laugirard
commented
2 years ago @vscheuber
Closed laugirard closed 9 months ago
laugirard
commented
2 years ago @vscheuber
jgdtech
commented
2 years ago I agree. It would be nice to compare differences between environments too (e.g. sandbox to dev, dev to staging, etc).
vscheuber
commented
9 months ago @laugirard and @jgdtech, check out the new config command in the Frodo CLI (v2.0.0-37 and later):
Usage: frodo config export [options] [host] [realm] [username] [password]
Export full cloud configuration for all ops that currently support export.
Arguments:
host Access Management base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring.
realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.)
username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees.
password Password.
Options:
-a, --all Export everything to a single file.
-A, --all-separate Export everything to separate files in the -D directory. Ignored with -a.
--curlirize Output all network calls in curl format.
-D, --directory <directory> Set the working directory.
--debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting.
-f, --file <file> Name of the export file.
--flush-cache Flush token cache.
-h, --help Help
-k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http://<host>:<port>), in that case the proxy must provide this capability. (default: Don't allow insecure connections)
-m, --type <type> Override auto-detected deployment type. Valid values for type:
classic: A classic Access Management-only deployment with custom layout and configuration.
cloud: A ForgeRock Identity Cloud environment.
forgeops: A ForgeOps CDK or CDM deployment.
The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of
Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops")
--no-cache Disable token cache for this operation.
--no-decode Do not include decoded variable value in variable export
--sa-id <sa-id> Service account id.
--sa-jwk-file <file> File containing the JSON Web Key (JWK) associated with the the service account.
--use-string-arrays Where applicable, use string arrays to store multi-line text (e.g. scripts). (default: off)
--verbose Verbose output during command execution. If specified, may or may not produce additional output.
-x, --extract Extract scripts from the exported file, and save it to a separate file. Ignored with -a.
Evironment Variables:
FRODO_HOST: Access Management base URL. Overrides 'host' argument.
FRODO_REALM: Realm. Overrides 'realm' argument.
FRODO_USERNAME: Username. Overrides 'username' argument.
FRODO_PASSWORD: Password. Overrides 'password' argument.
FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option.
FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name.
FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option.
FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'.
FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'.
FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use.
FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'.
FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file.
FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH.Which version will I find that in?
$ frodo config help export error: unknown command 'config' $ frodo -v You are running the NPM package. Installed versions: cli: v2.0.0-38 lib: v2.0.0-54 node: v18.16.1
On Sun, Dec 17, 2023, 10:31 Volker Scheuber @.***> wrote:
@laugirard https://github.com/laugirard and @jgdtech https://github.com/jgdtech, check out the new config command in the Frodo CLI:
Usage: frodo config export [options] [host] [realm] [username] [password]
Export full cloud configuration for all ops that currently support export.
Arguments: host Access Management base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring. realm Realm. Specify realm as '/' for the root realm or 'realm' or '/parent/child' otherwise. (default: "alpha" for Identity Cloud tenants, "/" otherwise.) username Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees. password Password.
Options: -a, --all Export everything to a single file. -A, --all-separate Export everything to separate files in the -D directory. Ignored with -a. --curlirize Output all network calls in curl format. -D, --directory
Set the working directory. --debug Debug output during command execution. If specified, may or may not produce additional output helpful for troubleshooting. -f, --file Name of the export file. --flush-cache Flush token cache. -h, --help Help -k, --insecure Allow insecure connections when using SSL/TLS. Has no effect when using a network proxy for https (HTTPS_PROXY=http:// : ), in that case the proxy must provide this capability. (default: Don't allow insecure connections) -m, --type Override auto-detected deployment type. Valid values for type: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") --no-cache Disable token cache for this operation. --no-decode Do not include decoded variable value in variable export --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. --use-string-arrays Where applicable, use string arrays to store multi-line text (e.g. scripts). (default: off) --verbose Verbose output during command execution. If specified, may or may not produce additional output. -x, --extract Extract scripts from the exported file, and save it to a separate file. Ignored with -a. Evironment Variables: FRODO_HOST: Access Management base URL. Overrides 'host' argument. FRODO_REALM: Realm. Overrides 'realm' argument. FRODO_USERNAME: Username. Overrides 'username' argument. FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH.
— Reply to this email directly, view it on GitHub https://github.com/rockcarver/frodo-lib/issues/27#issuecomment-1859231327, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBIWPGADCVVOBVQ4FELXLYJ4T5JAVCNFSM6AAAAAAQB2AVCKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJZGIZTCMZSG4 . You are receiving this because you were mentioned.Message ID: @.***>
vscheuber
commented
9 months ago @jgdtech, the new config command was added in Frodo CLI 2.0.0-37 so it is not entirely clear to me, why you are not seeing it, since you are running -38. Just to be sure I downloaded both releases (-37 and -38) and tested the binary versions and both properly list the help for the config command and both contain the config command.
jgdtech
commented
9 months ago Got it to work after a fresh uninstall, rm frodo-cli folder, new git clone etc. Thanks!
On Sun, Dec 17, 2023, 19:09 Volker Scheuber @.***> wrote:
@jgdtech https://github.com/jgdtech, the new config command was added in Frodo CLI 2.0.0-37 https://github.com/rockcarver/frodo-cli/releases/tag/v2.0.0-37 so it is not entirely clear to me, why you are not seeing it, since you are running -38. Just to be sure I downloaded both releases (-37 and -38) and tested the binary versions and both properly list the help for the config command and both contain the config command.
— Reply to this email directly, view it on GitHub https://github.com/rockcarver/frodo-lib/issues/27#issuecomment-1859431101, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBIWKYQXMRVT7C4SP7BE3YJ6QXBAVCNFSM6AAAAAAQB2AVCKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJZGQZTCMJQGE . You are receiving this because you were mentioned.Message ID: @.***>
Is your feature request related to a problem? Please describe. Most times when working with clients, we feel in the need to generate a full realm exports and sometimes a full solution export (with all realms and customizations). While a full realm export is possible with Amster, it is preferred to use just one tool, and Frodo is better.
Describe the solution you'd like I would like to be able to do single and multiple Full-Realm exports.
Describe alternatives you've considered Full-Realm exports must include everything from the original realm configuration (services, scripts, agents, clients, journeys, etc.).
Additional context It should be great to have a parameter to select wether to export one realm or all. Also the import command should be able to import a Full-Realm export.