feat: Add config-manager push csp command

src/cli/config-manager/config-manager-push/config-manager-push-csp.ts

@@ -0,0 +1,60 @@
+import { frodo } from '@rockcarver/frodo-lib';
+import { Option } from 'commander';
+
+import { configManagerImportCsp } from '../../../configManagerOps/FrConfigCspOps';
+import { getTokens } from '../../../ops/AuthenticateOps';
+import { printMessage, verboseMessage } from '../../../utils/Console';
+import { FrodoCommand } from '../../FrodoCommand';
+
+const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } =
+  frodo.utils.constants;
+
+const deploymentTypes = [
+  CLOUD_DEPLOYMENT_TYPE_KEY,
+  FORGEOPS_DEPLOYMENT_TYPE_KEY,
+];
+
+export default function setup() {
+  const program = new FrodoCommand(
+    'frodo config-manager push cps',
+    [],
+    deploymentTypes
+  );
+
+  program
+    .description('Import content security policy.')
+    .addOption(
+      new Option(
+        '-n, --name <name>',
+        'Email template name; imports only the email template with the specified name.'
+      )
+    )
+    .description('Import content security policy.')
+    .action(async (host, realm, user, password, options, command) => {
+      command.handleDefaultArgsAndOpts(
+        host,
+        realm,
+        user,
+        password,
+        options,
+        command
+      );
+
+      if (await getTokens(false, true, deploymentTypes)) {
+        verboseMessage('Importing content security policy');
+        const outcome = await configManagerImportCsp(options.name);
+        if (!outcome) process.exitCode = 1;
+      }
+      // unrecognized combination of options or no options
+      else {
+        printMessage(
+          'Unrecognized combination of options or no options...',
+          'error'
+        );
+        program.help();
+        process.exitCode = 1;
+      }
+    });
+
+  return program;
+}

src/cli/config-manager/config-manager-push/config-manager-push.ts

@@ -4,6 +4,7 @@ import Audit from './config-manager-push-audit';
 import Authentication from './config-manager-push-authentication';
 import ConnectorDefinitions from './config-manager-push-connector-definitions';
 import CookieDomains from './config-manager-push-cookie-domain';
+import CSP from './config-manager-push-csp';
 import EmailProvider from './config-manager-push-email-provider';
 import EmailTemplates from './config-manager-push-email-templates';
 import Endpoints from './config-manager-push-endpoints';
@@ -44,5 +45,6 @@ export default function setup() {
   program.addCommand(Authentication().name('authentication'));
   program.addCommand(ConnectorDefinitions().name('connector-definitions'));
 
+  program.addCommand(CSP().name('csp'));
   return program;
 }

src/configManagerOps/FrConfigCspOps.ts

@@ -1,11 +1,16 @@
 import { frodo } from '@rockcarver/frodo-lib';
 import { ContentSecurityPolicy } from '@rockcarver/frodo-lib/types/api/cloud/EnvContentSecurityPolicyApi';
 import { applyDiff } from 'deep-diff';
+import fs from 'fs';
 import { readFile } from 'fs/promises';
 
 import { printError } from '../utils/Console';
 
 const { env } = frodo.cloud;
+const {
+  updateEnforcedContentSecurityPolicy,
+  updateReportOnlyContentSecurityPolicy,
+} = frodo.cloud.env;
 const { getFilePath, saveJsonToFile } = frodo.utils;
 
 /**
@@ -40,3 +45,33 @@ export async function configManagerExportCsp(
     return false;
   }
 }
+
+/**
+ * Import the content security policy in fr-config manager format
+ * @param name optional csp name to import
+ * @returns True if file was successfully saved
+ */
+export async function configManagerImportCsp(name?: string): Promise<boolean> {
+  try {
+    if (name) {
+      const getCspFile = getFilePath(`csp/${name}.json`);
+      const readCspFile = fs.readFileSync(getCspFile, 'utf8');
+      const csp = JSON.parse(readCspFile);
+
+      await updateEnforcedContentSecurityPolicy(csp.enforced);
+      await updateReportOnlyContentSecurityPolicy(csp['report-only']);
+    } else {
+      const getCspFile = getFilePath('csp/csp.json');
+      const readCspFile = fs.readFileSync(getCspFile, 'utf8');
+      const csp = JSON.parse(readCspFile);
+
+      await updateEnforcedContentSecurityPolicy(csp.enforced);
+      await updateReportOnlyContentSecurityPolicy(csp['report-only']);
+    }
+
+    return true;
+  } catch (error) {
+    printError(error);
+    return false;
+  }
+}

test/client_cli/en/__snapshots__/config-manager-push-csp.test.js.snap

@@ -0,0 +1,27 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`CLI help interface for 'config-manager push csp' should be expected english 1`] = `
+"Usage: frodo config-manager push csp [options] [host] [realm] [username] [password]
+
+[Experimental] Import content security policy.
+
+Arguments:
+  host               AM base URL, e.g.: https://cdk.iam.example.com/am. To use a
+                     connection profile, just specify a unique substring or
+                     alias.
+  realm              Realm. Specify realm as '/' for the root realm or 'realm'
+                     or '/parent/child' otherwise. (default: "alpha" for
+                     Identity Cloud tenants, "/" otherwise.)
+  username           Username to login with. Must be an admin user with
+                     appropriate rights to manage authentication journeys/trees.
+  password           Password.
+
+Options:
+  -n, --name <name>  Email template name; imports only the email template with
+                     the specified name.
+  -h, --help         Help
+  -hh, --help-more   Help with all options.
+  -hhh, --help-all   Help with all options, environment variables, and usage
+                     examples.
+"
+`;

test/client_cli/en/__snapshots__/config-manager-push.test.js.snap

@@ -18,6 +18,7 @@ Commands:
   authentication         [Experimental] Import authentication objects.
   connector-definitions  [Experimental] Import connector definitions.
   cookie-domains         [Experimental] Import cookie domains.
+  csp                    [Experimental] Import content security policy.
   email-provider         [Experimental] Import email provider configuration.
   email-templates        [Experimental] Import email template objects.
   endpoints              [Experimental] Import custom endpoints objects.

test/client_cli/en/config-manager-push-csp.test.js

@@ -0,0 +1,10 @@
+import cp from 'child_process';
+import { promisify } from 'util';
+
+const exec = promisify(cp.exec);
+const CMD = 'frodo config-manager push csp --help';
+const { stdout } = await exec(CMD);
+
+test("CLI help interface for 'config-manager push csp' should be expected english", async () => {
+    expect(stdout).toMatchSnapshot();
+});

test/e2e/__snapshots__/config-manager-push-csp.e2e.test.js.snap

@@ -0,0 +1,15 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`frodo config-manager push csp "frodo config-manager push csp -D test/e2e/exports/fr-config-manager/cloud ": should import the csp into cloud" 1`] = `""`;
+
+exports[`frodo config-manager push csp "frodo config-manager push csp -D test/e2e/exports/fr-config-manager/cloud ": should import the csp into cloud" 2`] = `
+"Experimental feature in use: 'frodo config-manager push csp'. This feature may change without notice.
+"
+`;
+
+exports[`frodo config-manager push csp "frodo config-manager push csp -n csp -D test/e2e/exports/fr-config-manager/cloud ": should import the csp into cloud" 1`] = `""`;
+
+exports[`frodo config-manager push csp "frodo config-manager push csp -n csp -D test/e2e/exports/fr-config-manager/cloud ": should import the csp into cloud" 2`] = `
+"Experimental feature in use: 'frodo config-manager push csp'. This feature may change without notice.
+"
+`;

test/e2e/config-manager-push-csp.e2e.test.js

@@ -0,0 +1,83 @@
+/**
+ * Follow this process to write e2e tests for the CLI project:
+ *
+ * 1. Test if all the necessary mocks for your tests already exist.
+ *    In mock mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=1 frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    If your command completes without errors and with the expected results,
+ *    all the required mocks already exist and you are good to write your
+ *    test and skip to step #4.
+ *
+ *    If, however, your command fails and you see errors like the one below,
+ *    you know you need to record the mock responses first:
+ *
+ *    [Polly] [adapter:node-http] Recording for the following request is not found and `recordIfMissing` is `false`.
+ *
+ * 2. Record mock responses for your exact command.
+ *    In mock record mode, run the command you want to test with the same arguments
+ *    and parameters exactly as you want to test it, for example:
+ *
+ *    $ FRODO_MOCK=record frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!
+ *
+ *    Wait until you see all the Polly instances (mock recording adapters) have
+ *    shutdown before you try to run step #1 again.
+ *    Messages like these indicate mock recording adapters shutting down:
+ *
+ *    Polly instance 'conn/4' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 2s...
+ *    Polly instance 'conn/save/3' stopping in 3s...
+ *    Polly instance 'conn/4' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopping in 2s...
+ *    Polly instance 'conn/4' stopped.
+ *    Polly instance 'conn/save/3' stopping in 1s...
+ *    Polly instance 'conn/save/3' stopped.
+ *
+ * 3. Validate your freshly recorded mock responses are complete and working.
+ *    Re-run the exact command you want to test in mock mode (see step #1).
+ *
+ * 4. Write your test.
+ *    Make sure to use the exact command including number of arguments and params.
+ *
+ * 5. Commit both your test and your new recordings to the repository.
+ *    Your tests are likely going to reside outside the frodo-lib project but
+ *    the recordings must be committed to the frodo-lib project.
+ */
+
+/*
+//Cloud
+FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo config-manager push csp -D test/e2e/exports/fr-config-manager/cloud 
+FRODO_MOCK=record FRODO_NO_CACHE=1 FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo config-manager push csp -n csp -D test/e2e/exports/fr-config-manager/cloud 
+
+*/
+
+import cp from 'child_process';
+import { promisify } from 'util';
+import { getEnv, removeAnsiEscapeCodes } from './utils/TestUtils';
+import { connection as c } from './utils/TestConfig';
+
+const exec = promisify(cp.exec);
+
+process.env['FRODO_MOCK'] = '1';
+const cloudEnv = getEnv(c);
+
+const allDirectory = "test/e2e/exports/fr-config-manager/cloud";
+
+describe('frodo config-manager push csp', () => {
+    test(`"frodo config-manager push csp -D ${allDirectory} ": should import the csp into cloud"`, async () => {
+        const CMD = `frodo config-manager push csp -D ${allDirectory} `;
+        const { stdout, stderr } = await exec(CMD, cloudEnv);
+        expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot();
+        expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot();
+
+    });
+    test(`"frodo config-manager push csp -n csp -D ${allDirectory} ": should import the csp into cloud"`, async () => {
+        const CMD = `frodo config-manager push csp -n csp -D ${allDirectory} `;
+        const { stdout, stderr } = await exec(CMD, cloudEnv);
+        expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot();
+        expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot();
+
+    });
+});

test/e2e/exports/fr-config-manager/cloud/csp/csp.json

@@ -0,0 +1,19 @@
+{
+  "enforced": {
+    "active": false,
+    "directives": {}
+  },
+  "report-only": {
+    "active": true,
+    "directives": {
+      "frame-ancestors": [
+        "'self'"
+      ],
+      "script-src": [
+        "'self'",
+        "'unsafe-eval'",
+        "'unsafe-inline'"
+      ]
+    }
+  }
+}