Add support for Challenge questions resource type

[RovinKYK]

Purpose

Add support for challenge question management in the IAM-CTL tool to enable export and import of challenge question sets between Identity Server environments.

Related to https://github.com/wso2-enterprise/iam-product-management/issues/662

Goals

Enable users to:

• Export/import challenge question sets between IS environments
• Apply keyword replacement for environment-specific variables
• Filter question sets using EXCLUDE and INCLUDE_ONLY configurations
• Delete question sets when ALLOW_DELETE is enabled

Approach

• Created new pkg/challengeQuestions package following existing resource type pattern
• Implemented export/import using the IS Challenge Question Management API
• Handled API-specific requirements: POST body must be a wrapped array, PUT body contains only the questions array, not the full set.
• Integrated challenge question operations into exportAll and importAll CLI commands
• Added CHALLENGE_QUESTIONS resource type to configuration system (constants, array identifiers, XML root tag, array field paths, tool/keyword configs)
• Updated authentication scope to include challenge question management permissions

User Stories

As a system administrator, I want to export and import challenge question sets across environments to enable version control and maintain consistent IAM configurations.

Release Note

Added challenge question set management support to IAM-CTL tool.

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

[Copilot]

Pull request overview

Adds new resource types and supporting utilities to IAM-CTL so challenge question sets (and related new resources like OIDC scopes and Roles) can be exported/imported between Identity Server environments with keyword replacement, filtering, and optional deletion, integrated into exportAll / importAll.

Changes:

• Introduces new resource implementations for CHALLENGE_QUESTIONS, OIDC_SCOPES, and ROLES, and wires them into bulk CLI commands using a shared processing order.
• Adds multi-format serialization/deserialization utilities (YAML/JSON/XML), plus helpers for XML root-tag handling and array normalization.
• Adds new utilities for resource reference replacement and request-body preparation, and expands configs/constants to support the new resource types.

Reviewed changes

Copilot reviewed 40 out of 41 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
iamctl/tests/serializationUtils_test.go	Adds unit tests for XML root-tag helpers and array-field normalization.
iamctl/tests/resourceReferenceUtils_test.go	Adds unit tests for reference-mapping and ALL_ITEMS path expansion utilities.
iamctl/tests/keywordUtils_test.go	Minor test variable rename to align with updated keyword-processing code.
iamctl/pkg/utils/summaryUtils.go	Updates summary tracking APIs to use ResourceType and string keys consistently.
iamctl/pkg/utils/setup.go	Extends tool/keyword config structs to include OIDC scopes, roles, challenge questions.
iamctl/pkg/utils/serializationUtils.go	New multi-format Serialize/Deserialize + XML root-tag + array normalization utilities.
iamctl/pkg/utils/resourceReferenceUtils.go	New utilities for building identifier maps and replacing cross-resource references.
iamctl/pkg/utils/resourceProperties.go	Adds ResourceType.String() and updates resource-type exclusion logic to use it.
iamctl/pkg/utils/resourceOrder.go	Defines a canonical resource processing order for bulk operations.
iamctl/pkg/utils/keywordUtils.go	Refactors keyword processing to be format-aware and reuse new serialization utils.
iamctl/pkg/utils/init.go	Expands OAuth scope string to include permissions for new APIs.
iamctl/pkg/utils/constants.go	Introduces ResourceType + Format, adds new resource constants and metadata structures.
iamctl/pkg/utils/commonUtils.go	Adds helper for exported file paths and map key normalization.
iamctl/pkg/utils/apiUtils.go	Adds generic GET/POST/PUT/PATCH helpers and JSON request-body preparation.
iamctl/pkg/userStores/userStoreUtils.go	Switches YAML dependency to v3 and fixes spelling in error messages.
iamctl/pkg/userStores/import.go	Updates folder naming to use ResourceType.String().
iamctl/pkg/userStores/export.go	Updates folder naming to use ResourceType.String().
iamctl/pkg/roles/rolesUtils.go	New roles helpers: list roles, keyword mapping, and SCIM patch-body construction.
iamctl/pkg/roles/import.go	New roles import implementation (create/patch/delete handling).
iamctl/pkg/roles/export.go	New roles export implementation via GET + keyword processing + serialization.
iamctl/pkg/oidcScopes/oidcScopeUtils.go	New OIDC scope helpers: list scopes, keyword mapping, existence checks.
iamctl/pkg/oidcScopes/import.go	New OIDC scope import implementation (create/update/delete).
iamctl/pkg/oidcScopes/export.go	New OIDC scope export implementation via GET + keyword processing + serialization.
iamctl/pkg/identityProviders/import.go	Updates YAML dependency and folder naming to use ResourceType.String().
iamctl/pkg/identityProviders/idpUtils.go	Fixes spelling in error messages (“retrieved”).
iamctl/pkg/identityProviders/export.go	Updates folder naming to use ResourceType.String().
iamctl/pkg/claims/import.go	Updates YAML dependency and folder naming to use ResourceType.String().
iamctl/pkg/claims/export.go	Updates folder naming to use ResourceType.String().
iamctl/pkg/claims/claimUtils.go	Updates YAML dependency and fixes spelling in error messages (“retrieved”).
iamctl/pkg/challengeQuestions/import.go	New challenge question set import implementation (create/update/delete).
iamctl/pkg/challengeQuestions/export.go	New challenge question set export implementation via GET + keyword processing + serialization.
iamctl/pkg/challengeQuestions/challengeQuestionUtils.go	New challenge question set helpers (list sets, keyword mapping, update body).
iamctl/pkg/applications/import.go	Updates YAML dependency and folder naming to use ResourceType.String().
iamctl/pkg/applications/export.go	Updates folder naming to use ResourceType.String().
iamctl/pkg/applications/applicationUtils.go	Updates YAML dependency and fixes spelling in error messages (“retrieved”).
iamctl/go.sum	Adds mxj + yaml.v3 sums and updates dependency set.
iamctl/go.mod	Adds mxj and yaml.v3 requirements.
iamctl/cmd/cli/importAll.go	Refactors bulk import to iterate utils.ResourceOrder and include new resource types.
iamctl/cmd/cli/exportAll.go	Refactors bulk export to iterate utils.ResourceOrder and include new resource types.
docs/cli-mode.md	Updates docs to mention OIDC scopes and fixes JSON example formatting.
README.md	Updates required scopes and supported resource types list to mention OIDC scopes.

Comments suppressed due to low confidence (1)

README.md:94

• The supported resource types lists are missing Roles and Challenge Questions, which are introduced in this PR. Please add them (and clarify root vs sub-organization support if it differs).

The supported resource types to transfer resources between root organizations are: 
* Applications
* Identity Providers
* Claims
* User Stores
* OIDC Scopes

The supported resource types to transfer resources between sub organizations are:
* Applications
* Identity Providers
* User Stores

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.