Merge pull request #353 from atomicsamurai/main

pem and base64hmac encoded ESV secret creation support
rockcarver · Jan 16, 2024 · c6f5b4e · c6f5b4e
2 parents e687fdf + 89d9c8e
commit c6f5b4e
Show file tree

Hide file tree

Showing 25 changed files with 2,039 additions and 94 deletions.
diff --git a/.github/README.md b/.github/README.md
@@ -15,10 +15,23 @@ ForgeROck DO Command Line Interface, frodo-cli, a CLI to manage ForgeRock platfo
 
 ## Quick start
 
+### For the impatient
+The below steps install the latest unstable (next) version of the cli using homebrew (only for MacOS and linux):
+```console
+$ brew tap rockcarver/frodo-cli
+$ brew install frodo-cli-next
+$ frodo conn add https://openam-my-tenant.forgeblocks.com/am [email protected] '5uP3r-53cr3t!'
+$ frodo info my-tenant
+$ frodo journey export .... # or whatever you need to use frodo for
+```
+
+Detailed quick-start follows.
+
 ### Install
 
-#### Homebrew (preferred for Mac OS (x86 and M1) and linux)
-Make sure you have a working [homebrew](https://brew.sh/). Then, to install frodo binary:
+#### Homebrew (preferred for Mac OS [x86 and M1] and linux)
+1. Make sure you have a working [homebrew](https://brew.sh/). 
+2. [Tap](https://docs.brew.sh/Taps) the custom formula as below:
 ```console
 $ brew tap rockcarver/frodo-cli
 ==> Tapping rockcarver/frodo-cli
@@ -27,37 +40,68 @@ remote: Enumerating objects: 8, done.
 .
 .
 ```
+3. Once its tapped, you can install either the STABLE major version or the latest/unstable (next) version, as below
+
+STABLE
+
 ```console
 $ brew install frodo-cli
 ==> Fetching rockcarver/frodo-cli/frodo-cli
 ==> Cloning https://github.com/rockcarver/frodo-cli.git
 .
 .
 ```
-This will build the frodo binary locally and add it to the path (homebrew bin). To verify the installation, run `frodo -v`, it should print something like:
+
+Or latest/unstable (next)
+
+```console
+$ brew install frodo-cli-next
+==> Fetching rockcarver/frodo-cli/frodo-cli-next
+==> Cloning https://github.com/rockcarver/frodo-cli.git
+.
+.
+```
+To verify the installation, run `frodo -v`, it should print something like:
 ```console
 $ frodo -v
-You seem to be running the binary package
+You are running the binary release.
 Installed versions:
-cli: v0.23.0
-lib: v0.18.8
-node: v18.5.0
+cli: v2.0.0-43
+lib: v2.0.0-59
+node: v18.18.2
 ```
 
+If you have the STABLE version installed and you want to get the latest, do:
+```console
+$ brew uninstall frodo-cli
+$ brew uninstall frodo-cli-next
+```
+Or vice-versa.
+
 To upgrade to latest frodo
 ```console
 $ brew upgrade frodo-cli
-==> Downloading https://formulae.brew.sh/api/formula.jws.json
-######################################################################## 100.0%
-==> Downloading https://formulae.brew.sh/api/cask.jws.json
-######################################################################## 100.0%
-Warning: rockcarver/frodo-cli/frodo-cli 0.23.0 already installed
+==> Upgrading 1 outdated package:
+rockcarver/frodo-cli/frodo-cli-next 2.0.0-43 -> 2.0.0-44
+==> Fetching rockcarver/frodo-cli/frodo-cli-next
+==> Cloning https://github.com/rockcarver/frodo-cli.git
+Updating /Users/sandeep.chaturvedi/Library/Caches/Homebrew/frodo-cli-next--git
+From https://github.com/rockcarver/frodo-cli
+ * [new tag]           v2.0.0-44  -> v2.0.0-44
+==> Checking out tag v2.0.0-44
+Previous HEAD position was 9a968346 Updated changelog and version for release v2.0.0-43
+HEAD is now at e687fdf6 Updated changelog and version for release v2.0.0-44
+HEAD is now at e687fdf6 Updated changelog and version for release v2.0.0-44
+==> Upgrading rockcarver/frodo-cli/frodo-cli-next
+  2.0.0-43 -> 2.0.0-44
 ```
 
 #### Alternate method - download precompiled binary
 Alternatively, for MacOS (x86 only), linux and Windows, you can also download the platform specific binary archive from the [release page](https://github.com/rockcarver/frodo-cli/releases) and unzip it to a directory. For MacOS (x86 only) and Windows, you may have to allow running unsigned binaries on those platforms. How to do that is out of scope for this README.
 
-#### Run
+### Using / running
+
+You can either run with a saved connection profile (most common way) or not. To run with a connection profile, you need to create one:
 1. Run `frodo conn add` (example below) to setup `frodo` for your ForgeRock environment. If all parameters are correct, `frodo` creates a new [connection profile](#connection-profiles). If you are offline and don't want to validate the data you enter, you can use the --no-validate paramter and frodo stores the [connection profile](#connection-profiles) without validating it.
 
    ```console
@@ -88,7 +132,7 @@ Alternatively, for MacOS (x86 only), linux and Windows, you can also download th
    eyJ0eXAiOiJKV......
    ```
 
-   Note how the command does not specify the complete tenant URL nor username nor password. I only uses a unique substring that matches the tenant URL and frodo looks up and uses the right [connection profile](#connection-profiles).
+   Note how the command does not specify the complete tenant URL nor username nor password. It only needs a unique substring that matches the tenant URL and frodo looks up and uses the right [connection profile](#connection-profiles).
 
 3. Now you can use other frodo commands, like `journey`, `logs`, `applications` etc. as desired. **For detailed usage, refer to [this](#usage)**
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- pem and base64hmac encoded ESV secret creation
+
 ## [2.0.0-44] - 2024-01-11
 
 ## [2.0.0-43] - 2024-01-05

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -116,7 +116,7 @@
     ]
   },
   "dependencies": {
-    "@rockcarver/frodo-lib": "2.0.0-60",
+    "@rockcarver/frodo-lib": "2.0.0-64",
     "chokidar": "^3.5.3",
     "cli-progress": "^3.11.2",
     "cli-table3": "^0.6.3",

diff --git a/src/cli/esv/esv-secret-create.ts b/src/cli/esv/esv-secret-create.ts
@@ -1,7 +1,7 @@
 import { frodo } from '@rockcarver/frodo-lib';
 import { Option } from 'commander';
 
-import { createSecret } from '../../ops/SecretsOps';
+import { createSecret, createSecretFromFile } from '../../ops/SecretsOps';
 import { verboseMessage } from '../../utils/Console.js';
 import { FrodoCommand } from '../FrodoCommand';
 
@@ -12,13 +12,18 @@ const program = new FrodoCommand('frodo esv secret create');
 program
   .description('Create secrets.')
   .requiredOption('-i, --secret-id <secret-id>', 'Secret id.')
-  .requiredOption('--value <value>', 'Secret value.')
-  .option('--description [description]', 'Secret description.')
+  .option('--value <value>', 'Secret value. Overrides "--file"')
   .addOption(
     new Option(
-      '--encoding [encoding]',
-      'Secret encoding. Must be one of "generic", "pem", "base64hmac"'
-    ).default('generic', 'generic')
+      '-f, --file [file]',
+      'Name of the file to read pem or base64hmac encoded secret from. Ignored if --value is specified'
+    )
+  )
+  .option('--description [description]', 'Secret description.')
+  .addOption(
+    new Option('--encoding [encoding]', 'Secret encoding')
+      .choices(['generic', 'pem', 'base64hmac'])
+      .default('generic', 'generic')
   )
   .addOption(
     new Option(
@@ -39,13 +44,24 @@ program
       );
       if (await getTokens()) {
         verboseMessage('Creating secret...');
-        const outcome = await createSecret(
-          options.secretId,
-          options.value,
-          options.description,
-          options.encoding,
-          options.useInPlaceholders
-        );
+        let outcome = null;
+        if (options.value) {
+          outcome = await createSecret(
+            options.secretId,
+            options.value,
+            options.description,
+            options.encoding,
+            options.useInPlaceholders
+          );
+        } else {
+          outcome = await createSecretFromFile(
+            options.secretId,
+            options.file,
+            options.description,
+            options.encoding,
+            options.useInPlaceholders
+          );
+        }
         if (!outcome) process.exitCode = 1;
       } else {
         process.exitCode = 1;

diff --git a/src/ops/SecretsOps.ts b/src/ops/SecretsOps.ts
@@ -4,6 +4,7 @@ import {
   SecretSkeleton,
   VersionOfSecretSkeleton,
 } from '@rockcarver/frodo-lib/types/api/cloud/SecretsApi';
+import fs from 'fs';
 
 import { getFullExportConfig, isIdUsed } from '../utils/Config';
 import {
@@ -178,6 +179,45 @@ export async function createSecret(
   return outcome;
 }
 
+/**
+ * Create PEM certificate from file
+ * @param {string} id secret id
+ * @param {string} file certificate file name
+ * @param {string} description secret description
+ * @param {SecretEncodingType} encoding secret encoding
+ * @param {boolean} useInPlaceholders use secret in placeholders
+ * @returns {Promise<boolean>} true if successful, false otherwise
+ */
+export async function createSecretFromFile(
+  id: string,
+  file: string,
+  description: string,
+  encoding: SecretEncodingType,
+  useInPlaceholders: boolean
+): Promise<boolean> {
+  let outcome = false;
+  const value = fs.readFileSync(getFilePath(file), 'utf8');
+  const spinnerId = createProgressIndicator(
+    'indeterminate',
+    0,
+    `Creating secret ${id}...`
+  );
+  try {
+    await _createSecret(id, value, description, encoding, useInPlaceholders);
+    stopProgressIndicator(spinnerId, `Created secret ${id}`, 'success');
+    outcome = true;
+  } catch (error) {
+    stopProgressIndicator(
+      spinnerId,
+      error.response
+        ? `Error: ${error.response.data.code} - ${error.response.data.message}`
+        : error,
+      'fail'
+    );
+  }
+  return outcome;
+}
+
 /**
  * Set description of secret
  * @param {string} secretId secret id

diff --git a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap
@@ -26,8 +26,11 @@ Options:
                                specified, may or may not produce additional
                                output helpful for troubleshooting.
   --description [description]  Secret description.
-  --encoding [encoding]        Secret encoding. Must be one of "generic",
-                               "pem", "base64hmac" (default: generic)
+  --encoding [encoding]        Secret encoding (choices: "generic", "pem",
+                               "base64hmac", default: generic)
+  -f, --file [file]            Name of the file to read pem or base64hmac
+                               encoded secret from. Ignored if --value is
+                               specified
   --flush-cache                Flush token cache.
   -h, --help                   Help
   -i, --secret-id <secret-id>  Secret id.
@@ -57,7 +60,7 @@ Options:
   --sa-id <sa-id>              Service account id.
   --sa-jwk-file <file>         File containing the JSON Web Key (JWK)
                                associated with the the service account.
-  --value <value>              Secret value.
+  --value <value>              Secret value. Overrides "--file"
   --verbose                    Verbose output during command execution. If
                                specified, may or may not produce additional
                                output.