My concern is that if you do not pass the API key, all the actions that invoke other actions must be marked explictly as requiring another API key. From one side I understand the fact the security risk that an action can be fooled to leak the authorization key, from the other side I think actions should still be able to invoke other actions without being marked to do that.
Probably the ideal would be to replace the API key with a key with an expiry time, that can be used only within the lifespan of the action to invoke other actions. -- Michele Sciabarra [email protected] ----- Original message ----- From: Rodric Rabbah <[email protected]> To: [email protected] Subject: change the default action context to omit api key Date: Wed, 13 Feb 2019 16:08:48 -0500 Hi, I'm looking for feedback on the following issue: https://github.com/apache/incubator-openwhisk/issues/4226 Actions receives the API key in the environment even if it is not necessary. This should not be the default behavior. With the issue I'm proposing that we flip the default and provide an annotation on the action to enable the key forwarding to preserve existing behavior. Additionally We currently created the following context: { "api_host": process.env['__OW_API_HOST'], "api_key": process.env['__OW_API_KEY'], "namespace": process.env['__OW_NAMESPACE'], "action_name": process.env['__OW_ACTION_NAME'], "activation_id": process.env['__OW_ACTIVATION_ID'], "deadline": process.env['__OW_DEADLINE'] } https://github.com/apache/incubator-openwhisk/blob/da21c9fe49b2ae72c95b6866b30d984c65253724/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/ContainerProxy.scala#L565-L571 Should we hide the namespace, action name and activation id as well? -r
