Skip to content

New: Added new CLI option to support better control over managed object names #539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vscheuber merged 3 commits into from
Feb 17, 2026
Merged

New: Added new CLI option to support better control over managed object names #539

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7ddda82
Added new CLI option to support better control over the managed objec…
Dec 10, 2024
40b15aa
Add tests for use-realm-prefix-on-managed-object flag
phalestrivir Feb 13, 2026
eb0a091
update to frodo-lib 4.0.0-7
vscheuber Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 4 additions & 15 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@
]
},
"devDependencies": {
"@rockcarver/frodo-lib": "4.0.0-6",
"@rockcarver/frodo-lib": "4.0.0-7",
"@types/colors": "^1.2.1",
"@types/fs-extra": "^11.0.1",
"@types/jest": "^29.2.3",
Expand Down
11 changes: 11 additions & 0 deletions src/cli/FrodoCommand.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,14 @@ const noCacheOption = new Option(
'Disable token cache for this operation.'
);

const useRealmPrefixOnManagedObjects = new Option(
'--use-realm-prefix-on-managed-objects',
'Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user,\
managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user \
etc. is retained. \
This option is ignored when the deployment type is "cloud".'
);

const flushCacheOption = new Option('--flush-cache', 'Flush token cache.');

const retryOption = new Option(
Expand Down Expand Up @@ -157,6 +165,7 @@ const defaultOpts = [
noCacheOption,
flushCacheOption,
retryOption,
useRealmPrefixOnManagedObjects,
];

const stateMap = {
Expand Down Expand Up @@ -226,6 +235,8 @@ const stateMap = {
state.setCurlirize(curlirize),
[noCacheOption.attributeName()]: (cache: boolean) =>
state.setUseTokenCache(cache),
[useRealmPrefixOnManagedObjects.attributeName()]: () =>
state.setUseRealmPrefixOnManagedObjects(true),
[flushCacheOption.attributeName()]: (flush: boolean) => {
if (flush) frodo.cache.flush();
},
Expand Down
117 changes: 29 additions & 88 deletions test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,96 +7,37 @@ Add AutoId static user mapping to enable dashboards and other AutoId-based
functionality.

Arguments:
host AM base URL, e.g.:
https://cdk.iam.example.com/am. To use a
connection profile, just specify a
unique substring.
username Username to login with. Must be an admin
user with appropriate rights to manage
authentication journeys/trees.
password Password.
host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring.
username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees.
password Password.

Options:
--curlirize Output all network calls in curl format.
-D, --directory <directory> Set the working directory.
--debug Debug output during command execution.
If specified, may or may not produce
additional output helpful for
troubleshooting.
--flush-cache Flush token cache.
-h, --help Help
--idm-host <idm-host> IDM base URL, e.g.:
https://cdk.idm.example.com/myidm. Use
only if your IDM installation resides in
a different domain and/or if the base
path differs from the default
"/openidm".
-k, --insecure Allow insecure connections when using
SSL/TLS. Has no effect when using a
network proxy for https
(HTTPS_PROXY=http://<host>:<port>), in
that case the proxy must provide this
capability. (default: Don't allow
insecure connections)
--login-client-id <client-id> Specify a custom OAuth2 client id to use
a your own oauth2 client for IDM API
calls in deployments of type "cloud" or
"forgeops". Your custom client must be
configured as a public client and allow
the authorization code grant using the
"openid fr:idm:*" scope. Use the
"--redirect-uri" parameter if you have
configured a custom redirect uri
(default:
"<host>/platform/appAuthHelperRedirect.html").
--login-redirect-uri <redirect-uri> Specify a custom redirect URI to use
with your custom OAuth2 client (efault:
"<host>/platform/appAuthHelperRedirect.html").
-m, --type <type> Override auto-detected deployment type.
Valid values for type:
classic: A classic Access
Management-only deployment with custom
layout and configuration.
cloud: A ForgeRock Identity Cloud
environment.
forgeops: A ForgeOps CDK or CDM
deployment.
The detected or provided deployment type
controls certain behavior like obtaining
an Identity Management admin token or
not and whether to export/import
referenced email templates or how to
walk through the tenant admin login flow
of Identity Cloud and handle MFA
(choices: "classic", "cloud",
"forgeops")
--no-cache Disable token cache for this operation.
--passphrase <passphrase> The passphrase for the Amster private
key if it is encrypted.
--private-key <file> File containing the private key for
authenticating with Amster. Supported
formats include PEM (both PKCS#1 and
PKCS#8 variants), OpenSSH, DNSSEC, and
JWK.
--retry <strategy> Retry failed operations. Valid values
for strategy:
everything: Retry all failed operations.

network: Retry only network-related
failed operations.
nothing: Do not retry failed
operations.
The selected retry strategy controls how
the CLI handles failures. (choices:
"nothing", "everything", "network",
default: Do not retry failed
operations.)
--sa-id <sa-id> Service account id.
--sa-jwk-file <file> File containing the JSON Web Key (JWK)
associated with the the service account.
--verbose Verbose output during command execution.
If specified, may or may not produce
additional output.
--curlirize Output all network calls in curl format.
-D, --directory <directory> Set the working directory.
--debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting.
--flush-cache Flush token cache.
-h, --help Help
--idm-host <idm-host> IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm".
-k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://<host>:<port>), in that case the proxy must provide this capability. (default: Don't allow insecure connections)
--login-client-id <client-id> Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "<host>/platform/appAuthHelperRedirect.html").
--login-redirect-uri <redirect-uri> Specify a custom redirect URI to use with your custom OAuth2 client (efault: "<host>/platform/appAuthHelperRedirect.html").
-m, --type <type> Override auto-detected deployment type. Valid values for type:
classic: A classic Access Management-only deployment with custom layout and configuration.
cloud: A ForgeRock Identity Cloud environment.
forgeops: A ForgeOps CDK or CDM deployment.
The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops")
--no-cache Disable token cache for this operation.
--passphrase <passphrase> The passphrase for the Amster private key if it is encrypted.
--private-key <file> File containing the private key for authenticating with Amster. Supported formats include PEM (both PKCS#1 and PKCS#8 variants), OpenSSH, DNSSEC, and JWK.
--retry <strategy> Retry failed operations. Valid values for strategy:
everything: Retry all failed operations.
network: Retry only network-related failed operations.
nothing: Do not retry failed operations.
The selected retry strategy controls how the CLI handles failures. (choices: "nothing", "everything", "network", default: Do not retry failed operations.)
--sa-id <sa-id> Service account id.
--sa-jwk-file <file> File containing the JSON Web Key (JWK) associated with the the service account.
--use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud".
--verbose Verbose output during command execution. If specified, may or may not produce additional output.

Environment Variables:
FRODO_HOST: AM base URL. Overridden by 'host' argument.
Expand Down
Loading