@adobe/aio-cli-plugin-app 10.2.2 → 10.3.0

package/README.md

@@ -71,7 +71,7 @@ DESCRIPTION
   Create, run, test, and deploy Adobe I/O Apps
 ```
 
-_See code: [src/commands/app/index.js](https://github.com/adobe/aio-cli-plugin-app/blob/10.2.2/src/commands/app/index.js)_
+_See code: [src/commands/app/index.js](https://github.com/adobe/aio-cli-plugin-app/blob/10.3.0/src/commands/app/index.js)_
 
 ## `aio app add`
 
@@ -181,10 +181,12 @@ Subscribe to Services in the current Workspace
 
 ```
 USAGE
-  $ aio app add service [-v] [--version]
+  $ aio app add service [-v] [--version] [--use-jwt]
 
 FLAGS
   -v, --verbose  Verbose output
+  --use-jwt      if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT
+                 credentials
   --version      Show version
 
 DESCRIPTION
@@ -372,10 +374,12 @@ Delete Services in the current Workspace
 
 ```
 USAGE
-  $ aio app delete service [-v] [--version]
+  $ aio app delete service [-v] [--version] [--use-jwt]
 
 FLAGS
   -v, --verbose  Verbose output
+  --use-jwt      if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT
+                 credentials
   --version      Show version
 
 DESCRIPTION
@@ -488,7 +492,7 @@ Create a new Adobe I/O App
 ```
 USAGE
   $ aio app init [PATH] [-v] [--version] [--install] [-y] [--login] [-e <value> | -t <value>]
-    [--standalone-app | ] [-w <value> | -i <value>] [--confirm-new-workspace]
+    [--standalone-app | ] [-w <value> | -i <value>] [--confirm-new-workspace] [--use-jwt]
 
 ARGUMENTS
   PATH  [default: .] Path to the app directory
@@ -505,6 +509,8 @@ FLAGS
   --[no-]install              [default: true] Run npm installation after files are created
   --[no-]login                Login using your Adobe ID for interacting with Adobe I/O Developer Console
   --standalone-app            Create a stand-alone application
+  --use-jwt                   if the config has both jwt and OAuth Server to Server Credentials (while migrating),
+                              prefer the JWT credentials
   --version                   Show version
 
 DESCRIPTION
@@ -647,7 +653,7 @@ Import an Adobe Developer Console configuration file.
 ```
 USAGE
   $ aio app use [CONFIG_FILE_PATH] [-v] [--version] [--overwrite | --merge] [--confirm-new-workspace] [-w
-    <value> | [-g | -w <value>] | ] [--no-service-sync | --confirm-service-sync] [--no-input]
+    <value> | [-g | -w <value>] | ] [--no-service-sync | --confirm-service-sync] [--no-input] [--use-jwt]
 
 ARGUMENTS
   CONFIG_FILE_PATH  path to an Adobe I/O Developer Console configuration file
@@ -670,6 +676,8 @@ FLAGS
                                 Workspace
   --overwrite                   Overwrite any .aio and .env files during import of the Adobe Developer Console
                                 configuration file
+  --use-jwt                     if the config has both jwt and OAuth Server to Server Credentials (while migrating),
+                                prefer the JWT credentials
   --version                     Show version
 
 DESCRIPTION

package/oclif.manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "10.2.2",
+  "version": "10.3.0",
   "commands": {
     "app:build": {
       "id": "app:build",
@@ -489,6 +489,12 @@
           "type": "boolean",
           "description": "Skip and confirm prompt for creating a new workspace",
           "allowNo": false
+        },
+        "use-jwt": {
+          "name": "use-jwt",
+          "type": "boolean",
+          "description": "if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials",
+          "allowNo": false
         }
       },
       "args": {
@@ -943,6 +949,12 @@
           "type": "boolean",
           "description": "Skip user prompts by setting --no-service-sync and --merge. Requires one of config_file_path or --global or --workspace",
           "allowNo": false
+        },
+        "use-jwt": {
+          "name": "use-jwt",
+          "type": "boolean",
+          "description": "if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials",
+          "allowNo": false
         }
       },
       "args": {
@@ -1168,6 +1180,12 @@
           "type": "boolean",
           "description": "Show version",
           "allowNo": false
+        },
+        "use-jwt": {
+          "name": "use-jwt",
+          "type": "boolean",
+          "description": "if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials",
+          "allowNo": false
         }
       },
       "args": {}
@@ -1454,6 +1472,12 @@
           "type": "boolean",
           "description": "Show version",
           "allowNo": false
+        },
+        "use-jwt": {
+          "name": "use-jwt",
+          "type": "boolean",
+          "description": "if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials",
+          "allowNo": false
         }
       },
       "args": {}

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@adobe/aio-cli-plugin-app",
   "description": "Create, Build and Deploy Adobe I/O Applications",
-  "version": "10.2.2",
+  "version": "10.3.0",
   "author": "Adobe Inc.",
   "bugs": "https://github.com/adobe/aio-cli-plugin-app/issues",
   "dependencies": {
     "@adobe/aio-cli-lib-app-config": "^1.0.1",
-    "@adobe/aio-cli-lib-console": "^4.0.0",
+    "@adobe/aio-cli-lib-console": "^4.1.0",
     "@adobe/aio-lib-core-config": "^3.0.0",
     "@adobe/aio-lib-core-logging": "^2.0.0",
     "@adobe/aio-lib-core-networking": "^4.1.0",

package/schema/config.schema.json

@@ -117,7 +117,9 @@
                 },
                 "integration_type": {
                     "type": "string",
-                    "enum": [ 
+                    "enum": [
+                        "oauth_server_to_server",
+                        "oauth_server_to_server_migrate",
                         "oauthweb", 
                         "oauthios", 
                         "oauthandroid", 
@@ -125,23 +127,61 @@
                         "apikey", 
                         "oauthwebapp", 
                         "oauthnativeapp", 
-                        "oauthsinglepageapp",
-                        "oauth_server_to_server"
+                        "oauthsinglepageapp"
                     ]
                 },
+                "oauth_server_to_server": { "$ref": "#/definitions/oauth_server_to_server" },
                 "jwt": { "$ref": "#/definitions/jwt" },
                 "api_key": { "$ref": "#/definitions/api_key" }
             },
             "required": [ "id", "name" ],
-            "if": { "properties": { "integration_type": { "const": "oauthsinglepageapp" } } },
-            "then": { "properties": { "oauth2": { "$ref": "#/definitions/oauthsinglepageapp" } } },
-            "else": { "properties": { "oauth2": { "$ref": "#/definitions/oauth2" } } },
+            "allOf": [
+                {
+                  "if": { "properties": { "integration_type": { "const": "oauthsinglepageapp" } } },
+                  "then": { "properties": { "oauth2": { "$ref": "#/definitions/oauthsinglepageapp" } } },
+                  "else": { "properties": { "oauth2": { "$ref": "#/definitions/oauth2" } } }
+                }
+            ],
             "oneOf": [
-                { "required": ["oauth2"] },
-                { "required": ["jwt"] },
-                { "required": ["api_key"] },
-                { "required": ["oauth_server_to_server"] }
-
+                {
+                  "required": ["oauth2"],
+                  "allOf": [
+                    { "not": { "required": ["api_key"] } },
+                    { "not": { "required": ["jwt"] } },
+                    { "not": { "required": ["oauth_server_to_server"] } }
+                  ] 
+                },
+                {
+                  "required": ["jwt"],
+                  "allOf": [
+                    { "not": { "required": ["api_key"] } },
+                    { "not": { "required": ["oauth2"] } },
+                    { "not": { "required": ["oauth_server_to_server"] } }
+                  ] 
+                },
+                {
+                  "required": ["api_key"],
+                  "allOf": [
+                    { "not": { "required": ["jwt"] } },
+                    { "not": { "required": ["oauth2"] } },
+                    { "not": { "required": ["oauth_server_to_server"] } }
+                  ] 
+                },
+                {
+                  "required": ["oauth_server_to_server"],
+                  "allOf": [
+                    { "not": { "required": ["api_key"] } },
+                    { "not": { "required": ["jwt"] } },
+                    { "not": { "required": ["oauth2"] } }
+                  ] 
+                },
+                {
+                  "required": ["jwt", "oauth_server_to_server"],
+                  "allOf": [
+                    { "not": { "required": ["api_key"] } },
+                    { "not": { "required": ["oauth2"] } }
+                  ] 
+                }
             ]
         },
         "service": {
@@ -179,26 +219,6 @@
             },
             "required": [ "client_id", "client_secret", "redirect_uri", "defaultRedirectUri" ]
         },
-        "oauth_server_to_server": {
-            "properties": {
-                "client_id": { "type": "string" },
-                "client_secrets": { "type": "array" },
-                "technical_account_email": {
-                    "type": "string",
-                    "format": "email"
-                },
-                "technical_account_id": {
-                    "type": "string",
-                    "format": "email"
-                },
-                "scopes": {
-                    "type": "array",
-                    "items": { "type": "string" },
-                    "default": []
-                }
-            },
-            "required": [ "client_id", "client_secrets", "technical_account_email", "technical_account_id", "scopes" ]
-        },
         "oauthsinglepageapp": {
             "type": "object",
             "properties": {
@@ -224,6 +244,31 @@
             },
             "required": ["client_id"]
         },
+        "oauth_server_to_server": {
+            "type": "object",
+            "properties": {
+                "client_id": { "type": "string" },
+                "client_secrets": { 
+                    "type": "array", 
+                    "items": { "type": "string" },
+                    "default": []
+                },
+                "technical_account_email": {
+                    "type": "string",
+                    "format": "email"
+                },
+                "technical_account_id": {
+                    "type": "string",
+                    "format": "email"
+                },
+                "scopes": {
+                    "type": "array",
+                    "items": { "type": "string" },
+                    "default": []
+                }
+            },
+            "required": [ "client_id", "client_secrets", "technical_account_email", "technical_account_id", "scopes" ]
+        },
         "jwt": {
             "type": "object",
             "properties": {

package/src/TemplatesCommand.js

@@ -113,7 +113,7 @@ class TemplatesCommand extends AddCommand {
           type: 'table',
           name: promptName,
           bottomContent: `* = recommended by Adobe; to learn more about the templates, go to ${hyperlinker('https://adobe.ly/templates', 'https://adobe.ly/templates')}`,
-          message: 'Choose the template(s) to install:',
+          message: 'Choose the template(s) to install:\n  Pressing <enter> without selection will skip templates and install a standalone application.\n',
           style: { head: [], border: [] },
           wordWrap: true,
           wrapOnWordBoundary: false,

package/src/commands/app/add/service.js

@@ -10,10 +10,12 @@ governing permissions and limitations under the License.
 */
 
 const { importConsoleConfig, downloadConsoleConfigToBuffer } = require('../../../lib/import')
+const { getProjectCredentialType } = require('../../../lib/import-helper')
 const path = require('path')
 const aioLogger = require('@adobe/aio-lib-core-logging')('@adobe/aio-cli-plugin-app:add:service', { provider: 'debug' })
 const config = require('@adobe/aio-lib-core-config')
 const chalk = require('chalk')
+const { Flags } = require('@oclif/core')
 
 const {
   setOrgServicesConfig,
@@ -44,16 +46,20 @@ class AddServiceCommand extends BaseCommand {
     const project = { name: projectConfig.name, id: projectConfig.id }
     const workspace = { name: projectConfig.workspace.name, id: projectConfig.workspace.id }
 
+    // get project credential type
+    const projectCredentialType = getProjectCredentialType(projectConfig, flags)
+
     // get latest support services
     const supportedServices = await consoleCLI.getEnabledServicesForOrg(orgId)
 
     // get current service properties
-    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspace(
+    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspaceWithCredentialType({
       orgId,
-      project.id,
+      projectId: project.id,
       workspace,
-      supportedServices
-    )
+      supportedServices,
+      credentialType: projectCredentialType
+    })
 
     // update the service config, subscriptions and supported services
     setOrgServicesConfig(supportedServices)
@@ -104,12 +110,14 @@ class AddServiceCommand extends BaseCommand {
         { allowCreate: false }
       )
       // get serviceProperties from source workspace
-      newServiceProperties = await consoleCLI.getServicePropertiesFromWorkspace(
+      newServiceProperties = await consoleCLI.getServicePropertiesFromWorkspaceWithCredentialType({
         orgId,
-        project.id,
-        workspaceFrom,
-        supportedServices
-      )
+        projectId: project.id,
+        workspace: workspaceFrom,
+        supportedServices,
+        credentialType: projectCredentialType
+      })
+
       if (currentServiceNames.length > 0) {
         warnIfOverwriteServicesInProductionWorkspace(project.name, workspace.name)
         if (workspace.name !== 'Production') {
@@ -124,13 +132,14 @@ class AddServiceCommand extends BaseCommand {
     )
     if (confirm) {
       // if confirmed update the services
-      await consoleCLI.subscribeToServices(
+      await consoleCLI.subscribeToServicesWithCredentialType({
         orgId,
         project,
         workspace,
-        path.join(this.config.dataDir, ENTP_INT_CERTS_FOLDER),
-        newServiceProperties
-      )
+        certDir: path.join(this.config.dataDir, ENTP_INT_CERTS_FOLDER),
+        serviceProperties: newServiceProperties,
+        credentialType: projectCredentialType
+      })
 
       // update environment
       const config = {
@@ -154,7 +163,11 @@ AddServiceCommand.description = `Subscribe to Services in the current Workspace
 `
 
 AddServiceCommand.flags = {
-  ...BaseCommand.flags
+  ...BaseCommand.flags,
+  'use-jwt': Flags.boolean({
+    description: 'if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials',
+    default: false
+  })
 }
 
 AddServiceCommand.aliases = ['app:add:services']

package/src/commands/app/delete/service.js

@@ -20,10 +20,13 @@ const {
 } = require('../../../lib/app-helper')
 
 const BaseCommand = require('../../../BaseCommand')
+const { Flags } = require('@oclif/core')
 
-class AddServiceCommand extends BaseCommand {
+const { getProjectCredentialType } = require('../../../lib/import-helper')
+
+class DeleteServiceCommand extends BaseCommand {
   async run () {
-    const { flags } = this.parse(AddServiceCommand)
+    const { flags } = await this.parse(DeleteServiceCommand)
 
     aioLogger.debug(`deleting Services in the current workspace, using flags: ${JSON.stringify(flags, null, 2)}`)
 
@@ -43,13 +46,17 @@ class AddServiceCommand extends BaseCommand {
     // get latest support services
     const supportedServices = await consoleCLI.getEnabledServicesForOrg(orgId)
 
+    // get credential type
+    const projectCredentialType = getProjectCredentialType(projectConfig, flags)
+
     // get current service properties
-    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspace(
+    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspaceWithCredentialType({
       orgId,
-      project.id,
+      projectId: project.id,
       workspace,
-      supportedServices
-    )
+      supportedServices,
+      credentialType: projectCredentialType
+    })
 
     // update the service config, subscriptions and supported services
     setOrgServicesConfig(supportedServices)
@@ -77,13 +84,14 @@ class AddServiceCommand extends BaseCommand {
     )
     if (confirm) {
       // if confirmed update the services
-      await consoleCLI.subscribeToServices(
+      await consoleCLI.subscribeToServicesWithCredentialType({
         orgId,
         project,
         workspace,
-        null, // no need to specify certDir, here we are sure that credentials are attached
-        newServiceProperties
-      )
+        certDir: null, // no need to specify certDir, here we are sure that credentials are attached
+        serviceProperties: newServiceProperties,
+        credentialType: projectCredentialType
+      })
       // update the service configuration with the latest subscriptions
       setWorkspaceServicesConfig(newServiceProperties)
       // success !
@@ -95,14 +103,18 @@ class AddServiceCommand extends BaseCommand {
   }
 }
 
-AddServiceCommand.description = `Delete Services in the current Workspace
+DeleteServiceCommand.description = `Delete Services in the current Workspace
 `
 
-AddServiceCommand.flags = {
-  ...BaseCommand.flags
+DeleteServiceCommand.flags = {
+  ...BaseCommand.flags,
+  'use-jwt': Flags.boolean({
+    description: 'if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials',
+    default: false
+  })
 }
 
-AddServiceCommand.aliases = ['app:delete:services']
-AddServiceCommand.args = []
+DeleteServiceCommand.aliases = ['app:delete:services']
+DeleteServiceCommand.args = []
 
-module.exports = AddServiceCommand
+module.exports = DeleteServiceCommand

package/src/commands/app/init.js

@@ -21,8 +21,8 @@ const TemplateRegistryAPI = require('@adobe/aio-lib-templates')
 const inquirer = require('inquirer')
 const hyperlinker = require('hyperlinker')
 
-const { loadAndValidateConfigFile, importConfigJson } = require('../../lib/import-helper')
-const { SERVICE_API_KEY_ENV } = require('../../lib/defaults')
+const { importConsoleConfig } = require('../../lib/import')
+const { loadAndValidateConfigFile } = require('../../lib/import-helper')
 
 const DEFAULT_WORKSPACE = 'Stage'
 
@@ -123,7 +123,7 @@ class InitCommand extends TemplatesCommand {
 
     // 5. import config - if any
     if (flags.import) {
-      await this.importConsoleConfig(consoleConfig)
+      await this.importConsoleConfig(consoleConfig, flags)
     }
   }
 
@@ -154,7 +154,7 @@ class InitCommand extends TemplatesCommand {
     await this.runCodeGenerators(this.getInitialGenerators(flags), flags.yes, consoleConfig.project.name)
 
     // 8. import config
-    await this.importConsoleConfig(consoleConfig)
+    await this.importConsoleConfig(consoleConfig, flags)
 
     // 9. install templates
     await this.installTemplates({
@@ -337,20 +337,15 @@ class InitCommand extends TemplatesCommand {
   }
 
   // console config is already loaded into object
-  async importConsoleConfig (config) {
-    // get jwt client id
-    const jwtConfig = config.project.workspace.details.credentials && config.project.workspace.details.credentials.find(c => c.jwt)
-    const serviceClientId = (jwtConfig && jwtConfig.jwt.client_id) || ''
-
+  async importConsoleConfig (config, flags) {
     const configBuffer = Buffer.from(JSON.stringify(config))
-    const interactive = false
-    const merge = true
-    await importConfigJson(
-      // NOTE: importConfigJson should support reading json directly
-      configBuffer,
-      process.cwd(),
-      { interactive, merge },
-      { [SERVICE_API_KEY_ENV]: serviceClientId }
+    await importConsoleConfig(configBuffer,
+      {
+        interactive: false,
+        merge: true,
+        'use-jwt': flags['use-jwt'],
+        skipValidation: true
+      }
     )
   }
 }
@@ -398,6 +393,10 @@ InitCommand.flags = {
   'confirm-new-workspace': Flags.boolean({
     description: 'Skip and confirm prompt for creating a new workspace',
     default: false
+  }),
+  'use-jwt': Flags.boolean({
+    description: 'if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials',
+    default: false
   })
 }
 

package/src/commands/app/use.js

@@ -10,7 +10,7 @@ governing permissions and limitations under the License.
 */
 
 const BaseCommand = require('../../BaseCommand')
-const { CONSOLE_CONFIG_KEY } = require('../../lib/import-helper')
+const { CONSOLE_CONFIG_KEY, getProjectCredentialType } = require('../../lib/import-helper')
 const { importConsoleConfig, downloadConsoleConfigToBuffer } = require('../../lib/import')
 const { Flags } = require('@oclif/core')
 const inquirer = require('inquirer')
@@ -22,7 +22,7 @@ const { ENTP_INT_CERTS_FOLDER } = require('../../lib/defaults')
 const aioLogger = require('@adobe/aio-lib-core-logging')('@adobe/aio-cli-plugin-app:use', { provider: 'debug' })
 const chalk = require('chalk')
 
-/* global LibConsoleCLI */
+const LibConsoleCLI = require('@adobe/aio-cli-lib-console')
 
 class Use extends BaseCommand {
   async run () {
@@ -101,10 +101,12 @@ class Use extends BaseCommand {
     // get supported org services
     const supportedServices = await consoleCLI.getEnabledServicesForOrg(newConfig.org.id)
 
-    // sync services in target workspace
+    // only sync services if the current configuration is complete
     if (currentConfigIsComplete) {
-      // only sync if the current configuration is complete
-      await this.syncServicesToTargetWorkspace(consoleCLI, prompt, currentConfig, newConfig, supportedServices, flags)
+      // get project credential type
+      const projectCredentialType = getProjectCredentialType(currentConfig, flags)
+
+      await this.syncServicesToTargetWorkspace(consoleCLI, prompt, currentConfig, newConfig, supportedServices, flags, projectCredentialType)
     }
 
     // download the console configuration for the newly selected org, project, workspace
@@ -133,7 +135,7 @@ class Use extends BaseCommand {
     const projectConfig = config.get('project') || {}
     const org = (projectConfig.org && { id: projectConfig.org.id, name: projectConfig.org.name }) || {}
     const project = { name: projectConfig.name, id: projectConfig.id }
-    const workspace = (projectConfig.workspace && { name: projectConfig.workspace.name, id: projectConfig.workspace.id }) || {}
+    const workspace = (projectConfig.workspace && { ...projectConfig.workspace }) || {}
     return { org, project, workspace }
   }
 
@@ -220,24 +222,26 @@ class Use extends BaseCommand {
    * @param {LibConsoleCLI} consoleCLI lib console config
    * @private
    */
-  async syncServicesToTargetWorkspace (consoleCLI, prompt, currentConfig, newConfig, supportedServices, flags) {
+  async syncServicesToTargetWorkspace (consoleCLI, prompt, currentConfig, newConfig, supportedServices, flags, projectCredentialType) {
     if (flags['no-service-sync']) {
       console.error('Skipping Services sync as \'--no-service-sync=true\'')
       console.error('Please verify Service subscriptions manually for the new Org/Project/Workspace configuration.')
       return
     }
-    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspace(
-      currentConfig.org.id,
-      currentConfig.project.id,
-      currentConfig.workspace,
-      supportedServices
-    )
-    const serviceProperties = await consoleCLI.getServicePropertiesFromWorkspace(
-      newConfig.org.id,
-      newConfig.project.id,
-      newConfig.workspace,
-      supportedServices
-    )
+    const currentServiceProperties = await consoleCLI.getServicePropertiesFromWorkspaceWithCredentialType({
+      orgId: currentConfig.org.id,
+      projectId: currentConfig.project.id,
+      workspace: currentConfig.workspace,
+      supportedServices,
+      credentialType: projectCredentialType
+    })
+    const serviceProperties = await consoleCLI.getServicePropertiesFromWorkspaceWithCredentialType({
+      orgId: newConfig.org.id,
+      projectId: newConfig.project.id,
+      workspace: newConfig.workspace,
+      supportedServices,
+      credentialType: projectCredentialType
+    })
 
     // service subscriptions are same
     if (this.equalSets(
@@ -298,13 +302,14 @@ class Use extends BaseCommand {
       }
     }
 
-    await consoleCLI.subscribeToServices(
-      newConfig.org.id,
-      newConfig.project,
-      newConfig.workspace,
-      path.join(this.config.dataDir, ENTP_INT_CERTS_FOLDER),
-      currentServiceProperties
-    )
+    await consoleCLI.subscribeToServicesWithCredentialType({
+      orgId: newConfig.org.id,
+      project: newConfig.project,
+      workspace: newConfig.workspace,
+      certDir: path.join(this.config.dataDir, ENTP_INT_CERTS_FOLDER),
+      serviceProperties: currentServiceProperties,
+      credentialType: projectCredentialType
+    })
 
     console.error(`✔ Successfully updated Services in Project ${newConfig.project.name} and Workspace ${newConfig.workspace.name}.`)
   }
@@ -386,6 +391,10 @@ Use.flags = {
   'no-input': Flags.boolean({
     description: 'Skip user prompts by setting --no-service-sync and --merge. Requires one of config_file_path or --global or --workspace',
     default: false
+  }),
+  'use-jwt': Flags.boolean({
+    description: 'if the config has both jwt and OAuth Server to Server Credentials (while migrating), prefer the JWT credentials',
+    default: false
   })
 }
 

package/src/lib/import-helper.js

@@ -19,6 +19,7 @@ const yaml = require('js-yaml')
 const hjson = require('hjson')
 const { EOL } = require('os')
 const { validateJsonWithSchema } = require('./install-helper')
+const LibConsoleCLI = require('@adobe/aio-cli-lib-console')
 
 const AIO_FILE = '.aio'
 const ENV_FILE = '.env'
@@ -69,6 +70,30 @@ function loadConfigFile (fileOrBuffer) {
   return { values: {}, format: 'json' }
 }
 
+/**
+ * Run any post-validation checks, for checks that can't be captured in JSON Schema.
+ *
+ * @private
+ */
+// It's okay to have jwt and oauth credentials, we just default to oauth unless the user specifies to use jwt - mgoberling
+//
+// function postValidateChecks (configFileJson) {
+//   // OAuth S2S: secondary check that JSON-Schema can't handle (array item check): credentials of `integration_type`
+//   // "service", "oauth_server_to_server", and "oauth_server_to_server_migrate" are mutually exclusive
+//   const project = configFileJson.project
+//   const serviceIntegration = project?.workspace?.details?.credentials?.find(c => c.integration_type === 'service')
+//   const oauthS2SIntegration = project?.workspace?.details?.credentials?.find(c => c.integration_type === 'oauth_server_to_server')
+//   const oauthS2SMigrateIntegration = project?.workspace?.details?.credentials?.find(c => c.integration_type === 'oauth_server_to_server_migrate')
+
+//   if ((serviceIntegration && oauthS2SIntegration) ||
+//       (serviceIntegration && oauthS2SMigrateIntegration) ||
+//       (oauthS2SIntegration && oauthS2SMigrateIntegration)
+//   ) {
+//     const message = 'Mutually exclusive credentials: "integration_type" values: service, oauth_server_to_server, oauth_server_to_server_migrate'
+//     throw new Error(message)
+//   }
+// }
+
 /**
  * Load and validate a config file
  *
@@ -82,6 +107,11 @@ function loadAndValidateConfigFile (fileOrBuffer) {
     const message = `Missing or invalid keys in config: ${JSON.stringify(configErrors, null, 2)}`
     throw new Error(message)
   }
+
+  // Skip post validate checks for now, it's okay to have both service and oauth
+  // credentials, we just default to oauth unless the user specifies to use jwt - mgoberling
+  // postValidateChecks(res.values)
+
   return res
 }
 
@@ -481,6 +511,46 @@ function transformRuntime (runtime) {
   return newRuntime
 }
 
+/**
+ * Gets the service credential from the credentials.
+ *
+ * This is different if Jwt or OAuth Server to Server is available, and whether
+ * there is a migration going on from Jwt -> OAuth Server to Server.
+ *
+ * @private
+ * @param {object} credentials all the credentials for the workspace
+ * @param {boolean} useJwt prefer jwt, if available.
+ * @returns {object} the service credential object
+ */
+function getServiceCredential (credentials, imsOrgId, useJwt) {
+  // find jwt / oauth_server_to_server credential
+  const jwtCredential = credentials.find(credential => typeof credential.jwt === 'object')
+  const oauthS2SCredential = credentials.find(credential => typeof credential.oauth_server_to_server === 'object')
+
+  // enrich jwt / oauth_server_to_server credentials with ims org id
+  if (jwtCredential && jwtCredential.jwt && !jwtCredential.jwt.ims_org_id) {
+    aioLogger.debug('adding ims_org_id to ims.jwt config')
+    jwtCredential.jwt.ims_org_id = imsOrgId
+  }
+
+  if (oauthS2SCredential && oauthS2SCredential.oauth_server_to_server && !oauthS2SCredential.oauth_server_to_server.ims_org_id) {
+    aioLogger.debug('adding ims_org_id to ims.oauth_server_to_server config')
+    oauthS2SCredential.oauth_server_to_server.ims_org_id = imsOrgId
+  }
+
+  if (jwtCredential && oauthS2SCredential) {
+    if (useJwt) {
+      return jwtCredential.jwt
+    } else {
+      return oauthS2SCredential.oauth_server_to_server
+    }
+  } else if (oauthS2SCredential) {
+    return oauthS2SCredential.oauth_server_to_server
+  } else if (jwtCredential) {
+    return jwtCredential.jwt
+  }
+}
+
 /**
  * Transforms a credentials array to an object, to what this plugin expects.
  * Enrich with ims_org_id if it is a jwt credential.
@@ -508,22 +578,17 @@ function transformRuntime (runtime) {
  *
  * @param {Array} credentials array from Downloadable File Format
  * @param {string} imsOrgId the ims org id
+ * @param {boolean} useJwt prefer jwt credential (in in OAuth Server to Server migration scenario)
  * @returns {object} the Credentials object
  * @private
  */
-function transformCredentials (credentials, imsOrgId) {
-  // find jwt credential
-  const credential = credentials.find(credential => typeof credential.jwt === 'object')
-
-  // enrich jwt credentials with ims org id
-  if (credential && credential.jwt && !credential.jwt.ims_org_id) {
-    aioLogger.debug('adding ims_org_id to ims.jwt config')
-    credential.jwt.ims_org_id = imsOrgId
-  }
+function transformCredentials (credentials, imsOrgId, useJwt) {
+  // get jwt / oauth_server_to_server credential
+  const serviceCredential = getServiceCredential(credentials, imsOrgId, useJwt)
 
   return credentials.reduce((acc, credential) => {
-    // the json schema enforces for jwt OR oauth2 OR apiKey in a credential
-    const value = credential.oauth2 || credential.jwt || credential.api_key
+    // the json schema enforces for oauth2 OR apiKey OR jwt OR oauth_server_to_server in a credential
+    const value = credential.oauth2 || credential.api_key || serviceCredential
 
     const name = credential.name.replace(/ /gi, '_') // replace any spaces with underscores
     acc[name] = value
@@ -586,7 +651,7 @@ async function importConfigJson (configFileOrBuffer, destinationFolder = process
 
   await writeEnv({
     runtime: transformRuntime(runtime),
-    ims: { contexts: transformCredentials(credentials, config.project.org.ims_org_id) }
+    ims: { contexts: transformCredentials(credentials, config.project.org.ims_org_id, flags.useJwt) }
   }, destinationFolder, flags, extraEnvVars)
 
   // remove the credentials
@@ -600,7 +665,77 @@ async function importConfigJson (configFileOrBuffer, destinationFolder = process
   return writeAio(config, destinationFolder, flags)
 }
 
+/**
+ * Gets the service api key from the config file.
+ *
+ * This is different if Jwt or OAuth Server to Server is available, and whether
+ * there is a migration going on from Jwt -> OAuth Server to Server.
+ *
+ * @param {object} configFileJson the config file json
+ * @param {boolean} useJwt prefer the jwt credential, if available.
+ * @returns {string} the service api key
+ */
+function getServiceApiKey (configFileJson, useJwt) {
+  const project = configFileJson?.project
+
+  const jwtConfig = project?.workspace?.details?.credentials?.find(c => c.jwt)
+  const oauthS2SConfig = project?.workspace?.details?.credentials?.find(c => c.oauth_server_to_server)
+
+  const jwtClientId = jwtConfig?.jwt?.client_id
+  const oauthS2SClientId = oauthS2SConfig?.oauth_server_to_server?.client_id
+
+  if (jwtConfig && oauthS2SConfig) {
+    if (useJwt) {
+      return jwtClientId
+    } else {
+      return oauthS2SClientId
+    }
+  } else if (oauthS2SConfig) {
+    return oauthS2SClientId
+  } else if (jwtConfig) {
+    return jwtClientId
+  }
+
+  return ''
+}
+
+/**
+ * Gets the service credential type from .aio data
+ *
+ * @param {object} projectConfig Project config from .aio
+ * @param {object} flags Command flags
+ * @returns {string} the credential type
+ */
+const getProjectCredentialType = (projectConfig, flags) => {
+  // Note: This only looks at the first credential of each type
+  const jwtConfig = projectConfig?.workspace?.details?.credentials?.find(c => c.integration_type === 'service')
+  const oauthS2SConfig = projectConfig?.workspace?.details?.credentials?.find(c => c.integration_type === 'oauth_server_to_server')
+  const oauthS2SMigrateConfig = projectConfig?.workspace?.details?.credentials?.find(c => c.integration_type === 'oauth_server_to_server_migrate')
+
+  if (jwtConfig && oauthS2SConfig) {
+    if (flags['use-jwt']) {
+      return LibConsoleCLI.JWT_CREDENTIAL
+    } else {
+      return LibConsoleCLI.OAUTH_SERVER_TO_SERVER_CREDENTIAL
+    }
+  } else if (oauthS2SConfig) {
+    return LibConsoleCLI.OAUTH_SERVER_TO_SERVER_CREDENTIAL
+  } else if (oauthS2SMigrateConfig) {
+    if (flags['use-jwt']) {
+      return LibConsoleCLI.JWT_CREDENTIAL
+    } else {
+      return LibConsoleCLI.OAUTH_SERVER_TO_SERVER_CREDENTIAL
+    }
+  } else if (jwtConfig) {
+    return LibConsoleCLI.JWT_CREDENTIAL
+  }
+
+  // Default to JWT, like the other lib functions
+  return LibConsoleCLI.OAUTH_SERVER_TO_SERVER_CREDENTIAL
+}
+
 module.exports = {
+  getServiceApiKey,
   writeFile,
   loadConfigFile,
   loadAndValidateConfigFile,
@@ -612,5 +747,6 @@ module.exports = {
   importConfigJson,
   mergeEnv,
   splitEnvLine,
+  getProjectCredentialType,
   CONSOLE_CONFIG_KEY
 }

package/src/lib/import.js

@@ -1,4 +1,4 @@
-const { loadAndValidateConfigFile, importConfigJson } = require('./import-helper')
+const { loadAndValidateConfigFile, importConfigJson, loadConfigFile, getServiceApiKey } = require('./import-helper')
 const { SERVICE_API_KEY_ENV } = require('./defaults')
 
 /**
@@ -11,20 +11,21 @@ const { SERVICE_API_KEY_ENV } = require('./defaults')
 async function importConsoleConfig (consoleConfigFileOrBuffer, flags) {
   const overwrite = flags.overwrite
   const merge = flags.merge
+  const skipValidation = flags.skipValidation
+  const useJwt = flags['use-jwt'] // for migration purposes
   let interactive = true
 
   if (overwrite || merge) {
     interactive = false
   }
 
-  // before importing the config, first extract the service api key id
-  const { values: config } = loadAndValidateConfigFile(consoleConfigFileOrBuffer)
-  const project = config.project
-  const jwtConfig = project.workspace.details.credentials && project.workspace.details.credentials.find(c => c.jwt)
-  const serviceClientId = (jwtConfig && jwtConfig.jwt.client_id) || ''
+  const loadFunc = skipValidation ? loadConfigFile : loadAndValidateConfigFile
+  const config = loadFunc(consoleConfigFileOrBuffer).values
+
+  const serviceClientId = getServiceApiKey(config, useJwt)
   const extraEnvVars = { [SERVICE_API_KEY_ENV]: serviceClientId }
 
-  await importConfigJson(consoleConfigFileOrBuffer, process.cwd(), { interactive, overwrite, merge }, extraEnvVars)
+  await importConfigJson(consoleConfigFileOrBuffer, process.cwd(), { interactive, overwrite, merge, useJwt }, extraEnvVars)
   return config
 }