Skip to content

Added new CLI option to support better control over managed object names #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pmckeown wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Added new CLI option to support better control over managed object names #464

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
dd9c88e
Added new CLI option to support better control over the managed objec…
Dec 10, 2024
33bf72c
Updated version
Dec 10, 2024
f235392
update from main
vscheuber Jun 18, 2025
b9412bd
update from main
vscheuber Jun 18, 2025
afaeb1f
Merge branch 'rockcarver:main' into feature/more-flexibility-for-mana…
pmckeown Jul 4, 2025
1e41fdd
Merge branch 'rockcarver:main' into feature/more-flexibility-for-mana…
pmckeown Nov 16, 2025
68f18d0
Re-ran tests to regenerate snap files with new CLI argument
Nov 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/cli/FrodoCommand.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,14 @@ const noCacheOption = new Option(
'Disable token cache for this operation.'
);

const useRealmPrefixOnManagedObjects = new Option(
'--use-realm-prefix-on-managed-objects',
'Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user,\
managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user \
etc. is retained. \
This option is ignored when the deployment type is "cloud".'
);

const flushCacheOption = new Option('--flush-cache', 'Flush token cache.');

const defaultArgs = [
Expand All @@ -126,6 +134,7 @@ const defaultOpts = [
curlirizeOption,
noCacheOption,
flushCacheOption,
useRealmPrefixOnManagedObjects,
];

const stateMap = {
Expand Down Expand Up @@ -166,6 +175,8 @@ const stateMap = {
state.setCurlirize(curlirize),
[noCacheOption.attributeName()]: (cache: boolean) =>
state.setUseTokenCache(cache),
[useRealmPrefixOnManagedObjects.attributeName()]: () =>
state.setUseRealmPrefixOnManagedObjects(true),
[flushCacheOption.attributeName()]: (flush: boolean) => {
if (flush) frodo.cache.flush();
},
Expand Down
90 changes: 22 additions & 68 deletions test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,76 +7,30 @@ Add AutoId static user mapping to enable dashboards and other AutoId-based
functionality.

Arguments:
host AM base URL, e.g.:
https://cdk.iam.example.com/am. To use a
connection profile, just specify a
unique substring.
username Username to login with. Must be an admin
user with appropriate rights to manage
authentication journeys/trees.
password Password.
host AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring.
username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees.
password Password.
Comment on lines +10 to +12
Copy link
Author

@pmckeown pmckeown Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try as I might, I could not get the snap files to be generated using an 80 character column width. Can someone share the command so I can regenerate these snap files with only the additional argument being changed?

Copy link
Author

@pmckeown pmckeown Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@phalestrivir any hints on how to make the snaps 80 character width to avoid all of these wrapping changes in the snap files?

Copy link
Author

@pmckeown pmckeown Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I have some questions on the mocks:

  • When I record them, they are recorded into a default directory (e.g. test/e2e/mocks/default_2470140894/recording.har), but the rest of them are placed in named directories, like test/e2e/mocks/app_527074092/export_4211608755/0_Ni_D_1857086194/am_1076162899/recording.har - what places them in this directory? Is it manual? How are they then referenced at runtime? Or are they only served up from the frodo-lib project - see next question
  • Do the recordings need to go into frodo-lib as per the docs in the tests? I cannot see any mock recordings related to the app export tests.


Options:
--curlirize Output all network calls in curl format.
-D, --directory <directory> Set the working directory.
--debug Debug output during command execution.
If specified, may or may not produce
additional output helpful for
troubleshooting.
--flush-cache Flush token cache.
-h, --help Help
--idm-host <idm-host> IDM base URL, e.g.:
https://cdk.idm.example.com/myidm. Use
only if your IDM installation resides in
a different domain and/or if the base
path differs from the default
"/openidm".
-k, --insecure Allow insecure connections when using
SSL/TLS. Has no effect when using a
network proxy for https
(HTTPS_PROXY=http://<host>:<port>), in
that case the proxy must provide this
capability. (default: Don't allow
insecure connections)
--login-client-id <client-id> Specify a custom OAuth2 client id to use
a your own oauth2 client for IDM API
calls in deployments of type "cloud" or
"forgeops". Your custom client must be
configured as a public client and allow
the authorization code grant using the
"openid fr:idm:*" scope. Use the
"--redirect-uri" parameter if you have
configured a custom redirect uri
(default:
"<host>/platform/appAuthHelperRedirect.html").
--login-redirect-uri <redirect-uri> Specify a custom redirect URI to use
with your custom OAuth2 client (efault:
"<host>/platform/appAuthHelperRedirect.html").
-m, --type <type> Override auto-detected deployment type.
Valid values for type:
classic: A classic Access
Management-only deployment with custom
layout and configuration.
cloud: A ForgeRock Identity Cloud
environment.
forgeops: A ForgeOps CDK or CDM
deployment.
The detected or provided deployment type
controls certain behavior like obtaining
an Identity Management admin token or
not and whether to export/import
referenced email templates or how to
walk through the tenant admin login flow
of Identity Cloud and handle MFA
(choices: "classic", "cloud",
"forgeops")
--no-cache Disable token cache for this operation.
--sa-id <sa-id> Service account id.
--sa-jwk-file <file> File containing the JSON Web Key (JWK)
associated with the the service account.
--verbose Verbose output during command execution.
If specified, may or may not produce
additional output.
--curlirize Output all network calls in curl format.
-D, --directory <directory> Set the working directory.
--debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting.
--flush-cache Flush token cache.
-h, --help Help
--idm-host <idm-host> IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm".
-k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://<host>:<port>), in that case the proxy must provide this capability. (default: Don't allow insecure connections)
--login-client-id <client-id> Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "<host>/platform/appAuthHelperRedirect.html").
--login-redirect-uri <redirect-uri> Specify a custom redirect URI to use with your custom OAuth2 client (efault: "<host>/platform/appAuthHelperRedirect.html").
-m, --type <type> Override auto-detected deployment type. Valid values for type:
classic: A classic Access Management-only deployment with custom layout and configuration.
cloud: A ForgeRock Identity Cloud environment.
forgeops: A ForgeOps CDK or CDM deployment.
The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops")
--no-cache Disable token cache for this operation.
--sa-id <sa-id> Service account id.
--sa-jwk-file <file> File containing the JSON Web Key (JWK) associated with the the service account.
--use-realm-prefix-on-managed-objects Set to true if you want to use the realm name as a prefix on managed object configuration, e.g. managed/alpha_user, managed/alpha_application or managed/bravo_organization. When false, the default behaviour of using managed/user etc. is retained. This option is ignored when the deployment type is "cloud".
--verbose Verbose output during command execution. If specified, may or may not produce additional output.

Environment Variables:
FRODO_HOST: AM base URL. Overridden by 'host' argument.
Expand Down
Loading