2019-09-12 18:28:38 UTC - Jona: Hi there ! https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568312918126900 ---- 2019-09-12 18:33:16 UTC - Jona: I use the Serverless framework to create openwhisk actions (on IBMCloud platform). I am trying to set environment variables to then call them with `process.env.MY_SECRET` (using Node.js). I came across this issue: <https://github.com/serverless/serverless-openwhisk/issues/64> where it is advised to basically set `parameters`. However, I find it quite odd, since my understanding is that in an API based action, users might tamper with my secrets by passing theirs as a parameter. Am I correct ? https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568313196131300 ---- 2019-09-12 18:50:29 UTC - Rodric Rabbah: hi Jona.
See <https://github.com/apache/openwhisk/blob/master/docs/webactions.md#protected-parameters>. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568314229131700 ---- 2019-09-12 18:50:49 UTC - Rodric Rabbah: Parameters on a web action are protected and cannot be overridden if they already have a value defined https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568314249132200 ---- 2019-09-12 18:52:05 UTC - Rodric Rabbah: That said, we recently introduced the ability to designate certain parameters as environment (init time) parameters. The tooling hasn’t caught up yet. I’l comment on the issue you noted. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568314325133300 ---- 2019-09-12 18:58:02 UTC - Jona: Oh I see Thanks https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568314682133700 ---- 2019-09-12 18:59:12 UTC - Jona: In fact I just tested it right now and it correctly output: ``` "error": "Request defines parameters that are not allowed (e.g., reserved properties)." ``` +1 : Rodric Rabbah https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1568314752134800 ----
