asteed opened a new pull request #4114: Update KindRestrictor to merge subject and default whitelists URL: https://github.com/apache/incubator-openwhisk/pull/4114 <!--- Provide a concise summary of your changes in the Title --> When performing `KindRestrictor.check()`, merge the contents of both the namespace's `allowedKinds` limit with the system's default `whitelist` of allowed kinds. Originally, the namespace's value for the `allowedKinds` limit was used _instead of_ the value of the default `whitelist` set for the system. However, while crafting a deployment plan enabling whitelist support, we ran into concerns around maintaining these per-namespace whitelists as the system and user/namespace population grows. The most notable scenario of concern is when a kind is added or removed from the OW system's runtime manifest. After these are added to the manifest, any existing default whitelist will need to be updated to include/exclude the new kinds. This is an expected maintenance operation. However, in addition to this, _all *existing* limits_ for namespaces' `allowedKinds` additionally have to be modified. As new kinds enter the system, enabling access to new kinds (which are _already accessible_ for those _without_ an explicit namespace `allowedKinds` limit) will require a _batch_ operation (or migration) to update the `allowedKinds` namespace limit. This becomes a particularly unnecessary operation that can grow over time. The solution outlined in this PR is to reduce the need to perform updates per-namespace when the default whitelist can be merged together with the namespace limit. ## Description <!--- Provide a detailed description of your changes. --> <!--- Include details of what problem you are solving and how your changes are tested. --> ## Related issue and scope <!--- Please include a link to a related issue if there is one. --> - [ ] I opened an issue to propose and discuss this change (#????) ## My changes affect the following components <!--- Select below all system components are affected by your change. --> <!--- Enter an `x` in all applicable boxes. --> - [ ] API - [X] Controller - [ ] Message Bus (e.g., Kafka) - [ ] Loadbalancer - [ ] Invoker - [ ] Intrinsic actions (e.g., sequences, conductors) - [ ] Data stores (e.g., CouchDB) - [ ] Tests - [ ] Deployment - [ ] CLI - [ ] General tooling - [ ] Documentation ## Types of changes <!--- What types of changes does your code introduce? Use `x` in all the boxes that apply: --> - [ ] Bug fix (generally a non-breaking change which closes an issue). - [ ] Enhancement or new feature (adds new functionality). - [X] Breaking change (a bug fix or enhancement which changes existing behavior). ## Checklist: <!--- Please review the points below which help you make sure you've covered all aspects of the change you're making. --> - [X] I signed an [Apache CLA](https://github.com/apache/incubator-openwhisk/blob/master/CONTRIBUTING.md). - [X] I reviewed the [style guides](https://github.com/apache/incubator-openwhisk/wiki/Contributing:-Git-guidelines#code-readiness) and followed the recommendations (Travis CI will check :). - [X] I added tests to cover my changes. - [ ] My changes require further changes to the documentation. - [ ] I updated the documentation where necessary.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services