Add support for Roles resource type

[RovinKYK]

Purpose

Add support for Role management in the IAM-CTL tool to enable export and import of system and application roles between Identity Server environments.

Related to https://github.com/wso2-enterprise/iam-product-management/issues/662

Goals

Enable users to:

• Export/import system and application roles between IS environments
• Apply keyword replacement for environment-specific variables
• Filter scopes using EXCLUDE and INCLUDE_ONLY configurations
• Delete scopes when ALLOW_DELETE is enabled

Approach

• Created new pkg/roles package following existing resource type patterns
• Implemented export/import functionality using IS SCIM 2.0 Role Management API and client-side file serialization
• Integrated roles operations into exportAll and importAll CLI commands
• Added ROLES resource type to configuration system (constants, configs, keyword mapping)
• Updated authentication scope to include role management permissions

User Stories

As a system administrator, I want to export and import system and application roles across environments to enable version control and maintain consistent IAM configurations.

Release Note

Added Role management support to IAM-CTL tool.

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

[Copilot]

Pull request overview

This pull request adds comprehensive support for two new resource types: OIDC Scopes and Roles to the IAM-CTL tool. The PR refactors the resource handling architecture to use strongly-typed ResourceType constants and introduces new serialization utilities to support multiple file formats (YAML, JSON, XML). Additionally, it establishes infrastructure for future resource reference handling and dependency management.

Changes:

• Added OIDC Scopes and Roles as new manageable resource types with full CRUD operations
• Introduced serialization/deserialization utilities supporting YAML, JSON, and XML formats
• Refactored resource type handling from strings to strongly-typed constants
• Added infrastructure for resource reference tracking and resolution (currently unused)

Reviewed changes

Copilot reviewed 37 out of 38 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
iamctl/pkg/roles/export.go	Implements export functionality for roles using GET requests and SCIM2 API
iamctl/pkg/roles/import.go	Implements import/update functionality for roles using POST/PATCH requests
iamctl/pkg/roles/rolesUtils.go	Utility functions for role operations including name escaping and permission patch handling
iamctl/pkg/oidcScopes/export.go	Implements export functionality for OIDC scopes
iamctl/pkg/oidcScopes/import.go	Implements import/update functionality for OIDC scopes using POST/PUT requests
iamctl/pkg/oidcScopes/oidcScopeUtils.go	Utility functions for OIDC scope operations
iamctl/pkg/utils/serializationUtils.go	New file providing format-agnostic serialization/deserialization with XML support
iamctl/pkg/utils/resourceReferenceUtils.go	New file providing infrastructure for resource reference tracking (currently unused)
iamctl/pkg/utils/resourceOrder.go	Defines processing order for resources based on dependencies
iamctl/pkg/utils/constants.go	Adds ResourceType as strongly-typed constant, Format types, and metadata structures
iamctl/pkg/utils/apiUtils.go	Adds GET, POST, PUT, PATCH HTTP methods and updates URL building for SCIM2
iamctl/pkg/utils/keywordUtils.go	Refactors to use Format types and adds getRawValue/ReplaceRawValue functions
iamctl/pkg/utils/summaryUtils.go	Updates to use ResourceType instead of string
iamctl/pkg/utils/resourceProperties.go	Adds String() method for ResourceType conversion
iamctl/pkg/utils/setup.go	Adds config structures for OIDC scopes and roles
iamctl/pkg/utils/init.go	Adds required OAuth scopes for OIDC scope and role management APIs
iamctl/tests/*.go	Comprehensive unit tests for serialization and resource reference utilities
iamctl/cmd/cli/exportAll.go	Refactored to use resource order with new resource types
iamctl/cmd/cli/importAll.go	Refactored to use resource order with new resource types
iamctl/go.mod	Adds mxj/v2 for XML handling, upgrades yaml.v2 to yaml.v3
iamctl/go.sum	Updates dependencies
README.md	Documents OIDC Scopes in supported resource types list
docs/cli-mode.md	Documents OIDC Scopes and updates configuration examples
Various import/export files	Updates yaml imports from v2 to v3, fixes "retrieved" typo, uses ResourceType.String()

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.