@midships-global/frodo-cli

# Changelog All notable changes to this project are documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ## [3.0.0] - 2024-11-05 ### Changed - Update to frodo-lib 3.0.0 - Fixes and improvements to imports and exports: - Fixed an issue with file paths on the Windows version of Frodo that was causing errors on imports due to the differences between Windows and Linux file paths. - **_BREAKING_**: Updated IDM exports to be formatted the same as normal exports instead of as raw data by putting the raw data into a type object. This included changing the names of the exports to have a type ‘idm’, such as ‘sync.idm.json’ instead of ‘sync.json’, in order to reflect this change. - Added option to import an entity from a single file from the full export using the -f flag in the config import command. - Added option to do env substitution on single entity IDM exports/imports, and put logic for handling it all in Frodo-Lib - Added option to export/import all IDM entities to/from a single file using the -a flag - Added option to include or not include metadata in IDM exports - **_BREAKING_**: Updated exports for agents, secrets, and variables to have a singular rather than plural type to be more consistent with other exports (see frodo-lib PR for more information on this change) - Fixed a bug where the agent list command wouldn’t work if the agent had no status - Fixed a bug where oauth2 and managed applications were exported with the wrong type in a full export - Fixed a bug where journey imports weren’t working when importing using -D flag - Standardized file extraction since it is used in multiple places (namely scripts, sync mappings, and, in a future PR, servers). - Removed progress indicators for script, esv variable and esv secret describe commands since they caused Frodo to never terminate. - Improved config imports to be able to import individual files based on the file type in the name instead of on directory structure (although directory structure is still used to determine whether to import globally or to know which realm to import to). ## [2.1.0] - 2024-10-10 ### Changed - Update to frodo-lib 2.2.0 ### Fixed - \#445: Frodo now properly saves connection profiles and detects Advanced Identity Cloud deployment type. ## [2.0.6-2] - 2024-09-21 ## [2.0.6-1] - 2024-09-09 ## [2.0.6-0] - 2024-08-26 ### Added - Improve support for custom platform deployments (non-forgeops or customized forgeops) - \#429: Added options to support custom oauth2 clients used to obtain the access token for IDM API calls: - `--login-client-id <client-id>` Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:\*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "<host>/platform/appAuthHelperRedirect.html"). - `--login-redirect-uri <redirect-uri>` Specify a custom redirect URI to use with your custom OAuth2 client (efault: "<host>/platform/appAuthHelperRedirect.html"). The above options can also be supplied through environment variables: - `FRODO_LOGIN_CLIENT_ID` OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. - `FRODO_LOGIN_REDIRECT_URI` Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. - \#359: Added an option to support custom IDM host URLs for all IDM API calls (e.g. platform deployments hosting AM and IDM on/in different DNS hosts/domains): - `--idm-host <idm-host>` IDM base URL, e.g.: <https://cdk.idm.example.com/myidm>. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm". The above option can also be supplied through an environment variable: - `FRODO_IDM_HOST` IDM base URL. Overridden by '--idm-host' option. **_Note:_** All the above options are also persisted in connection profiles so they only have to specified once and after that they come out of the connection profile. ### Changed - Update to frodo-lib 2.1.2-0 ## [2.0.5] - 2024-08-20 ### Added - Improvements to the `frodo script` commands: - Added the `-i`/`--script-id` option to import and export scripts by id. - Added the `--no-deps` option to not include library scripts in exports of single scripts. Similarly adds the option on single script imports using the same flag to not import library dependencies if so desired. ### Changed - Update to frodo-lib 2.1.0 ### Fixed - Fixes to the handling of scripts in the `frodo script` commands and the `frodo config import` command: - Fixing many bugs related to script extraction. For example, there were certain cases where importing wouldn't function correctly due to being unable to find the extracted script(s). For exports, library scripts weren't being extracted correctly either. Therefore, an overhaul was done to try and help simplify the extraction process to that it can work for multiple scripts if dealing with library scripts both on export and import. - Fixing many errors in the watch option for script imports. One big one was if there were several scripts for a single json file (e.g. when exporting scripts with library scripts) that only one of the scripts would correctly be watched. This was fixed by creating mappings before watching begins to map extracted script files with their corresponding json files so it functions correctly. - Fixing a small bug with config imports where, if the working directory started with `.` or `./` it would usually fail due to being unable to locate the expected files it was looking for. ## [2.0.5-0] - 2024-08-16 ## [2.0.4] - 2024-08-14 ### Changed - Better detection of homebrew vs binary vs NPM version ## [2.0.3] - 2024-08-14 ### Chagned - homebrew formula update so `frodo-cli-next` installs the latest (irrespective of stable or prerelease) ## [2.0.2] - 2024-08-06 ### Changed - Update to frodo-lib 2.0.2 ### Fixed - \#428: Frodo CLI now includes the `loglevel` dependency. ## [2.0.1] - 2024-08-05 ### Fixed - \#430: Frodo now properly supports exporting and importing of the email service with secondary configurations. ## [2.0.1-0] - 2024-07-27 ## [2.0.0] - 2024-07-20 ### Changed #### Based on Frodo Library 2.x [Frodo Library 2.x](https://github.com/rockcarver/frodo-lib?tab=readme-ov-file#frodo-library-2x---rockcarverfrodo-lib) greatly improves on its 1.x branch with more stabilty, more modules, token caching, automatic token refresh, better error handling, and more. #### New and updated commands | Command | Since | Description | | ------------------------------------------- | :-----: | ---------------------------------------------------------------------- | | frodo admin | 1.0.0 | Platform admin tasks. | | add-autoid-static-user-mapping | 1.0.0 | Add AutoId static user mapping to enable dashboards. | | create-oauth2-client-with-admin-privileges | 1.0.0 | Create an oauth2 client with admin privileges. | | execute-rfc7523-authz-grant-flow | `2.0.0` | Execute RFC7523 authorization grant flow. | | federation | 1.0.0 | Manages admin federation configuration. | | generate-rfc7523-authz-grant-artefacts | `2.0.0` | Generate RFC7523 authorization grant artefacts. | | get-access-token | 1.0.0 | Get an access token using client credentials grant type. | | grant-oauth2-client-admin-privileges | 1.0.0 | Grant an oauth2 client admin privileges. | | hide-generic-extension-attributes | 1.0.0 | Hide generic extension attributes. | | list-oauth2-clients-with-admin-privileges | 1.0.0 | List oauth2 clients with admin privileges. | | list-oauth2-clients-with-custom-privileges | 1.0.0 | List oauth2 clients with custom privileges. | | list-static-user-mappings | 1.0.0 | List all subjects of static user mappings that are not oauth2 clients. | | remove-static-user-mapping | 1.0.0 | Remove a subject's static user mapping. | | repair-org-model | 1.0.0 | Repair org model. | | revoke-oauth2-client-admin-privileges | 1.0.0 | Revoke admin privileges from an oauth2 client. | | show-generic-extension-attributes | 1.0.0 | Show generic extension attributes. | | | | | | frodo agent | 1.0.0 | Manage agents. | | delete | 1.0.0 | Delete agents. | | describe | 1.0.0 | Describe agents. | | export | 1.0.0 | Export agents. | | gateway / ig | 1.0.0 | Manage gateway agents. | | delete | 1.0.0 | Delete identity gateway agents. | | describe | 1.0.0 | Describe gateway agents. | | export | 1.0.0 | Export gateway agents. | | import | 1.0.0 | Import gateway agents. | | list | 1.0.0 | List gateway agents. | | import | 1.0.0 | Import agents. | | java | 1.0.0 | Manage java agents. | | delete | 1.0.0 | Delete java agents. | | describe | 1.0.0 | Describe java agents. | | export | 1.0.0 | Export java agents. | | import | 1.0.0 | Import java agents. | | list | 1.0.0 | List java agents. | | list | 1.0.0 | List agents. | | web | 1.0.0 | Manage web agents. | | delete | 1.0.0 | Delete web agents. | | describe | 1.0.0 | Describe web agents. | | export | 1.0.0 | Export web agents. | | import | 1.0.0 | Import web agents. | | list | 1.0.0 | List web agents. | | | | | | frodo authn | `2.0.0` | Manage authentication settings. | | describe | `2.0.0` | Describe authentication settings. | | export | `2.0.0` | Export authentication settings. | | import | `2.0.0` | Import authentication settings. | | | | | | frodo authz | 1.0.0 | Manage authorization policies, policy sets, and resource types. | | policy | 1.0.0 | Manages authorization policies. | | delete | 1.0.0 | Delete authorization policies. | | describe | 1.0.0 | Describe authorization policies. | | export | 1.0.0 | Export authorization policies. | | import | 1.0.0 | Import authorization policies. | | list | 1.0.0 | List authorization policies. | | set / policyset | 1.0.0 | Manage authorization policy sets. | | delete | 1.0.0 | Delete authorization policy sets. | | describe | 1.0.0 | Describe authorization policy sets. | | export | 1.0.0 | Export authorization policy sets. | | import | 1.0.0 | Import authorization policy sets. | | list | 1.0.0 | List authorization policy sets. | | type | 1.0.0 | Manage authorization resource types. | | delete | 1.0.0 | Delete authorization resource types. | | describe | 1.0.0 | Describe authorization resource types. | | export | 1.0.0 | Export authorization resource types. | | import | 1.0.0 | Import authorization resource types. | | list | 1.0.0 | List authorization resource types. | | | | | | frodo app / application | `2.0.0` | Old `app` renamed to `oauth`! Manage applications. | | delete | `2.0.0` | Delete applications. | | export | `2.0.0` | Export applications. | | import | `2.0.0` | Import applications. | | list | `2.0.0` | List applications. | | frodo config | `2.0.0` | Manage full cloud configuration. | | export | `2.0.0` | Export full cloud configuration. | | import | `2.0.0` | Import full cloud configuration. | | | | | | frodo conn / connection | 1.0.0 | Manage connection profiles. | | delete | 1.0.0 | Delete connection profiles. | | describe | 1.0.0 | Describe connection profile. | | list | 1.0.0 | List connection profiles. | | save / add | 1.0.0 | Save connection profiles. | | | | | | frodo email | 1.0.0 | Manage email templates and configuration. | | template | 1.0.0 | Manage email templates. | | export | 1.0.0 | Export email templates. | | import | 1.0.0 | Import email templates. | | list | 1.0.0 | List email templates. | | | | | | frodo esv | 1.0.0 | Manage environment secrets and variables (ESVs). | | apply | 1.0.0 | Apply pending changes to secrets and variables. | | secret | 1.0.0 | Manages secrets. | | create | 1.0.0 | Create secrets. | | delete | 1.0.0 | Delete secrets. | | describe | 1.0.0 | Describe secrets. | | export | `2.0.0` | Export secrets. | | import | `2.0.0` | Import secrets. | | list | 1.0.0 | List secrets. | | set | 1.0.0 | Set secret description. | | version | 1.0.0 | Manage secret versions. | | variable | 1.0.0 | Manage variables. | | create | 1.0.0 | Create variables. | | delete | 1.0.0 | Delete variables. | | describe | 1.0.0 | Describe variables. | | export | `2.0.0` | Export variables. | | import | `2.0.0` | Import variables. | | list | 1.0.0 | List variables. | | set | 1.0.0 | Set variable description. | | | | | | frodo idm | 1.0.0 | Manage IDM configuration. | | count | 1.0.0 | Count managed objects. | | export | 1.0.0 | Export IDM configuration objects. | | import | 1.0.0 | Import IDM configuration objects. | | list | 1.0.0 | List IDM configuration objects. | | | | | | frodo idp | 1.0.0 | Manage (social) identity providers. | | export | 1.0.0 | Export (social) identity providers. | | import | 1.0.0 | Import (social) identity providers. | | list | 1.0.0 | List (social) identity providers. | | | | | | frodo info | 1.0.0 | Print versions and tokens. | | | | | | frodo journey | 1.0.0 | Manage journeys/trees. | | delete | 1.0.0 | Delete journeys/trees. | | describe | 1.0.0 | Describe journeys/trees. | | disable | 1.0.0 | Disable journeys/trees. | | enable | 1.0.0 | Enable journeys/trees. | | export | 1.0.0 | Export journeys/trees. | | import | 1.0.0 | Import journey/tree. | | list | 1.0.0 | List journeys/trees. | | prune | 1.0.0 | Prune orphaned configuration artifacts. | | | | | | frodo log / logs | 1.0.0 | List/View Identity Cloud logs | | fetch | 1.0.0 | Fetch Identity Cloud logs. | | key | 1.0.0 | Manage Identity Cloud log API keys. | | list | 1.0.0 | List available ID Cloud log sources. | | tail | 1.0.0 | Tail Identity Cloud logs. | | | | | | frodo mapping | `2.0.0` | Manage IDM mappings. | | delete | `2.0.0` | Delete IDM mappings. | | export | `2.0.0` | Export IDM mappings. | | import | `2.0.0` | Import IDM mappings. | | list | `2.0.0` | List IDM mappings. | | rename | `2.0.0` | Renames mappings from legacy to new naming scheme. | | | | | | frodo oauth | `2.0.0` | Renamed from `app`! Manage OAuth2 clients and providers. | | client | `2.0.0` | Manage OAuth2 clients. | | export | `2.0.0` | Export OAuth2 clients. | | import | `2.0.0` | Import OAuth2 clients. | | list | `2.0.0` | List OAuth2 clients. | | | | | | frodo realm | 1.0.0 | Manage realms. | | add-custom-domain | 1.0.0 | Add custom domain (realm DNS alias). | | describe / details | 1.0.0 | Describe realms. | | list | 1.0.0 | List realms. | | remove-custom-domain | 1.0.0 | Remove custom domain (realm DNS alias). | | | | | | frodo saml | 1.0.0 | Manage SAML entity providers and circles of trust. | | cot | 1.0.0 | Manage circles of trust. | | export | 1.0.0 | Export SAML circles of trust. | | import | 1.0.0 | Import SAML circles of trust. | | list | 1.0.0 | List SAML circles of trust. | | delete | 1.0.0 | Delete SAML entity providers. | | describe | 1.0.0 | Describe the configuration of an entity provider. | | export | 1.0.0 | Export SAML entity providers. | | import | 1.0.0 | Import SAML entity providers. | | list | 1.0.0 | List SAML entity providers. | | metadata | 1.0.0 | SAML metadata operations. | | export | 1.0.0 | Export metadata. | | | | | | frodo script | 1.0.0 | Manage scripts. | | delete | 1.0.0 | Delete scripts. | | export | 1.0.0 | Export scripts. | | import | 1.0.0 | Import scripts. | | list | 1.0.0 | List scripts. | | | | | | frodo service | 1.0.0 | Manage AM services. | | delete | 1.0.0 | Delete AM services. | | export | 1.0.0 | Export AM services. | | import | 1.0.0 | Import AM services. | | list | 1.0.0 | List AM services. | | | | | | frodo shell | `2.0.0` | Launch the frodo interactive shell. | | | | | | frodo theme | 1.0.0 | Manage themes. | | delete | 1.0.0 | Delete themes. | | export | 1.0.0 | Export themes. | | import | 1.0.0 | Import themes. | | list | 1.0.0 | List themes. | | | | | | frodo help | 1.0.0 | display help for command | #### Global support for `-D`, `--directory` to set the working directory 2.x globally supports `-D`, `--directory` to specify the working directory for any command that interacts with the file system, typically `export` and `import` sub-commands. 1.x did only allow to specify a working directory for the `idm` command. Frodo combines `-D` and `-f` into a single path, assuming `-f` to be a relative path to `-D` and `-D` defaulting to `.`, the current directory: To import the file `/absolute/path/to/working/directory/relative/path/to/file.variable.json`, one could construct any of the following commands: ```console frodo esv variable export -f /absolute/path/to/working/directory/sub-path/to/file.variable.json <my-env> frodo esv variable export -D /absolute/path/to/working/directory/sub-path/to -f file.variable.json <my-env> frodo esv variable export -D /absolute/path/to/working/directory -f sub-path/to/file.variable.json <my-env> ``` Alternatively, to import the file `/relative/path/to/working/directory/relative/path/to/file.variable.json`, one could construct any of the following commands: ```console frodo esv variable export -f relative/path/to/working/directory/sub-path/to/file.variable.json <my-env> frodo esv variable export -D relative/path/to/working/directory/sub-path/to -f file.variable.json <my-env> frodo esv variable export -D relative/path/to/working/directory -f sub-path/to/file.variable.json <my-env> ``` #### Secure Token Caching Frodo CLI 2.x uses a secure token cache, which is active by default. The cache is tokenized and encrypted on disk, so it persists across CLI executions, dramatically decreasing authentication and token requests. You can disable the cache by either using the `--no-cache` option or by setting the `FRODO_NO_CACHE` environment variable. You can change the default location of the cache file (`~/.frodo/TokenCache.json`) by setting the `FRODO_TOKEN_CACHE_PATH` environment variable. #### Automatic Token Refresh Frodo CLI 2.x automatically refreshes session and access tokens before they expire. Combined with the new token cache, the CLI maintains a set of valid tokens at all times. ## [2.0.0-70] - 2024-07-17 ## [2.0.0-69] - 2024-07-15 ### Added - \#418: Developer: Frodo provides a framework for commands to indicate which deployment types they support. - \#419: Developer: Updated command template with usage samples ### Changed - Update to frodo-lib 2.0.0-95 ## [2.0.0-68] - 2024-07-12 ## [2.0.0-67] - 2024-07-11 ### Added - New commands to manage IDM mappings: - `frodo mapping` Manage IDM mappings. - `delete` Delete IDM mappings. - `export` Export IDM mappings. - `import` Import IDM mappings. - `list` List IDM mappings. - `rename` Renames mappings from the combined/default/legacy naming scheme (sync/\\<name>) to the separate/new naming scheme (mapping/\\<name>). To rename mappings from new back to legacy, use the -l, --legacy flag. ## [2.0.0-66] - 2024-07-10 ### Added - \#404: Frodo now saves the `-k`/`--insecure` option in connection profiles. ### Changed - Update to frodo-lib 2.0.0-92 ### Fixed - \#400: Frodo now properly honors the `-k`/`--insecure` option and allows connecting to platform instances using self-signed certificates. ## [2.0.0-65] - 2024-07-06 ### Add - rockcarver/frodo-lib#387: Support import of ESVs (variables and secrets). Frodo now supports importing ESV variables and secrets with two new commands: - `frodo esv variable import` - `frodo esv secret import` - Frodo now supports exporting (and importing) of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo will always encrypt values using either encryption keys from the source environment (default) or the target environment (export option). Frodo will never export secrets in the clear. However, frodo supports importing clear values (as well as importing encrypted values). Use these new commands and parameters to export/import variables and secrets including secret values: - New parameters for existing `frodo esv secret export` and `frodo config export` commands: - `--include-active-values` Include the currently active (and loaded) secret value in the export. By default, secret values are encrypted server-side in the environment they are exported from. Use `--target <host url>` to have another environment perform the encryption. - `--target <host url>` Host URL of the environment to perform secret value encryption. The URL must resolve to an existing connection profile. Use this option to generate an export that can be imported into the target environment without requiring admin access to the source environment. - New `frodo esv secret import` and updated existing `frodo config import` command and note-worthy parameters: - `--include-active-values` Import any secret values contained in the import file. By default, secret values are encrypted server-side in the environment they are exported from. Use `--source <host url>` to import a file exported from another environment than the one you are importing to. - `--source <host url>` Host URL of the environment which performed secret value encryption. The URL must resolve to an existing connection profile. Use this option to import a file that was exported from a different source environment than the one you are importing to. - rockcarver/frodo-lib#394: Support for `base64aes` encoding for ESV secrets ### Changed - Update to frodo-lib 2.0.0-91 ## [2.0.0-64] - 2024-06-21 ### Changed - Update to frodo-lib 2.0.0-88 - Updated binary distribution node.js version to 20 - Pipeline hygiene ## [2.0.0-63] - 2024-06-20 ### Changed - Update to frodo-lib 2.0.0-87 ## [2.0.0-62] - 2024-06-19 ### Changed - Update to frodo-lib 2.0.0-86 - rockcarver/frodo-lib#402: Library scripts are now treated as dependencies during script and journey exports and imports. ## [2.0.0-61] - 2024-06-12 ### Fixed - rockcarver/homebrew-frodo-cli#6: Homebrew formula now properly installs frodo ## [2.0.0-60] - 2024-06-11 ### Changed - Update to frodo-lib 2.0.0-85 - Update dependencies ## [2.0.0-59] - 2024-05-21 ### Changed - Update to frodo-lib 2.0.0-83 ## [2.0.0-58] - 2024-05-08 ## [2.0.0-57] - 2024-05-02 ## [2.0.0-56] - 2024-05-01 ## [2.0.0-55] - 2024-04-09 ### Changed - Update to frodo-lib 2.0.0-77 ### Fixed - Improved filtering out secrets from recordings - rockcarver/frodo-lib#392: Implemented error handling pattern for methods with unusual amounts of REST calls like `frodo.config.exportFullConfiguration` and `frodo.config.importFullConfiguration` used in the `frodo config import` and `frodo config export` commands ## [2.0.0-54] - 2024-04-01 ### Changed - Update to frodo-lib 2.0.0-75 ### Fixed - rockcarver/frodo-lib#397: Service accounts now use the proper scopes when created using the `frodo conn save` command ## [2.0.0-53] - 2024-03-24 ### Changed - Update to frodo-lib 2.0.0-74 ### Fixed - rockcarver/frodo-lib#391: Frodo now creates service accounts with all allowed scopes: - `fr:am:*` - `fr:idc:analytics:*` - `fr:autoaccess:*` - `fr:idc:certificate:*` - `fr:idc:certificate:read` - `fr:idc:content-security-policy:*` - `fr:idc:custom-domain:*` - `fr:idc:esv:*` - `fr:idc:esv:read` - `fr:idc:esv:restart` - `fr:idc:esv:update` - `fr:idm:*` - `fr:iga:*` - `fr:idc:promotion:*` - `fr:idc:release:*` - `fr:idc:sso-cookie:*` ## [2.0.0-52] - 2024-03-23 ### Changed - Update to frodo-lib 2.0.0-73 ### Fixed - \#378: `--llt` option of `frodo admin create-oauth2-client-with-admin-privileges` now works properly again - \#377: Frodo CLI now properly handles FrodoErrors thrown by frodo-lib ## [2.0.0-51] - 2024-02-10 ## [2.0.0-50] - 2024-02-07 ## [2.0.0-49] - 2024-02-05 ### Fixed - \#363: Doing a full export of IDM from FIDC started hanging between v2.0.0.32 and v2.0.0.33 ## [2.0.0-48] - 2024-02-01 ## [2.0.0-47] - 2024-01-21 ### Added - \#360: Frodo now saves the deployment type in connection profiles. ### Changed - Update to frodo-lib 2.0.0-67 ## [2.0.0-46] - 2024-01-20 ## [2.0.0-45] - 2024-01-16 ### Added - pem and base64hmac encoded ESV secret creation ## [2.0.0-44] - 2024-01-11 ## [2.0.0-43] - 2024-01-05 ## [2.0.0-42] - 2024-01-04 ## [2.0.0-41] - 2023-12-23 ## [2.0.0-40] - 2023-12-22 ## [2.0.0-39] - 2023-12-19 ## [2.0.0-38] - 2023-12-16 ## [2.0.0-37] - 2023-12-06 ## [2.0.0-36] - 2023-12-01 ## [2.0.0-35] - 2023-11-30 ## [2.0.0-34] - 2023-11-29 ## [2.0.0-33] - 2023-11-26 ## [2.0.0-32] - 2023-11-21 ## [2.0.0-31] - 2023-11-17 ## [2.0.0-30] - 2023-11-04 ### Added - \#283: Support for authentication settings: - `frodo authn` Manage authentication setting. - `describe` List authentication settings. - `export` Export authentication settings. - `import` Import authentication settings. Examples: - Describe authentication settings: `frodo authn describe <myTenant> <realm>` `frodo authn describe --json <myTenant> <realm>` `frodo authn describe <myTenant> <username> <password>` - Describe authentication settings in machine-readable format (json): `frodo authn describe --json <myTenant> <realm>` `frodo authn describe --json <myTenant> <realm> <username> <password>` - Export authentication settings to file: `frodo authn export <myTenant> <realm>` `frodo authn export <myTenant> <realm> <username> <password>` - Import authentication settings from file: `frodo authn import -f alphaRealm.authentication.settings.json <myTenant> <realm>` `frodo authn import -f alphaRealm.authentication.settings.json <myTenant> <realm> <username> <password>` - \#217: Support `--json` with `frodo esv variable describe`. ## [2.0.0-29] - 2023-11-02 ### Added - rockcarver/frodo-lib#53: Frodo Library now uses a file-based secure token cache to persist session and access tokens for re-use. The cached tokens are protected by the credential that was used to obtain them. Session tokens are encrypted using the hashed password as the master key, access tokens are encrypted using the hashed JWK private key as the master key. Therefore only users and processes with the correct credentials can access the tokens in the cache. - The new default behavior is for Frodo CLI to use the new token cache for all applicable commands. - A new global option `--no-cache` has been added to all commands to allow disabling the cache for indiviual invocations. - A new environment variable `FRODO_NO_CACHE` is available to globally turn off token caching. - A new environment variable `FRODO_TOKEN_CACHE_PATH` is available to instruct Frodo Library to use a non-default token cache file. - rockcarver/frodo-lib#340: Frodo Library now autotomatically refreshes expired session and access tokens. - The new default behavior is for Frodo CLI to automatically refresh tokens. This will only ever be noticeable during long-running operations like `frodo journey prune` or `frodo esv apply` that can take longer than 15 mins to complete. ### Fixed - \#316: Frodo Library now properly exports scripts referenced by the `Device Match` node if the `Use Custom Matching Script` option is selected. ## [2.0.0-28] - 2023-10-25 ## [2.0.0-27] - 2023-10-22 ## [2.0.0-26] - 2023-10-19 ## [2.0.0-25] - 2023-10-19 ## [2.0.0-24] - 2023-10-15 ## [2.0.0-23] - 2023-10-14 ## [2.0.0-22] - 2023-10-12 ## [2.0.0-21] - 2023-10-11 ## [2.0.0-20] - 2023-10-11 ## [2.0.0-19] - 2023-10-02 ## [2.0.0-18] - 2023-10-02 ## [2.0.0-17] - 2023-09-29 ## [2.0.0-16] - 2023-09-08 ## [2.0.0-15] - 2023-08-17 ### Fixed - \#276: `frodo script import -A --watch <tenant>` (preceeded by `frodo script export -A --extract <tenant>`) now properly reports errors like scripts not compiling or any REST errors but won't exit the watch thread but keep on watching and pushing local changes to `<tenant>`. ## [2.0.0-14] - 2023-08-16 ### Changed - Update to frodo-lib 2.0.0-21 ## [2.0.0-13] - 2023-07-31 ## [2.0.0-12] - 2023-07-18 ### Fixed - rockcarver/frodo-lib#272: Added new `--variable-type` parameter to `frodo esv variable create` command. ## [2.0.0-11] - 2023-07-17 ## [2.0.0-10] - 2023-07-05 ## [2.0.0-9] - 2023-07-05 ## [2.0.0-8] - 2023-07-05 ## [2.0.0-7] - 2023-06-23 ## [2.0.0-6] - 2023-06-22 ### Added - \#251: Support for Identity Cloud admin federation configuration: - `frodo admin federation` Manage admin federation configuration. - `export` Export admin federation providers. - `import` Import admin federation providers. - `list` List admin federation providers. Examples: - List all configured admin federation providers: `frodo admin federation list <myTenant>` `frodo admin federation list <myTenant> <username> <password>` - Export all admin federation providers to a single file: `frodo admin federation export -a <myTenant>` `frodo admin federation export -a <myTenant> <username> <password>` - Import all admin federation providers from a single file: `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant>` `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant> <username> <password>` **_Note_**: Only tenant admins can perform admin federation operations, service accounts do not have the required privileges. Therefore, the connection profile used must contain username and password or they must be provided through command arguments. ### Changed - Update to frodo-lib 2.0.0-8 ## [2.0.0-5] - 2023-06-21 ## [2.0.0-4] - 2023-06-16 ## [2.0.0-3] - 2023-06-15 ## [2.0.0-2] - 2023-06-15 ## [2.0.0-1] - 2023-06-15 ## [1.0.0] - 2023-06-30 ### Added - MacOS binaries are now signed and notarized and run without security exceptions. - \#251: Support for Identity Cloud admin federation configuration: - `frodo admin federation` Manage admin federation configuration. - `export` Export admin federation providers. - `import` Import admin federation providers. - `list` List admin federation providers. Examples: - List all configured admin federation providers: `frodo admin federation list <myTenant>` `frodo admin federation list <myTenant> <username> <password>` - Export all admin federation providers to a single file: `frodo admin federation export -a <myTenant>` `frodo admin federation export -a <myTenant> <username> <password>` - Import all admin federation providers from a single file: `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant>` `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant> <username> <password>` **_Note_**: Only tenant admins can perform admin federation operations, service accounts do not have the required privileges. Therefore, the connection profile used must contain username and password or they must be provided through command arguments. ### Changed - Update to frodo-lib 1.1.0 ## [1.0.0-1] - 2023-06-30 ## [0.24.6-3] - 2023-06-30 ## [0.24.6-2] - 2023-06-22 ## [0.24.6-1] - 2023-06-22 ### Added - \#251: Support for Identity Cloud admin federation configuration: - `frodo admin federation` Manage admin federation configuration. - `export` Export admin federation providers. - `import` Import admin federation providers. - `list` List admin federation providers. Examples: - List all configured admin federation providers: `frodo admin federation list <myTenant>` `frodo admin federation list <myTenant> <username> <password>` - Export all admin federation providers to a single file: `frodo admin federation export -a <myTenant>` `frodo admin federation export -a <myTenant> <username> <password>` - Import all admin federation providers from a single file: `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant>` `frodo admin federation import -a -f allProviders.admin.federation.json <myTenant> <username> <password>` **_Note_**: Only tenant admins can perform admin federation operations, service accounts do not have the required privileges. Therefore, the connection profile used must contain username and password or they must be provided through command arguments. ### Changed - Update to frodo-lib 1.0.1-0 ## [0.24.6-0] - 2023-06-21 ## [0.24.5] - 2023-05-31 ### Added - Fixed build pipeline for automatically updating homebrew formula ## [0.24.4] - 2023-05-30 ### Added - Build pipeline for automatically updating homebrew formula for frodo-cli ## [0.24.4-2] - 2023-05-30 ## [0.24.4-1] - 2023-05-29 ## [0.24.4-0] - 2023-05-29 ## [0.24.3] - 2023-05-25 ### Changed - Update to frodo-lib 0.19.2 ## [0.24.2] - 2023-05-22 ### Added - Support for authorization policies, policy sets, and resource types through new `authz` commands: - `frodo authz type` Manage authorization resource types. - `delete` Delete authorization resource types. - `describe` Describe authorization resource types. - `export` Export authorization resource types. - `import` Import authorization resource types. - `list` List authorization resource types. - `frodo authz set` Manage authorization policy sets. - `delete` Delete authorization policy sets. - `describe` Describe authorization policy sets. - `export` Export authorization policy sets. - `import` Import authorization policy sets. - `list` List authorization policy sets. - `frodo authz policy` Manage authorization policies. - `delete` Delete authorization policies. - `describe` Describe authorization pol