Re: change the default action context to omit api key

Wed, 13 Feb 2019 13:29:14 -0800 

I agree the api_key is bad, when not using e.g. OW npm within the action. +1 
for using an annotation to enable this.

activation_id is required to do the right thing for logging with concurrency 
enabled - but I'm also not sure what risk it is to include that? It will be in 
the response header anyways still right?

Namespace + action - similar to activation_id, this is already available to the 
client and may have some convenience for action devs (especially with logging 
concurrent actiavitons __ )

From my perspective, I would just change the api_key to be explicitly passed, 
and leave the rest as-is.

Thanks
Tyson

On 2/13/19, 1:09 PM, "Rodric Rabbah" <rod...@gmail.com> wrote:

    Hi,
    
    I'm looking for feedback on the following issue:
    
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fincubator-openwhisk%2Fissues%2F4226&amp;data=02%7C01%7Ctnorris%40adobe.com%7C549eb49aa3e04739078e08d691f78c5b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636856889729887501&amp;sdata=hcDnwNeHsOPcrmwQ3YRC1lSGmYBvre0WIpN5lGdmqFk%3D&amp;reserved=0
    
    Actions receives the API key in the environment even if it is not
    necessary. This should not be the default behavior. With the issue I'm
    proposing that we flip the default and provide an annotation on the action
    to enable the key forwarding to preserve existing behavior.
    
    Additionally We currently created the following context:
    {
           "api_host": process.env['__OW_API_HOST'],
           "api_key": process.env['__OW_API_KEY'],
           "namespace": process.env['__OW_NAMESPACE'],
           "action_name": process.env['__OW_ACTION_NAME'],
           "activation_id": process.env['__OW_ACTIVATION_ID'],
           "deadline": process.env['__OW_DEADLINE']
    }
    
    
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fincubator-openwhisk%2Fblob%2Fda21c9fe49b2ae72c95b6866b30d984c65253724%2Fcore%2Finvoker%2Fsrc%2Fmain%2Fscala%2Forg%2Fapache%2Fopenwhisk%2Fcore%2Fcontainerpool%2FContainerProxy.scala%23L565-L571&amp;data=02%7C01%7Ctnorris%40adobe.com%7C549eb49aa3e04739078e08d691f78c5b%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636856889729887501&amp;sdata=qCfYzoSy%2BpAJAAC%2FDFBX%2Fu4NDkccE96eCbRvMwkvP9E%3D&amp;reserved=0
    
    Should we hide the namespace, action name and activation id as well?
    
    -r

Reply via email to