CEXT-5327: Integrate adobe/aio-commerce-lib-config
#55
Conversation
iivvaannxx
force-pushed
the
CEXT-5327-integrate-aio-lib-config
branch
from
7b78217 to
b6b9b34
Compare
iivvaannxx
force-pushed
the
CEXT-5327-integrate-aio-lib-config
branch
from
c9f18e0 to
8413931
Compare
iivvaannxx
changed the base branch from
main
to
business-config-do-not-delete
| @@ -0,0 +1,99 @@ | |||
| operations: | |||
There was a problem hiding this comment.
can you elaborate on the general concept about this and how it is used in config management?
first time I see
There was a problem hiding this comment.
Not particularly aware of what's the use case but is something that @asalloum5 spoke in the past and he might be able to explain it.
There was a problem hiding this comment.
found this looking in the docs but not sure about its effect https://developer.adobe.com/app-builder/docs/guides/app_builder_guides/configuration/configuration#definition-of-dxasset-computeworker1
There was a problem hiding this comment.
IIRC, it allows to get a list of the operations an extension point has (some kind of metadata). This serves the purpose of not having to guess (or assume) that some operation is present, and also know which is the runtime action that performs it.
| function: .generated/actions/app-management/get-scope-tree.js | ||
| web: yes | ||
| runtime: nodejs:22 | ||
| inputs: |
There was a problem hiding this comment.
action is not hitting the instance, are you sure injecting the credentials is required?
There was a problem hiding this comment.
I believe for this runtime action hitting commerce is "optional" on whether you feed the commerceConfig or not, but I didn't implement so not sure why. @aminakhyat Implemented that and she's out these days, but maybe @emartinpalomas knows the answer 🤔
There was a problem hiding this comment.
same comment about least privilege principle, we have to be careful on injecting the minimum credentials as possible
| web: yes | ||
| runtime: nodejs:22 | ||
| inputs: | ||
| LOG_LEVEL: info |
There was a problem hiding this comment.
would be nice to be able to configure this using an env var
There was a problem hiding this comment.
Will create a patch in @adobe/aio-commerce-lib-config to fix that 👍🏻
There was a problem hiding this comment.
is this file autogenerated? if so it is missing the notice
There was a problem hiding this comment.
probably has to be moved into .generated folder too
There was a problem hiding this comment.
Yes and no, while some of it's contents are auto-generated, you might want to add some extra configuration to it. You may want to add a hook for example, in the current implementation I placed hooks in the app.config.yaml, but nothing stops you from doing it in the ext.config.yaml.
Having it in .generated would be confusing in that sense. But will keep it in mind and discuss it with @aminakhyat when she comes back. For now, I'll add only a comment to the generated properties.
| require-adobe-auth: true | ||
| final: true | ||
| include: | ||
| - - .generated/configuration-schema.json |
There was a problem hiding this comment.
is this two dashes syntax correct?
There was a problem hiding this comment.
Yep, include is actually an array of arrays in the shape of [[source, dest], [source, dest]]. I'd prefer to write this in the format of multiple - [source, dest] but that is the output of the yaml stringify operation.
| AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET: $AIO_COMMERCE_AUTH_INTEGRATION_CONSUMER_SECRET | ||
| AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN: $AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN | ||
| AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET: $AIO_COMMERCE_AUTH_INTEGRATION_ACCESS_TOKEN_SECRET | ||
| AIO_COMMERCE_AUTH_IMS_CLIENT_ID: $AIO_COMMERCE_AUTH_IMS_CLIENT_ID |
There was a problem hiding this comment.
Not sure if you need this IMS credentials here: if the requestor is from Commerce admin or Unified Shell the token should have already the needed scopes to request to the instance. Therefore, you can just grab the token from Authentication header and forward.
Same for PaaS if they use IMS, not sure if we need integration creds.
Have you explored this option?
There was a problem hiding this comment.
Probably not, token forwarding is something that we can implement but it's not present right now, so as of this moment we need the inputs.
There was a problem hiding this comment.
I believe is important in this case since code is autogenerated from a lib we provide, should follow least principle privilege. I'd strongly suggest you consider token forwarding for the config implementation (extra points if it comes from the auth lib).
Description
Integrates the new business configuration library as an initial step towards unified app-management. Renames environment variables as needed per the generated actions.
Additional Fixes
ci.yml, which was mismatched from the required version declared in thepackage.jsonenginesproperty.Ticket
CEXT-5327