Add PingOne options to override service hostnames

.github/workflows/code-analysis-lint-test.yaml

@@ -124,6 +124,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       PING_IDENTITY_CONFIG: ${{ secrets.PING_IDENTITY_CONFIG }}
+      PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME: ${{ vars.PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME }}
+      PINGCLI_PINGONE_API_SERVICE_HOSTNAME: ${{ vars.PINGCLI_PINGONE_API_SERVICE_HOSTNAME }}
       PINGCLI_PINGONE_WORKER_CLIENT_ID: ${{ secrets.PINGCLI_PINGONE_WORKER_CLIENT_ID }}
       PINGCLI_PINGONE_WORKER_CLIENT_SECRET: ${{ secrets.PINGCLI_PINGONE_WORKER_CLIENT_SECRET }}
       PINGCLI_PINGONE_REGION_CODE: ${{ secrets.PINGCLI_PINGONE_REGION_CODE }}

cmd/platform/export.go

@@ -99,6 +99,8 @@ func initPingOneExportFlags(cmd *cobra.Command) {
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerEnvironmentIDOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientIDOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientSecretOption.Flag)
+	cmd.Flags().AddFlag(options.PingOneAuthenticationServiceHostnameOption.Flag)
+	cmd.Flags().AddFlag(options.PingOneAPIServiceHostnameOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationTypeOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneRegionCodeOption.Flag)
 
@@ -109,6 +111,11 @@ func initPingOneExportFlags(cmd *cobra.Command) {
 		options.PingOneRegionCodeOption.CobraParamName,
 	)
 
+	cmd.MarkFlagsRequiredTogether(
+		options.PingOneAuthenticationServiceHostnameOption.CobraParamName,
+		options.PingOneAPIServiceHostnameOption.CobraParamName,
+	)
+
 }
 
 func initPingFederateGeneralFlags(cmd *cobra.Command) {

docs/tool-configuration/configuration-key.md

@@ -28,6 +28,8 @@ The following parameters can be configured in Ping CLI's static configuration fi
 | service.pingfederate.httpsHost | ENUM_STRING | --pingfederate-https-host | The PingFederate HTTPS host used to communicate with PingFederate's admin API.<br><br>Example: `https://pingfederate-admin.bxretail.org` |
 | service.pingfederate.insecureTrustAllTLS | ENUM_BOOL | --pingfederate-insecure-trust-all-tls | Trust any certificate when connecting to the PingFederate server admin API.<br><br>This is insecure and should not be enabled outside of testing. |
 | service.pingfederate.xBypassExternalValidationHeader | ENUM_BOOL | --pingfederate-x-bypass-external-validation-header | Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate's admin API). |
+| service.pingone.api.hostname | ENUM_STRING | --pingone-api-service-hostname | Override the service hostname for the PingOne management API. |
+| service.pingone.authentication.hostname | ENUM_STRING | --pingone-auth-service-hostname | Override the service hostname used to authenticate to the PingOne management API. |
 | service.pingone.authentication.type | ENUM_PINGONE_AUTH_TYPE | --pingone-authentication-type | The authentication type to use to authenticate to the PingOne management API.<br><br>Options are: worker.<br><br>Example: `worker` |
 | service.pingone.authentication.worker.clientID | ENUM_UUID | --pingone-worker-client-id | The worker client ID used to authenticate to the PingOne management API. |
 | service.pingone.authentication.worker.clientSecret | ENUM_STRING | --pingone-worker-client-secret | The worker client secret used to authenticate to the PingOne management API. |

internal/commands/platform/export_internal.go

@@ -313,6 +313,14 @@ func initPingOneApiClient(ctx context.Context, pingcliVersion string) (err error
 	if err != nil {
 		return err
 	}
+	authServiceHostname, err := profiles.GetOptionValue(options.PingOneAuthenticationServiceHostnameOption)
+	if err != nil {
+		return err
+	}
+	apiServiceHostname, err := profiles.GetOptionValue(options.PingOneAPIServiceHostnameOption)
+	if err != nil {
+		return err
+	}
 	regionCode, err := profiles.GetOptionValue(options.PingOneRegionCodeOption)
 	if err != nil {
 		return err
@@ -340,6 +348,14 @@ func initPingOneApiClient(ctx context.Context, pingcliVersion string) (err error
 		UserAgentSuffix: &userAgent,
 	}
 
+	if authServiceHostname != "" {
+		apiConfig.AuthHostnameOverride = &authServiceHostname
+	}
+
+	if apiServiceHostname != "" {
+		apiConfig.APIHostnameOverride = &apiServiceHostname
+	}
+
 	pingoneApiClient, err = apiConfig.APIClient(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to initialize pingone API client. Check worker client ID, worker client secret,"+

internal/configuration/options/options.go

@@ -43,6 +43,8 @@ func Options() []Option {
 		PingOneAuthenticationWorkerClientIDOption,
 		PingOneAuthenticationWorkerClientSecretOption,
 		PingOneAuthenticationWorkerEnvironmentIDOption,
+		PingOneAuthenticationServiceHostnameOption,
+		PingOneAPIServiceHostnameOption,
 		PingOneRegionCodeOption,
 
 		PlatformExportExportFormatOption,
@@ -102,6 +104,8 @@ var (
 	PingOneAuthenticationTypeOption                Option
 	PingOneAuthenticationWorkerClientIDOption      Option
 	PingOneAuthenticationWorkerClientSecretOption  Option
+	PingOneAuthenticationServiceHostnameOption     Option
+	PingOneAPIServiceHostnameOption                Option
 	PingOneAuthenticationWorkerEnvironmentIDOption Option
 	PingOneRegionCodeOption                        Option
 )

internal/configuration/services/pingone.go

@@ -14,6 +14,8 @@ func InitPingOneServiceOptions() {
 	initAuthenticationWorkerClientIDOption()
 	initAuthenticationWorkerClientSecretOption()
 	initAuthenticationWorkerEnvironmentIDOption()
+	initAuthenticationServiceHostnameOption()
+	initAPIServiceHostnameOption()
 	initRegionCodeOption()
 
 }
@@ -85,6 +87,48 @@ func initAuthenticationWorkerEnvironmentIDOption() {
 	}
 }
 
+func initAuthenticationServiceHostnameOption() {
+	cobraParamName := "pingone-auth-service-hostname"
+	cobraValue := new(customtypes.String)
+	defaultValue := customtypes.String("")
+	envVar := "PINGCLI_PINGONE_AUTH_SERVICE_HOSTNAME"
+
+	options.PingOneAuthenticationServiceHostnameOption = options.Option{
+		CobraParamName:  cobraParamName,
+		CobraParamValue: cobraValue,
+		DefaultValue:    &defaultValue,
+		EnvVar:          envVar,
+		Flag: &pflag.Flag{
+			Name:  cobraParamName,
+			Usage: "Override the service hostname used to authenticate to the PingOne management API.",
+			Value: cobraValue,
+		},
+		Type:     options.ENUM_STRING,
+		ViperKey: "service.pingone.authentication.hostname",
+	}
+}
+
+func initAPIServiceHostnameOption() {
+	cobraParamName := "pingone-api-service-hostname"
+	cobraValue := new(customtypes.String)
+	defaultValue := customtypes.String("")
+	envVar := "PINGCLI_PINGONE_API_SERVICE_HOSTNAME"
+
+	options.PingOneAPIServiceHostnameOption = options.Option{
+		CobraParamName:  cobraParamName,
+		CobraParamValue: cobraValue,
+		DefaultValue:    &defaultValue,
+		EnvVar:          envVar,
+		Flag: &pflag.Flag{
+			Name:  cobraParamName,
+			Usage: "Override the service hostname for the PingOne management API.",
+			Value: cobraValue,
+		},
+		Type:     options.ENUM_STRING,
+		ViperKey: "service.pingone.api.hostname",
+	}
+}
+
 func initPingOneAuthenticationTypeOption() {
 	cobraParamName := "pingone-authentication-type"
 	cobraValue := new(customtypes.PingOneAuthenticationType)

internal/testing/testutils/utils.go

@@ -43,6 +43,8 @@ func GetPingOneClientInfo(t *testing.T) *connector.PingOneClientInfo {
 		clientID := os.Getenv(options.PingOneAuthenticationWorkerClientIDOption.EnvVar)
 		clientSecret := os.Getenv(options.PingOneAuthenticationWorkerClientSecretOption.EnvVar)
 		environmentId := GetEnvironmentID()
+		authServiceHostname := os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar)
+		apiServiceHostname := os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar)
 		regionCode := os.Getenv(options.PingOneRegionCodeOption.EnvVar)
 		sdkRegionCode := management.EnumRegionCode(regionCode)
 
@@ -57,6 +59,14 @@ func GetPingOneClientInfo(t *testing.T) *connector.PingOneClientInfo {
 			RegionCode:    &sdkRegionCode,
 		}
 
+		if authServiceHostname != "" {
+			apiConfig.AuthHostnameOverride = &authServiceHostname
+		}
+
+		if apiServiceHostname != "" {
+			apiConfig.APIHostnameOverride = &apiServiceHostname
+		}
+
 		// Make empty context for testing
 		ctx := context.Background()
 

internal/testing/testutils_viper/viper_utils.go

@@ -27,8 +27,11 @@ default:
     service:
         pingone:
             regionCode: %s
-            authentication:
-                type: worker
+            api:
+				hostname: %s
+			authentication:
+                hostname: %s
+				type: worker
                 worker:
                     clientid: %s
                     clientsecret: %s
@@ -110,6 +113,8 @@ func getDefaultConfigFileContents() string {
 	return fmt.Sprintf(defaultConfigFileContentsPattern,
 		outputDirectoryReplacement,
 		os.Getenv(options.PingOneRegionCodeOption.EnvVar),
+		os.Getenv(options.PingOneAuthenticationServiceHostnameOption.EnvVar),
+		os.Getenv(options.PingOneAPIServiceHostnameOption.EnvVar),
 		os.Getenv(options.PingOneAuthenticationWorkerClientIDOption.EnvVar),
 		os.Getenv(options.PingOneAuthenticationWorkerClientSecretOption.EnvVar),
 		os.Getenv(options.PingOneAuthenticationWorkerEnvironmentIDOption.EnvVar),