How to share an action but not its code, nor parameters

[Dragos Dascalita Haut <dd...@adobe.com.INVALID>]

I think some openwhiskers have this use-case and I'm thinking to start a thread to see what are the current options. and see if we can land a PR if we want to support this use-case.


The need is to share an action with 3rd party developers, while retaining the intellectual property of the code, and potentially the associated default parameters. 3rd party developers should be able to use the action in any composition (meaning to be able to invoke the action from other actions), but should not be able to read its code, nor its default params. The action should look like a blackbox from the outside. Only the namespace owners should be able to manage it ( create, update, delete, etc ).


It looks like this could be achieved in Openwhisk through web actions. The action becomes publicly accessible to any 3rd party developer that knows the URL, while the code and default params are not visible at all.


With Composer [1], we have a nice programming model, and actions can be easily referenced in compositions by their name. We can think of the name of the action ( <namespace>/<package>/<action>) as the "URI" in the context of OpenWhisk. So the question is if there's something today that allows us to reference an action from another namespace in a composition, w/o having to share the code with other developers. And if this is not possible, then WDYT if we make it possible ?


Thanks,

dragos


[1] - https://github.com/ibm-functions/composer

Re: How to share an action but not its code, nor parameters

[Dragos Dascalita Haut <dd...@adobe.com.INVALID>]

Following on this thread after a quick chat with Rodric to discuss the fine grained approach in more details ( credits go to Rodric ).


For the fine grained permissions OpenWhisk could support unix style permissions: "rwx" when defining actions and packages. For example:


   wsk package create my-package --shared yes -a permissions x


This would make actions inside the shared package to be "eXecutable", and w/o the "r", other developers won't be able to read the code, nor the default parameters.  These permissions could be applied at a more granular level to the actions inside a package, in the same way directories and files in unix can have different permissions ( in this context, directory = package, and file = action).


I think this idea alone would solve the need to share actions with others, while keeping the code private. IIUC it should also fix the issue references bellow in the thread.


There are some aspects that result from it:

  1.  In Unix, permissions reflect 3 scopes or classes: permissions for the owner/user, for the group, and for others. What do these mean in the OW context ? Do we see benefits from differentiating between these 3 ? Assuming the "owner" always has "rwx", there's no "group" concept at the moment in OW (we could assume that the "group is the namespace ?), and "others" is what we care about when it comes to permissions.
  2.  Implications for displaying activation results. Right now the caller of the shared action sees the activation results, including its logs. If the permission restricts to "x" only, should it have an implication on the activation result ?
  3.  Code vs default parameters. Should permissions differentiate the code from the default params or they should apply to both ?


This idea can be extended later to support groups, if OpenWhisk extends the namespace:user relation so that a namespace can be accessed by multiple users. At that point, a package, or an action, can be shared with specific developers belonging to a group, including specific permissions. Right now a package is either private, either shared with everybody.


WDYT ?


@Rodric<ma...@gmail.com>, feel free to add to what I missed.


Thanks,

dragos


________________________________
From: Dragos Dascalita Haut <dd...@adobe.com.INVALID>
Sent: Wednesday, February 14, 2018 6:58 PM
To: dev@openwhisk.apache.org
Subject: Re: How to share an action but not its code, nor parameters

"... pursuing the fine grained rights approach. ..."


I was also re-reading your email and I was thinking... it would actually be v nice to have this in openwhisk. In this way developers can fully control what they want to do with the action. Another use-case I once had was to share an action that exposes a key-value store; in that case the action would have the credentials to talk to the key-value store which I didn't want to share with others. Having an option to hide default params from a shared actions would have been handy. So a fine-grained control would help other use-cases too.


dragos
________________________________
From: Rodric Rabbah <ro...@gmail.com>
Sent: Wednesday, February 14, 2018 6:39:04 PM
To: dev@openwhisk.apache.org
Subject: Re: How to share an action but not its code, nor parameters

It’s worth mentioning that going through the web action path limits the compositions to those that can complete is 60s. So there are other benefits to pursuing the fine grained rights approach.

-r

Re: How to share an action but not its code, nor parameters

[Dragos Dascalita Haut <dd...@adobe.com.INVALID>]

"... pursuing the fine grained rights approach. ..."


I was also re-reading your email and I was thinking... it would actually be v nice to have this in openwhisk. In this way developers can fully control what they want to do with the action. Another use-case I once had was to share an action that exposes a key-value store; in that case the action would have the credentials to talk to the key-value store which I didn't want to share with others. Having an option to hide default params from a shared actions would have been handy. So a fine-grained control would help other use-cases too.


dragos
________________________________
From: Rodric Rabbah <ro...@gmail.com>
Sent: Wednesday, February 14, 2018 6:39:04 PM
To: dev@openwhisk.apache.org
Subject: Re: How to share an action but not its code, nor parameters

It’s worth mentioning that going through the web action path limits the compositions to those that can complete is 60s. So there are other benefits to pursuing the fine grained rights approach.

-r

Re: How to share an action but not its code, nor parameters

[Rodric Rabbah <ro...@gmail.com>]

It’s worth mentioning that going through the web action path limits the compositions to those that can complete is 60s. So there are other benefits to pursuing the fine grained rights approach. 

-r

Re: How to share an action but not its code, nor parameters

[Nick Mitchell <mo...@gmail.com>]

i've wanted, for a while now, the ability to encapsulate remote requests,
whether to other actions or to remote services, behind a Composer-like
linguistic facade.

so that, to sequence a call to any REST API, i would like to have, e.g.

composer.sequence('myOwnAction', composer.request({ url: '
https://thirdparty.com', method: 'GET', ... }))

where the argument to composer.request could be precisely that of the
nodejs request NPM. we could do something similar for other languages, i.e.
adopting their dominant schematic paradigm for expressing remote
interactions.

nick

On Wed, Feb 14, 2018 at 9:35 PM, Rodric Rabbah <ro...@gmail.com> wrote:

>
> > How would this work with Composer ?
>
> composer.web(‘namespace/package/name’)
>
> As an example. Olivier may have other ideas.
>
> A combinator in composer is a programmable extension; so either adding
> something specific to web actions or more generally a URL which can codegen
> into an inline HTTP request could work here.
>
> -r

Re: How to share an action but not its code, nor parameters

[Rodric Rabbah <ro...@gmail.com>]

> How would this work with Composer ?

composer.web(‘namespace/package/name’)

As an example. Olivier may have other ideas. 

A combinator in composer is a programmable extension; so either adding something specific to web actions or more generally a URL which can codegen into an inline HTTP request could work here. 

-r

Re: How to share an action but not its code, nor parameters

[Dragos Dascalita Haut <dd...@adobe.com.INVALID>]

"...The obvious path with composer is to create a combinator for invoking a URL, which could treat web actions intrinsically...."

How would this work with Composer ?


I.e a 3rd party developer wants to author a composition like:

compose.sequence( "/other-namespace/pkg/action1", "/other-namespace/pkg/action2")


The owner of "other-namespace" doesn't want to share the src for action1 or action2, but wants others to be able to consume those actions.


Thanks,

dragos

________________________________
From: Rodric Rabbah <ro...@gmail.com>
Sent: Wednesday, February 14, 2018 6:10:47 PM
To: dev@openwhisk.apache.org
Subject: Re: How to share an action but not its code, nor parameters

The obvious path with composer is to create a combinator for invoking a URL, which could treat web actions intrinsically.

This discussion has come up before - there’s also this related open issue on the topic [1]. An alternative would be fine grained privileges on assets where the default rights today are CRUD+Activate.

[1] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fincubator-openwhisk%2Fissues%2F2155&data=02%7C01%7Cddascal%40adobe.com%7C27e9ad9468524993bd2508d5741957a2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636542574549914334&sdata=9mHPq6tunQqMsLWJlJwEgHgHX36kHCfyskfHgotGuVo%3D&reserved=0

-r

Re: How to share an action but not its code, nor parameters

[Rodric Rabbah <ro...@gmail.com>]

The obvious path with composer is to create a combinator for invoking a URL, which could treat web actions intrinsically.

This discussion has come up before - there’s also this related open issue on the topic [1]. An alternative would be fine grained privileges on assets where the default rights today are CRUD+Activate.

[1] https://github.com/apache/incubator-openwhisk/issues/2155

-r