Export read-only config (with the exception of default scripts) in addition to the importable config. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + -s, --separate-mappings Export sync.idm.json mappings separately in their own directory. Ignored with -a. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --target Host URL of the environment to perform secret value encryption. The URL must resolve to an existing connection profile. Use this option to generate an export that can be imported into the target environment without requiring admin access to the source environment. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --use-string-arrays Where applicable, use string arrays to store multi-line text (e.g. scripts). (default: off) + --verbose Verbose output during command execution. If specified, may or may not produce additional output. + -x, --extract Extract scripts and server properties from the exported file, and save it to a separate file. Ignored with -a. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-import.test.js.snap b/test/client_cli/en/__snapshots__/config-import.test.js.snap index 070e2065b..04eb3edfc 100644 --- a/test/client_cli/en/__snapshots__/config-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-import.test.js.snap @@ -6,139 +6,49 @@ exports[`CLI help interface for 'config import' should be expected english 1`] = Import full cloud configuration. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - -a, --all Import all configuration from the single - file -f. Ignored with -i. - -A, --all-separate Import all configuration from separate - (.json) files in the (working) directory - -D. Ignored with -i or -a. - -C, --clean Remove existing service(s) before - importing. - --curlirize Output all network calls in curl format. - -d, --default Import all scripts including the default - scripts. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file Name of the file to import. Ignored with - -A. If included without -a, it will - import the single entity within the - file. - --flush-cache Flush token cache. - -g, --global Import global entity. Ignored with -a - and -A. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --include-active-values Import any secret values contained in - the import file. By default, secret - values are encrypted server-side in the - environment they are exported from. Use - --source to import a file - exported from another environment than - the one you are importing to. - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --re-uuid-custom-nodes Create new UUIDs for the custom nodes - upon import. Use this to duplicate - custom nodes or create a new versions of - the same custom nodes. (default: off) - --re-uuid-journeys Generate new UUIDs for all journey nodes - during import. (default: off) - --re-uuid-scripts Create new UUIDs for the scripts upon - import. Use this to duplicate scripts or - create a new versions of the same - scripts. (default: off) - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --source Host URL of the environment which - performed secret value encryption. The - URL must resolve to an existing - connection profile. Use this option to - import a file that was exported from a - different source environment than the - one you are importing to. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + -a, --all Import all configuration from the single file -f. Ignored with -i. + -A, --all-separate Import all configuration from separate (.json) files in the (working) directory -D. Ignored with -i or -a. + -C, --clean Remove existing service(s) before importing. + --curlirize Output all network calls in curl format. + -d, --default Import all scripts including the default scripts. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file Name of the file to import. Ignored with -A. If included without -a, it will import the single entity within the file. + --flush-cache Flush token cache. + -g, --global Import global entity. Ignored with -a and -A. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + --include-active-values Import any secret values contained in the import file. By default, secret values are encrypted server-side in the environment they are exported from. Use --source to import a file exported from another environment than the one you are importing to. + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --re-uuid-custom-nodes Create new UUIDs for the custom nodes upon import. Use this to duplicate custom nodes or create a new versions of the same custom nodes. (default: off) + --re-uuid-journeys Generate new UUIDs for all journey nodes during import. (default: off) + --re-uuid-scripts Create new UUIDs for the scripts upon import. Use this to duplicate scripts or create a new versions of the same scripts. (default: off) + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --source Host URL of the environment which performed secret value encryption. The URL must resolve to an existing connection profile. Use this option to import a file that was exported from a different source environment than the one you are importing to. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap index 72bec52c0..189c7fbe0 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-access-config.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export access-config objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap index d13b928d4..9c193b432 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-all-static.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export all static config. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap index a4231ba08..9395c9586 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-all.test.js.snap @@ -38,6 +38,7 @@ Options: The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: diff --git a/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap index d5224c954..f7934aa8a 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-audit.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export audit objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap index b8c1624fd..f38c59453 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-authentication.test.js.snap @@ -6,103 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export authentication objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - -r, --realm Specifies the realm to export from. Only - the entity object from this realm will - be exported. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + -r, --realm Specifies the realm to export from. Only the entity object from this realm will be exported. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap index 1516e85f0..57b01255b 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-authz-policies.test.js.snap @@ -6,109 +6,41 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export authorization policies from realm. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file The AUTHZ_POLICY_SETS_CONFIG json file. - ex: - "/home/trivir/Documents/policy-sets.json", - or "policy-sets.json" - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --policy-name Get only a specific policy set with the - name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - -r, --realm Specifies the realm to export from. Only - policy sets from this realm will be - exported. Ignored with -f - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file The AUTHZ_POLICY_SETS_CONFIG json file. ex: "/home/trivir/Documents/policy-sets.json", or "policy-sets.json" + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --policy-name Get only a specific policy set with the name. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + -r, --realm Specifies the realm to export from. Only policy sets from this realm will be exported. Ignored with -f + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap index ac31689e3..fc3c965c4 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-connector-definitions.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export aconnector definitions. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Get connector-definition from specified - name/id, without the type prefix. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Get connector-definition from specified name/id, without the type prefix. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap index 83fe13fa6..b4db90589 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-connector-mappings.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export connector mappings. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap index 149abfa5b..889c327e8 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-cookie-domains.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export cookie-domains objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap index 19975efa6..0fbf58cca 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-cors.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export CORS configuration. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap index 5afd612f4..fa237cf50 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-csp.test.js.snap @@ -6,103 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export content security policy. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file The CSP_OVERRIDES json file. ex: - "/home/trivir/Documents/csp-overrides.json", - or "csp-overrides.json" - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file The CSP_OVERRIDES json file. ex: "/home/trivir/Documents/csp-overrides.json", or "csp-overrides.json" + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap index 359a004e6..a5f48a93a 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-email-provider.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export email provider configuration. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap index 48f2a49a0..0a0d669b8 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-email-templates.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export email-templates objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Email-templates name, It only export the - endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Email-templates name, It only export the endpoint with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap index 18d24da3b..d1e34ebe0 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-endpoints.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export custom endpoints objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Endpoint name, It only export the - endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Endpoint name, It only export the endpoint with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap index 13fd66880..c1158da1b 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-internal-roles.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export internal roles. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Internal role name, It only export the - endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Internal role name, It only export the endpoint with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap index c8147250b..7646a0cfc 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-journeys.test.js.snap @@ -6,105 +6,41 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export journeys. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -d, --pull-dependencies Pull dependencies. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Journey name, It only export the journey - with the name. - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - -r, --realm Specific realm to get journeys from - (overrides environment) - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -d, --pull-dependencies Pull dependencies. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Journey name, It only export the journey with the name. + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + -r, --realm Specific realm to get journeys from (overrides environment) + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap index 37e1f0669..155a36ec4 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-kba.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export kba-config objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap index a49e37d4b..b6011a44e 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-locales.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export custom locales objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name locale name, It only export the locale - with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name locale name, It only export the locale with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap index 140a1ac9a..395db6760 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-managed-objects.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export managed-objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name Endpoint name, It only export the - endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name Endpoint name, It only export the endpoint with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap index 5ee2972e0..67a00b265 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-password-policy.test.js.snap @@ -6,103 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export password-policy objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - -r, --realm Specifies the realm to export from. Only - the entity object from this realm will - be exported. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + -r, --realm Specifies the realm to export from. Only the entity object from this realm will be exported. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap index 7b609556f..e510552eb 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-raw.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export raw configurations from the tenant. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --config-file The file path of the service object - config file. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --config-file The file path of the service object config file. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap index d2e670426..a928ddc3c 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-remote-servers.test.js.snap @@ -6,100 +6,38 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export remote-servers objects. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap index 204c20585..cd34fb755 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-saml.test.js.snap @@ -6,101 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export saml. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - -f, --file The file path of the SAML config file. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + -f, --file The file path of the SAML config file. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap index 1964bdafe..6ab263dfc 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-schedules.test.js.snap @@ -6,102 +6,39 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export schedules. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --name schedule name, It only export the - endpoint with the name - --no-cache Disable token cache for this operation. - --passphrase The passphrase for the Amster private - key if it is encrypted. - --private-key File containing the private key for - authenticating with Amster. Supported - formats include PEM (both PKCS#1 and - PKCS#8 variants), OpenSSH, DNSSEC, and - JWK. - --retry Retry failed operations. Valid values - for strategy: - everything: Retry all failed operations. - - network: Retry only network-related - failed operations. - nothing: Do not retry failed - operations. - The selected retry strategy controls how - the CLI handles failures. (choices: - "nothing", "everything", "network", - default: Do not retry failed - operations.) - --sa-id Service account id. - --sa-jwk-file File containing the JSON Web Key (JWK) - associated with the the service account. - --verbose Verbose output during command execution. - If specified, may or may not produce - additional output. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". + -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://:), in that case the proxy must provide this capability. (default: Don't allow insecure connections) + --login-client-id Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use with your custom OAuth2 client (efault: "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. Valid values for type: + classic: A classic Access Management-only deployment with custom layout and configuration. + cloud: A ForgeRock Identity Cloud environment. + forgeops: A ForgeOps CDK or CDM deployment. + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + -n, --name schedule name, It only export the endpoint with the name + --no-cache Disable token cache for this operation. + --passphrase The passphrase for the Amster private key if it is encrypted. + --private-key File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK. + --retry Retry failed operations. Valid values for strategy: + everything: Retry all failed operations. + network: Retry only network-related failed operations. + nothing: Do not retry failed operations. + The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. + --use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud". + --verbose Verbose output during command execution. If specified, may or may not produce additional output. Environment Variables: FRODO_HOST: AM base URL. Overridden by 'host' argument. diff --git a/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap b/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap index fc94a95e7..754074454 100644 --- a/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-manager-export-scripts.test.js.snap @@ -6,117 +6,45 @@ exports[`CLI help interface for 'config export' should be expected english 1`] = Export authorization scripts. Arguments: - host AM base URL, e.g.: - https://cdk.iam.example.com/am. To use a - connection profile, just specify a - unique substring. - realm Realm. Specify realm as '/' for the root - realm or 'realm' or '/parent/child' - otherwise. (default: "alpha" for - Identity Cloud tenants, "/" otherwise.) - username Username to login with. Must be an admin - user with appropriate rights to manage - authentication journeys/trees. - password Password. + host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. + realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. + password Password. Options: - --curlirize Output all network calls in curl format. - -D, --directory Set the working directory. - --debug Debug output during command execution. - If specified, may or may not produce - additional output helpful for - troubleshooting. - --flush-cache Flush token cache. - -h, --help Help - --idm-host IDM base URL, e.g.: - https://cdk.idm.example.com/myidm. Use - only if your IDM installation resides in - a different domain and/or if the base - path differs from the default - "/openidm". - --just-config Export only the config .json files, no - scripts. Ignored with --just-content - --just-content Export only the script .js files, no - config files - -k, --insecure Allow insecure connections when using - SSL/TLS. Has no effect when using a - network proxy for https - (HTTPS_PROXY=http://:), in - that case the proxy must provide this - capability. (default: Don't allow - insecure connections) - --language Export all scripts written a certain - programming language. ALL, GROOVY, or - JAVASCRIPT. defaults to JAVASCRIPT. - Ignored with -n - --login-client-id Specify a custom OAuth2 client id to use - a your own oauth2 client for IDM API - calls in deployments of type "cloud" or - "forgeops". Your custom client must be - configured as a public client and allow - the authorization code grant using the - "openid fr:idm:*" scope. Use the - "--redirect-uri" parameter if you have - configured a custom redirect uri - (default: - "/platform/appAuthHelperRedirect.html"). - --login-redirect-uri Specify a custom redirect URI to use - with your custom OAuth2 client (efault: - "/platform/appAuthHelperRedirect.html"). - -m, --type Override auto-detected deployment type. - Valid values for type: - classic: A classic Access - Management-only deployment with custom - layout and configuration. - cloud: A ForgeRock Identity Cloud - environment. - forgeops: A ForgeOps CDK or CDM - deployment. - The detected or provided deployment type - controls certain behavior like obtaining - an Identity Management admin token or - not and whether to export/import - referenced email templates or how to - walk through the tenant admin login flow - of Identity Cloud and handle MFA - (choices: "classic", "cloud", - "forgeops") - -n, --script-name