You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/06/12 11:29:45 UTC

[GitHub] mhenke1 commented on a change in pull request #3752: Move uuid into namespace to decouple it from authkey

mhenke1 commented on a change in pull request #3752: Move uuid into namespace to decouple it from authkey
URL: https://github.com/apache/incubator-openwhisk/pull/3752#discussion_r194703021
 
 

 ##########
 File path: common/scala/src/main/scala/whisk/core/entity/Identity.scala
 ##########
 @@ -38,13 +37,17 @@ object UserLimits extends DefaultJsonProtocol {
   implicit val serdes = jsonFormat3(UserLimits.apply)
 }
 
+protected[core] case class Namespace(name: EntityName, uuid: UUID)
+
+protected[core] object Namespace extends DefaultJsonProtocol {
+  implicit val serdes = jsonFormat2(Namespace.apply)
+}
+
 protected[core] case class Identity(subject: Subject,
-                                    namespace: EntityName,
+                                    namespace: Namespace,
 
 Review comment:
   The PR has to two motivations.
   The first one is to make the (mis-)usage of the uuid as unique namespace alias explicit. 
   The change  makes unrelated parts of the system (like for example authentication and user metrics)  also unrelated on the code level.  This could of course be done by providing new access functions to the Identity object. 
   My second - not fully outspoken -  motivation for the change is to pave the path
   to make the authentication extensible and/or exchangeable. For both cases it is imaginable 
   the another authentication implementation  might not depend (fully) on the subject db but (additional) on an external identity and access management system that will not provide a uuid.
   
   I plan to discuss a proposal for extending authentication and authorization on the dev list in the very near future. Since I saw this change more as driven by hygienic reasons (see my first motivation) I put it out separately.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services