asteed commented on issue #3661: Restrict allowed namespaces when creating action of certain kinds URL: https://github.com/apache/incubator-openwhisk/pull/3661#issuecomment-389667020 @csantanapr here's are two more explicit use cases. 1) The OW system currently supports nodejs kinds in the system manifest. However, as a platform provider there is a need to periodically add support for additional kinds without allowing use across the entire system. Initially we want to restrict these kinds to certain namespaces which are owned and controlled by maintainers of the system. 2) We need to restrict the use of `blackbox` kinds to a namespace containing provider-owned actions which are usable by others within the system. Only actions in these namespaces should be allowed to be created as blackbox kinds. Eventually, this could be handled at an IAM/ACL/oauth level. However, there is no such construct available today. The use cases do not require a per-subject set of ACLs for this particular PR. I see two separate tasks here: 1) Support system-level configuration of how new functionality can be rolled out. 2) Support per-subject IAM and oauth for more granular permissions and entitlement.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services