I upgraded our SuiteCommerce Extension Management ...
# suitecommercek
Keith Fetterman
04/27/2023, 3:30 PMI upgraded our SuiteCommerce Extension Management bundle to 2023.1.0. This is the first version that I’ve worked with that requires the creation of the Integration record and placing the client key & secret in the .env file. When I performed a gulp theme:fetch, it still prompted me for a server token that is stored in the .nstba file. I was not expecting this.
I created the integration record on a client’s sandbox. I first fetched from the sandbox successfully after creating a new token. I then fetched from the client’s production account after being prompted for a new token. Wait. I didn’t create an integration record on the production account. How was I able to fetch? Doesn’t an integration record have to exist first?
I discovered that an integration record was automatically created in the production account using the same name as the one I created in the sandbox.
I would like to understand how the TBA has changed and why the integration record was automatically created on the production account.
I am also wondering if it’s acceptable to commit the .env file to a repository so it can be shared between developers. My gut tells me this is a bad idea, and each developer should have their own integration record client key/secret. But, since each user is prompted to create an access token, which required NetSuite access, maybe it’s okay to commit the .env file to the repo.
I would appreciate other users’ experiences and recommendations.
e
eminero
04/28/2023, 2:09 PMI have not tried yet SEM 2023.1.0 but did you check if the bundle includes an integration record?
k
Keith Fetterman
04/28/2023, 2:55 PM@eminero, it does not. The new bundle includes an .env file with the fields, but no values. The 2023.1 SCA release notes provides instructions on how to create the integration record and populate the .env file.
e
eminero
04/28/2023, 3:34 PMYes, I remember that for one project I had to create the integration record and populate the .env but for others no, however I was not sure why. Once I got a client with the latest version I will let you know my experience on that.
eminero
04/28/2023, 3:36 PMRelated to the .env file to commit on the repo, the best practice in general is not commit any sensitive data like tokens, keys, passwords, etc. For example in node.js you can create your local environment variables but they are ignore in the repo. I would suggest to have an integration record by developer in each account.
k
Keith Fetterman
04/28/2023, 5:18 PM@eminero, thanks. I ran a test to see if the .env file could be copied to a different computer (simulate committing it to a repo), and it works, so you could commit the .env file. I agree that sensitive data shouldn’t be placed to a repo. But, since the pre 2023.1 developer tools used the “SC-TBA” integration record and each user has to create an access token before they can gain access to a NetSuite account, I am wondering if we can make an exception for the .env file.
I thought the developer tools have been using TBA for several years. I looked at the “SC-TBA” integration record, and it says it’s TBA. I wonder what changed with 2023.1.
Keith Fetterman
04/28/2023, 5:31 PMI was worried about having to manage a separate .env file for sandbox and production accounts. I discovered that you don’t.
Yesterday, I created the integration record on a sandbox account then fetched the theme from that same account. I had to create a new access token.
I then performed a fetch from the production account, and I had create a new access token. I was expecting to have to create a new integration record. When checked on the production account, the integration record that I created on the sandbox account existed on the production account. The only difference was the date & time when it was created.
Today, I ran a test. I checked a different sandbox account to see if my integration record existed, and it did not exist. I then fetched the theme from that sandbox account. I created a new access token. After fetching the theme, I checked to see if my integration record was created on the sandbox account. It was there with today’s date and time.
Very odd.
e
eminero
04/28/2023, 6:59 PMyeah, that seems pretty weird. Sandbox changes are not reflected on production, unless there is some code that automatically create something when you use the cli to fetch/deploy. Thanks for sharing this!
k
Keith Fetterman
04/28/2023, 7:10 PMI wonder if NetSuite is running a separate TBA server.
2 Views