feat: expose oauth s2s env

Author: moritzraho

src/lib/defaults.js

@@ -22,6 +22,7 @@ module.exports = {
   defaultImageCacheDuration: '604800',
   AIO_CONFIG_IMS_ORG_ID: 'project.org.ims_org_id',
   SERVICE_API_KEY_ENV: 'SERVICE_API_KEY',
+  IMS_OAUTH_S2S_ENV: 'IMS_OAUTH_S2S',
   ENTP_INT_CERTS_FOLDER: 'entp-int-certs',
   CONSOLE_API_KEYS: {
     prod: 'aio-cli-console-auth',

src/lib/import-helper.js

@@ -512,17 +512,19 @@ function transformRuntime (runtime) {
 }
 
 /**
- * Gets the service credential from the credentials.
+ * Gets the service credential from the credentials in the Console file.
  *
  * This is different if Jwt or OAuth Server to Server is available, and whether
  * there is a migration going on from Jwt -> OAuth Server to Server.
  *
  * @private
  * @param {object} credentials all the credentials for the workspace
- * @param {boolean} useJwt prefer jwt, if available.
- * @returns {object} the service credential object
+ * @param {object} options
+ * @param {boolean} options.useJwt prefer jwt, if available.
+ * @param {boolean} options.forceOauthS2S force oauth_server_to_server credential or undefined
+ * @returns {object|undefined} the service credential object
  */
-function getServiceCredential (credentials, imsOrgId, useJwt) {
+function getServiceCredential (credentials, imsOrgId, { useJwt = false, forceOauthS2S = false }) {
   // find jwt / oauth_server_to_server credential
   const jwtCredential = credentials.find(credential => typeof credential.jwt === 'object')
   const oauthS2SCredential = credentials.find(credential => typeof credential.oauth_server_to_server === 'object')
@@ -538,6 +540,10 @@ function getServiceCredential (credentials, imsOrgId, useJwt) {
     oauthS2SCredential.oauth_server_to_server.ims_org_id = imsOrgId
   }
 
+  if (forceOauthS2S) {
+    return oauthS2SCredential // force undefined if oauthS2SCredentials is not found
+  }
+
   if (jwtCredential && oauthS2SCredential) {
     if (useJwt) {
       return jwtCredential.jwt
@@ -584,7 +590,7 @@ function getServiceCredential (credentials, imsOrgId, useJwt) {
  */
 function transformCredentials (credentials, imsOrgId, useJwt) {
   // get jwt / oauth_server_to_server credential
-  const serviceCredential = getServiceCredential(credentials, imsOrgId, useJwt)
+  const serviceCredential = getServiceCredential(credentials, imsOrgId, { useJwt })
 
   return credentials.reduce((acc, credential) => {
     // the json schema enforces for oauth2 OR apiKey OR jwt OR oauth_server_to_server in a credential
@@ -736,6 +742,7 @@ const getProjectCredentialType = (projectConfig, flags) => {
 
 module.exports = {
   getServiceApiKey,
+  getServiceCredential,
   writeFile,
   loadConfigFile,
   loadAndValidateConfigFile,

src/lib/import.js

@@ -1,5 +1,5 @@
-const { loadAndValidateConfigFile, importConfigJson, loadConfigFile, getServiceApiKey } = require('./import-helper')
-const { SERVICE_API_KEY_ENV } = require('./defaults')
+const { loadAndValidateConfigFile, importConfigJson, loadConfigFile, getServiceApiKey, getServiceCredential } = require('./import-helper')
+const { SERVICE_API_KEY_ENV, IMS_OAUTH_S2S_ENV } = require('./defaults')
 
 /**
  * Imports the project's console config to the local environment.
@@ -23,7 +23,14 @@ async function importConsoleConfig (consoleConfigFileOrBuffer, flags) {
   const config = loadFunc(consoleConfigFileOrBuffer).values
 
   const serviceClientId = getServiceApiKey(config, useJwt)
-  const extraEnvVars = { [SERVICE_API_KEY_ENV]: serviceClientId }
+  const oauthS2SCredential = getServiceCredential(config.project?.workspace?.details?.credentials, config.project?.org?.ims_org_id, { forceOauthS2S: true })?.oauth_server_to_server
+
+  let extraEnvVars
+  if (oauthS2SCredential) {
+    extraEnvVars = { [SERVICE_API_KEY_ENV]: serviceClientId, [IMS_OAUTH_S2S_ENV]: JSON.stringify(oauthS2SCredential) }
+  } else {
+    extraEnvVars = { [SERVICE_API_KEY_ENV]: serviceClientId }
+  }
 
   await importConfigJson(consoleConfigFileOrBuffer, process.cwd(), { interactive, overwrite, merge, useJwt }, extraEnvVars)
   return config