@christian-brindley/fr-config-pull
v1.4.1-SNAPSHOT
Published
Config tools for FIDC
Downloads
3
Readme
Configuration Manager: fr-config-pull
This tool is used to pull configuration from a ForgeRock Identity Cloud tenant.
Installation
The tool is installed from the package directory as follows
npm install
npm link
Configuration
The tool is configured via environment variables. Copy the sample .env
file and configure as per the instructions in the configuration README.
Usage
Run the fr-config-pull
tool as follows to create an export of your Identity Cloud configuration on your local workstation.
Usage: fr-config-pull [arguments]
Commands:
fr-config-pull all Get all configuration
fr-config-pull all-static Get all static configuration
fr-config-pull access-config Get access configuration
fr-config-pull audit Get audit configuration
fr-config-pull authentication Get authentication configuration
fr-config-pull authz-policies Get authorization policies
fr-config-pull config-metadata Show config metadata
fr-config-pull connector-definitions Get connector cefinitions
fr-config-pull connector-mappings Get connector mappings
fr-config-pull cors Get CORS configuration
fr-config-pull csp Get content security policy
fr-config-pull email-provider Get email provider configuration
fr-config-pull email-templates Get email templates
fr-config-pull endpoints Get custom endpoints
fr-config-pull internal-roles Get internal roles
fr-config-pull journeys Get journeys
fr-config-pull kba Get KBA configuration
fr-config-pull locales Get locales
fr-config-pull managed-objects Get managed objects
fr-config-pull oauth2-agents Get OAuth2 agents
fr-config-pull org-privileges Get organization privileges config
fr-config-pull password-policy Get password policy
fr-config-pull raw Get raw config
fr-config-pull remote-servers Get remote connector servers
fr-config-pull schedules Get schedules
fr-config-pull scripts Get authentication scripts
fr-config-pull secrets Get secrets
fr-config-pull secret-mappings Get secret mappings
fr-config-pull service-objects Get service objects
fr-config-pull services Get authentication services
fr-config-pull themes Get UI themes
fr-config-pull terms-and-conditions Get terms and conditions
fr-config-pull test Test connection and authentication
fr-config-pull ui-config Get UI configuration
fr-config-pull variables Get environment specific variables
Options:
-h, --help Show help [boolean]
-n, --name Specific configuration item [string]
-r, --realm Specific realm (overrides environment) [string]
-d, --pull-dependencies Pull dependencies [boolean]
-p, --path Configuration path [string]
-x, --push-api-version Configuration push API version [string]
-v, --version Show version number [boolean]
Notes on specific options:
fr-config-pull journeys
The --name
option can be used with the journeys
command to pull a specific journey. This can only be used if a single realm is requested, either via the .env/environment setting or via the --realm
option. For example
fr-config-pull journeys --name "Customer Login" --realm alpha
The --pull-dependencies
option can be used with the journeys
command to pull all scripts and inner journeys associated with each journey pulled. For example
fr-config-pull journeys --name "Customer Login" --realm alpha --pull-dependencies
fr-config-pull csp
The CSP configuration endpoint requires an access token with the scope fr:idc:content-security-policy:*
,
which is not permitted for Identity Cloud service accounts as of this version of fr-config-manager
.
Therefore, for managing CSP configuration specifically, you need to set the environment variable
TENANT_ACCESS_TOKEN
with an access token with this scope - for example from the admin UI. Therefore
the csp
command is not included by default for fr-config-pull all
.
fr-config-pull org-privileges
The --name
option can be used with the org-privileges
command to pull a specific config: the valid config names are
alphaOrgPrivileges
bravoOrgPrivileges
privilegeAssignments
fr-config-pull raw
The --path
option can be used with the raw
command to pull a specific configuration path. e.g.
fr-config-pull raw --path /openidm/config/authentication
The --push-api-version
option is used in conjunction with the --path
option to specify the protocol and resource versions to use for any subsequent push operations on this resource. This information is stored within the pulled config for consumption by the fr-config-push raw
command. E.g.
fr-config-pull raw --path /am/json/realms/root/realms/alpha/realm-config/webhooks/test-webhook --push-api-version.protocol 2.0 --push-api-version.resource 1.0
If the --path
option is not provided, then the tool pulls all config referenced in the file pointed to by the RAW_CONFIG
environment setting.