search

ForgeRock / fr-config-manager

ForgeRock config manager
MIT License
6 stars 7 forks source link

First Bèta of the fr-config-promote tool #127

Closed jellev closed 5 months ago

jellev commented 5 months ago

This tool is a first attempt to manage promotions. This can be handy to integrate with CD/CI pipelines.

christian-brindley commented 5 months ago

Can we move the new entries in .env.sample to the end, and give it its own section to make it clear? And correct the tenant URL? Like

#####################################################
# Upper environment config for promotion operations #
#####################################################

TENANT_ENV_UPPER_FQDN=https://openam-demo.forgeblocks.com
SERVICE_ACCOUNT_UPPER_CLIENT_ID=service-account
SERVICE_ACCOUNT_UPPER_ID=34a09375-efa3-4b98-b849-.....
SERVICE_ACCOUNT_UPPER_KEY='{
  "d": "BjHnTd4i0GseOFRyQeQYH4...",
  "dp": "lmoD-TRn4K5A09UD133V_kND...",
  "dq": "IzxPZVsGCf5z4C0tDoxEuXfJ....",
  "e": "AQAB",
  "kty": "RSA",
  "n": "yvKw81LRjfjJm1_b9Min2E_pVQc0udG_sNTxWsLEHdLRjl64l0x6PEdt5pYprfgmTg05lOopEKly18Umt7RfRuNQfAkDopD....",
  "p": "6Naye30I2lkNmX67Morm8vP9k_Im09bNEcp7OTiwbwSb3FY3QI-3alDUgrTD4dI4F6WAghybs-1b2pb7eyCuG01uMyVofPzMq-WwTPK9R.....",
  "q": "3yLR9O2ntxahfyXaWAvBtNzRqHoz0gIsNUA1Eb753TjV3hEYQvPZyy6_hrEr0ClHdpuLaZxCXP6DeU8Ny....",
  "qi": "JCylU0r58aXJo6vWIkaVxhTmEcLDYJUE..."
}'
SERVICE_ACCOUNT_PROMOTION_SCOPE=fr:idc:promotion:*
christian-brindley commented 5 months ago

Usage text is a bit hard to read because of the column wrapping - i.e.

  fr-config-promote check-locked-status     Checks tenants to see if it is
                                            locked
  fr-config-promote lock-tenants            Lock tenants
  fr-config-promote unlock-tenants          Unlock tenants
  fr-config-promote check-promotion-status  Check Promotion Status
  fr-config-promote run-dryrun-promotion    Run DryRun Promotion
  fr-config-promote run-promotion           Run Promotion
  fr-config-promote                         Check promotion reports
  check-promotion-reports

Maybe turn off wrapping with yargs .wrap(null)? Although that would blow an 80 character console. Would look like

  fr-config-promote check-locked-status      Checks tenants to see if it is locked
  fr-config-promote lock-tenants             Lock tenants
  fr-config-promote unlock-tenants           Unlock tenants
  fr-config-promote check-promotion-status   Check Promotion Status
  fr-config-promote run-dryrun-promotion     Run DryRun Promotion
  fr-config-promote run-promotion            Run Promotion
  fr-config-promote check-promotion-reports  Check promotion reports
christian-brindley commented 5 months ago

The README refers to fr-config-push journeys - presumably should be fr-config-promote check-promotion-reports?

christian-brindley commented 5 months ago

The check-promotion-reports shows an unstringified object, which breaks the JSON - e.g.

$ fr-config-promote check-promotion-reports       
{
  createdDate: '2024-03-15T08:00:22Z',
  promotionId: 'd629d7f8-ab49-4616-92f0-92f6335abcfc',
  report: { AMConfig: [ [Object] ] },
  reportId: '9ee72c2d-3375-4b1b-8f56-923a94d59a81',
  reportName: 'Report_2024-03-15T08-00+00Z_dryrun=false_d629d7f8-ab49-4616-92f0-92f6335abcfc'
}
christian-brindley commented 5 months ago

The README should explain that you need to supply the promotion ID for unlock-tenants - if you don't, then you get a 409 error - e.g.

Exception processing request to https://openam-pspromo-staging.forgeblocks.com/environment/promotion/lock/undefined
{
  code: 409,
  message: 'Environment is already locked for promotion d629d7f8-ab49-4616-92f0-92f6335abcfc'
}

Ideally we should automatically discover the promotion ID, or at least enforce the --id option.