Using a service account via the CLI requires log api keys

[ashleyfrieze]

Frodo CLI version

0.24.5

Describe the issue

I've just wasted a few hours with this command:

# assume the variables are set correctly
conn add --sa-id $FR_SVC_ACC_ID --sa-jwk-file service.jwk $FR_TENANT

The error I get is Incomplete or no credentials!

However, after examining the code and taking a wild guess at what's going wrong, I realised that if I provided the log api keys, even if they didn't work, the bit of the code which adds existing service accounts would execute:

conn add --sa-id $FR_SVC_ACC_ID --sa-jwk-file service.jwk --log-api-key IGNORE --log-api-secret IGNORE $FR_TENANT

While it might be reasonable to think that I should have added the --no-log-api switch instead, that doesn't work.

It's all down to this code here:

https://github.com/rockcarver/frodo-cli/blob/main/src/cli/conn/conn-save.ts#L80

This seems to require us to provide a log api key and secret, no matter what we do. Yet the addExistingServiceAccount piece is independent of the logs API.

As a minimum, the documentation for the CLI should offer a lot more help on how to use this, but overall, I think there's some confusion in the code.

[vscheuber]

Confirmed. This is definitely misbehaving.

[vscheuber]

This works better, now, @ashleyfrieze. I'm still not happy with all the silent magic the frodo conn save command performs but I believe your use case is now handled properly. Eventually we might have to add a whole set of connection profile management sub-commands to allow the setting of individual options/values.