I agree the api_key is bad, when not using e.g. OW npm within the action. +1 for using an annotation to enable this.
activation_id is required to do the right thing for logging with concurrency enabled - but I'm also not sure what risk it is to include that? It will be in the response header anyways still right? Namespace + action - similar to activation_id, this is already available to the client and may have some convenience for action devs (especially with logging concurrent actiavitons __ ) From my perspective, I would just change the api_key to be explicitly passed, and leave the rest as-is. Thanks Tyson On 2/13/19, 1:09 PM, "Rodric Rabbah" <rod...@gmail.com> wrote: Hi, I'm looking for feedback on the following issue: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fincubator-openwhisk%2Fissues%2F4226&data=02%7C01%7Ctnorris%40adobe.com%7C549eb49aa3e04739078e08d691f78c5b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636856889729887501&sdata=hcDnwNeHsOPcrmwQ3YRC1lSGmYBvre0WIpN5lGdmqFk%3D&reserved=0 Actions receives the API key in the environment even if it is not necessary. This should not be the default behavior. With the issue I'm proposing that we flip the default and provide an annotation on the action to enable the key forwarding to preserve existing behavior. Additionally We currently created the following context: { "api_host": process.env['__OW_API_HOST'], "api_key": process.env['__OW_API_KEY'], "namespace": process.env['__OW_NAMESPACE'], "action_name": process.env['__OW_ACTION_NAME'], "activation_id": process.env['__OW_ACTIVATION_ID'], "deadline": process.env['__OW_DEADLINE'] } https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fincubator-openwhisk%2Fblob%2Fda21c9fe49b2ae72c95b6866b30d984c65253724%2Fcore%2Finvoker%2Fsrc%2Fmain%2Fscala%2Forg%2Fapache%2Fopenwhisk%2Fcore%2Fcontainerpool%2FContainerProxy.scala%23L565-L571&data=02%7C01%7Ctnorris%40adobe.com%7C549eb49aa3e04739078e08d691f78c5b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636856889729887501&sdata=qCfYzoSy%2BpAJAAC%2FDFBX%2Fu4NDkccE96eCbRvMwkvP9E%3D&reserved=0 Should we hide the namespace, action name and activation id as well? -r