You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwhisk.apache.org by 甯尤刚 <ni...@navercorp.com> on 2020/04/01 02:26:53 UTC

[discuss] general permission set on an openwhisk entity

Hi, guys.
​
     this pr was implemented long time ago: https://github.com/apache/openwhisk/pull/4058
  this pr's target is `Add protect feature to avoid update or delete actions`
  
     There several points, i want to discuss
     1. Which entity need to be protected when update or delete?
​
         There has several entities in openwhisk, e.g. package, action
         I think package and action also need to be protected when update or delete.   may be have others?
​
     2. How to protect?
         
         there has an option: use `unix style` as @babbah said.
​
         Because original unix style is `aaabbbccc`, `aaa` is the owner's permission(include read/write/execute). `bbb` is the same group of the owner' permission.
         `ccc` is other users's permission.
  
         Our own openwhisk, it seems can be like below
         1. `the own user for the entity`  (this is same as unix's `aaa`)
         2.  it seems have no corresponding concept of unix's `bbb` here
         3. others users(this is same as unix's `ccc`)
​
         so we can assume, if user create action with unix style like this: `77`,  the owner have `read/write/execute` permission, and the other user also have  `read/write/execute` permission
         if user creates action with `55`, the owner have `read/not write/execute` permission, and other users have  `read/not write/execute` permission as well.
​

Re: [discuss] general permission set on an openwhisk entity

Posted by Dominic Kim <st...@gmail.com>.
It looks feasible to me.

Best Regards
Dominic

2020년 4월 1일 (수) 오전 11:27, 甯尤刚 <ni...@navercorp.com>님이 작성:

> Hi, guys.
> ​
>      this pr was implemented long time ago:
> https://github.com/apache/openwhisk/pull/4058
>   this pr's target is `Add protect feature to avoid update or delete
> actions`
>
>      There several points, i want to discuss
>      1. Which entity need to be protected when update or delete?
> ​
>          There has several entities in openwhisk, e.g. package, action
>          I think package and action also need to be protected when update
> or delete.   may be have others?
> ​
>      2. How to protect?
>
>          there has an option: use `unix style` as @babbah said.
> ​
>          Because original unix style is `aaabbbccc`, `aaa` is the owner's
> permission(include read/write/execute). `bbb` is the same group of the
> owner' permission.
>          `ccc` is other users's permission.
>
>          Our own openwhisk, it seems can be like below
>          1. `the own user for the entity`  (this is same as unix's `aaa`)
>          2.  it seems have no corresponding concept of unix's `bbb` here
>          3. others users(this is same as unix's `ccc`)
> ​
>          so we can assume, if user create action with unix style like
> this: `77`,  the owner have `read/write/execute` permission, and the other
> user also have  `read/write/execute` permission
>          if user creates action with `55`, the owner have `read/not
> write/execute` permission, and other users have  `read/not write/execute`
> permission as well.
> ​
>
>

Re: [discuss] general permission set on an openwhisk entity

Posted by 甯尤刚 <ni...@navercorp.com>.
For this feature, i wrote a temp commit to check whether the direction is right,
Please check: https://github.com/apache/openwhisk/pull/4058#issuecomment-626607066 
 

-----Original Message-----
From: "Rodric Rabbah"<ro...@gmail.com>
To: <de...@openwhisk.apache.org>;
Cc:
Sent: 2020/4/22周三 22:08 (GMT+08:00)
Subject: Re: [discuss] general permission set on an openwhisk entity
 
It will be good to get this PR in. I'd favor doing it incrementally,
actions first. Since packages cannot be deleted if actions are not also
deleted, there is implicit protection against deleting a package. However
updates are not prevented and I think the goal is to protect accidental
updates as well.

To make this incremental, the first set of permissions could just about to
read and write from the owner only. I need to look at the PR again to see
how this was implemented. Is it good enough for now?

-r

On Tue, Mar 31, 2020 at 10:27 PM 甯尤刚 <ni...@navercorp.com> wrote:

> Hi, guys.
> ​
>      this pr was implemented long time ago:
> https://github.com/apache/openwhisk/pull/4058
>   this pr's target is `Add protect feature to avoid update or delete
> actions`
>
>      There several points, i want to discuss
>      1. Which entity need to be protected when update or delete?
> ​
>          There has several entities in openwhisk, e.g. package, action
>          I think package and action also need to be protected when update
> or delete.   may be have others?
> ​
>      2. How to protect?
>
>          there has an option: use `unix style` as @babbah said.
> ​
>          Because original unix style is `aaabbbccc`, `aaa` is the owner's
> permission(include read/write/execute). `bbb` is the same group of the
> owner' permission.
>          `ccc` is other users's permission.
>
>          Our own openwhisk, it seems can be like below
>          1. `the own user for the entity`  (this is same as unix's `aaa`)
>          2.  it seems have no corresponding concept of unix's `bbb` here
>          3. others users(this is same as unix's `ccc`)
> ​
>          so we can assume, if user create action with unix style like
> this: `77`,  the owner have `read/write/execute` permission, and the other
> user also have  `read/write/execute` permission
>          if user creates action with `55`, the owner have `read/not
> write/execute` permission, and other users have  `read/not write/execute`
> permission as well.
> ​
>
>

Re: [discuss] general permission set on an openwhisk entity

Posted by Rodric Rabbah <ro...@gmail.com>.
It will be good to get this PR in. I'd favor doing it incrementally,
actions first. Since packages cannot be deleted if actions are not also
deleted, there is implicit protection against deleting a package. However
updates are not prevented and I think the goal is to protect accidental
updates as well.

To make this incremental, the first set of permissions could just about to
read and write from the owner only. I need to look at the PR again to see
how this was implemented. Is it good enough for now?

-r

On Tue, Mar 31, 2020 at 10:27 PM 甯尤刚 <ni...@navercorp.com> wrote:

> Hi, guys.
> ​
>      this pr was implemented long time ago:
> https://github.com/apache/openwhisk/pull/4058
>   this pr's target is `Add protect feature to avoid update or delete
> actions`
>
>      There several points, i want to discuss
>      1. Which entity need to be protected when update or delete?
> ​
>          There has several entities in openwhisk, e.g. package, action
>          I think package and action also need to be protected when update
> or delete.   may be have others?
> ​
>      2. How to protect?
>
>          there has an option: use `unix style` as @babbah said.
> ​
>          Because original unix style is `aaabbbccc`, `aaa` is the owner's
> permission(include read/write/execute). `bbb` is the same group of the
> owner' permission.
>          `ccc` is other users's permission.
>
>          Our own openwhisk, it seems can be like below
>          1. `the own user for the entity`  (this is same as unix's `aaa`)
>          2.  it seems have no corresponding concept of unix's `bbb` here
>          3. others users(this is same as unix's `ccc`)
> ​
>          so we can assume, if user create action with unix style like
> this: `77`,  the owner have `read/write/execute` permission, and the other
> user also have  `read/write/execute` permission
>          if user creates action with `55`, the owner have `read/not
> write/execute` permission, and other users have  `read/not write/execute`
> permission as well.
> ​
>
>