Update application.conf

Changed Flag to shared-packages-execute-only with default value set to false.

Author: bkemburu

common/scala/src/main/resources/application.conf

@@ -99,7 +99,7 @@ kamon {
 }
 
 whisk {
-    #packages-execute-only = true
+    shared-packages-execute-only = false
     metrics {
         # Enable/disable Prometheus support. If enabled then metrics would be exposed at `/metrics` endpoint
         # If Prometheus is enabled then please review `kamon.metric.tick-interval` (set to 1 sec by default above).

common/scala/src/main/scala/org/apache/openwhisk/core/WhiskConfig.scala

@@ -273,4 +273,4 @@ object ConfigKeys {
   val apacheClientConfig = "whisk.apache-client"
 
   val parameterStorage = "whisk.parameter-storage"
-}
+}

core/controller/src/main/scala/org/apache/openwhisk/core/controller/Actions.scala

@@ -46,6 +46,7 @@ import org.apache.openwhisk.core.entitlement.Collection
 import org.apache.openwhisk.core.loadBalancer.LoadBalancerException
 import pureconfig._
 import org.apache.openwhisk.core.ConfigKeys
+
 /**
  * A singleton object which defines the properties that must be present in a configuration
  * in order to implement the actions API.
@@ -105,9 +106,10 @@ trait WhiskActionsApi extends WhiskCollectionAPI with PostActionActivation with
   protected val activationStore: ActivationStore
 
   /** Config flag for Execute Only for Actions in Shared Packages */
-  protected def executeOnly = Try({
-    loadConfigOrThrow[Boolean](ConfigKeys.sharedPackageExecuteOnly)
-  }).getOrElse(false)
+  protected def executeOnly =
+    Try({
+      loadConfigOrThrow[Boolean](ConfigKeys.sharedPackageExecuteOnly)
+    }).getOrElse(false)
 
   /** Entity normalizer to JSON object. */
   import RestApiCommons.emptyEntityToJsObject
@@ -337,8 +339,6 @@ trait WhiskActionsApi extends WhiskCollectionAPI with PostActionActivation with
     deleteEntity(WhiskAction, entityStore, entityName.toDocId, (a: WhiskAction) => Future.successful({}))
   }
 
-
-
   /**
    * Gets action. The action name is prefixed with the namespace to create the primary index key.
    *
@@ -352,40 +352,43 @@ trait WhiskActionsApi extends WhiskCollectionAPI with PostActionActivation with
     parameter('code ? true) { code =>
       //check if execute only is enabled, and if there is a discrepancy between the current user's namespace
       //and that of the entity we are trying to fetch
-     if (executeOnly && user.namespace.name.toString != entityName.namespace.toString) {
+      if (executeOnly && user.namespace.name.toString != entityName.namespace.toString) {
         val value = entityName.path
-        terminate(StatusCode.int2StatusCode(403), s"GET not permitted for '$value' since it's an action in a shared package")
+        terminate(
+          StatusCode.int2StatusCode(403),
+          s"GET not permitted for '$value' since it's an action in a shared package")
       } else {
         code match {
           case true =>
-              //Resolve Binding(Package) of the action
-              getEntity(
-                WhiskPackage.resolveBinding(entityStore, entityName.path.toDocId, mergeParameters = true),
-                Some {pkg: WhiskPackage =>
-                  val originalPackageLocation = pkg.fullyQualifiedName(withVersion = false).namespace
-                  if (executeOnly && originalPackageLocation != entityName.namespace){
-                    terminate(StatusCode.int2StatusCode(403),
-                      s"GET not permitted for '${entityName.toDocId}'. Resource does not exist or an action in a shared package binding")
-                  }else{
-                    getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, entityName), Some {
-                      action: WhiskAction =>
-                        val mergedAction = env map {
-                          action inherit _
-                        } getOrElse action
-                        complete(OK, mergedAction)
-                    })
-                  }
+            //Resolve Binding(Package) of the action
+            getEntity(
+              WhiskPackage.resolveBinding(entityStore, entityName.path.toDocId, mergeParameters = true),
+              Some { pkg: WhiskPackage =>
+                val originalPackageLocation = pkg.fullyQualifiedName(withVersion = false).namespace
+                if (executeOnly && originalPackageLocation != entityName.namespace) {
+                  terminate(
+                    StatusCode.int2StatusCode(403),
+                    s"GET not permitted for '${entityName.toDocId}'. Resource does not exist or an action in a shared package binding")
+                } else {
+                  getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, entityName), Some {
+                    action: WhiskAction =>
+                      val mergedAction = env map {
+                        action inherit _
+                      } getOrElse action
+                      complete(OK, mergedAction)
+                  })
                 }
-              )
+              })
           case false =>
             getEntity(
               WhiskPackage.resolveBinding(entityStore, entityName.path.toDocId, mergeParameters = true),
-              Some {pkg: WhiskPackage =>
+              Some { pkg: WhiskPackage =>
                 val originalPackageLocation = pkg.fullyQualifiedName(withVersion = false).namespace
-                if (executeOnly && originalPackageLocation != entityName.namespace){
-                  terminate(StatusCode.int2StatusCode(403),
+                if (executeOnly && originalPackageLocation != entityName.namespace) {
+                  terminate(
+                    StatusCode.int2StatusCode(403),
                     s"GET not permitted for '${entityName.toDocId}'. Resource does not exist or an action in a shared package binding")
-                }else{
+                } else {
                   getEntity(WhiskActionMetaData.resolveActionAndMergeParameters(entityStore, entityName), Some {
                     action: WhiskActionMetaData =>
                       val mergedAction = env map {
@@ -394,14 +397,12 @@ trait WhiskActionsApi extends WhiskCollectionAPI with PostActionActivation with
                       complete(OK, mergedAction)
                   })
                 }
-              }
-            )
-         }
-     }
+              })
+        }
+      }
     }
   }
 
-
   /**
    * Gets all actions in a path.
    *

core/controller/src/main/scala/org/apache/openwhisk/core/controller/Packages.scala

@@ -44,10 +44,10 @@ trait WhiskPackagesApi extends WhiskCollectionAPI with ReferencedEntities {
   protected val entityStore: EntityStore
 
   /** Config flag for Execute Only for Shared Packages */
-
-  protected def executeOnly = Try({
-    loadConfigOrThrow[Boolean](ConfigKeys.sharedPackageExecuteOnly)
-  }).getOrElse(false)
+  protected def executeOnly =
+    Try({
+      loadConfigOrThrow[Boolean](ConfigKeys.sharedPackageExecuteOnly)
+    }).getOrElse(false)
 
   /** Notification service for cache invalidation. */
   protected implicit val cacheChangeNotification: Some[CacheChangeNotification]
@@ -153,7 +153,6 @@ trait WhiskPackagesApi extends WhiskCollectionAPI with ReferencedEntities {
       })
   }
 
-
   /**
    * Gets package/binding.
    * The package/binding name is prefixed with the namespace to create the primary index key.
@@ -168,9 +167,9 @@ trait WhiskPackagesApi extends WhiskCollectionAPI with ReferencedEntities {
   override def fetch(user: Identity, entityName: FullyQualifiedEntityName, env: Option[Parameters])(
     implicit transid: TransactionId) = {
     if (executeOnly && user.namespace.name.toString != entityName.namespace.toString) {
-        val value = entityName.toString
-        terminate(StatusCode.int2StatusCode(403), s"GET not permitted for '$value' since it's a shared package")
-    }else {
+      val value = entityName.toString
+      terminate(StatusCode.int2StatusCode(403), s"GET not permitted for '$value' since it's a shared package")
+    } else {
       getEntity(WhiskPackage.get(entityStore, entityName.toDocId), Some {
         mergePackageWithBinding() _
       })
@@ -320,13 +319,16 @@ trait WhiskPackagesApi extends WhiskCollectionAPI with ReferencedEntities {
           logging.error(this, s"unexpected package binding refers to itself: $docid")
           terminate(UnprocessableEntity, Messages.packageBindingCircularReference(b.fullyQualifiedName.toString))
         } else {
+
           /** Here's where I check package execute only case with package binding. */
           val packagePath = wp.namespace.toString()
           val bindingPath = wp.binding.iterator.next().toString()
           val indexOfSlash = bindingPath.indexOf('/')
-          if (executeOnly && packagePath != bindingPath.take(indexOfSlash)){
-            terminate(StatusCode.int2StatusCode(403), s"GET not permitted since ${wp.name.toString} is a binding of a shared package")
-          }else {
+          if (executeOnly && packagePath != bindingPath.take(indexOfSlash)) {
+            terminate(
+              StatusCode.int2StatusCode(403),
+              s"GET not permitted since ${wp.name.toString} is a binding of a shared package")
+          } else {
             getEntity(WhiskPackage.get(entityStore, docid), Some {
               mergePackageWithBinding(Some {
                 wp

tests/src/test/scala/org/apache/openwhisk/core/controller/test/PackageActionsApiTests.scala

@@ -639,7 +639,7 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
   var testExecuteOnly = false
   override def executeOnly = testExecuteOnly
 
-  it should("allow access to get of action in binding of shared package when config option is disabled") in {
+  it should ("allow access to get of action in binding of shared package when config option is disabled") in {
     testExecuteOnly = false
     implicit val tid = transid()
     val auser = WhiskAuthHelpers.newIdentity()
@@ -654,18 +654,18 @@ class PackageActionsApiTests extends ControllerTestCommon with WhiskActionsApi {
     }
   }
 
-  it should("deny access to get of action in binding of shared package when config option is enabled") in {
-      testExecuteOnly = true
-      implicit val tid = transid()
-      val auser = WhiskAuthHelpers.newIdentity()
-      val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
-      val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
-      val action = WhiskAction(provider.fullPath, aname(), jsDefault("??"), Parameters("a", "A"))
-      put(entityStore, provider)
-      put(entityStore, binding)
-      put(entityStore, action)
-      Get(s"$collectionPath/${binding.name}/${action.name}") ~> Route.seal(routes(auser)) ~> check {
-        status should be(Forbidden)
-      }
+  it should ("deny access to get of action in binding of shared package when config option is enabled") in {
+    testExecuteOnly = true
+    implicit val tid = transid()
+    val auser = WhiskAuthHelpers.newIdentity()
+    val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
+    val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
+    val action = WhiskAction(provider.fullPath, aname(), jsDefault("??"), Parameters("a", "A"))
+    put(entityStore, provider)
+    put(entityStore, binding)
+    put(entityStore, action)
+    Get(s"$collectionPath/${binding.name}/${action.name}") ~> Route.seal(routes(auser)) ~> check {
+      status should be(Forbidden)
+    }
   }
 }

tests/src/test/scala/org/apache/openwhisk/core/controller/test/PackagesApiTests.scala

@@ -888,54 +888,54 @@ class PackagesApiTests extends ControllerTestCommon with WhiskPackagesApi {
   var testExecuteOnly = false
   override def executeOnly = testExecuteOnly
 
-  it should("allow access to get of shared package binding when config option is disabled") in {
-      testExecuteOnly = false
-      implicit val tid = transid()
-      val auser = WhiskAuthHelpers.newIdentity()
-      val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
-      val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
-      put(entityStore, provider)
-      put(entityStore, binding)
-      Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
-        status should be(OK)
-      }
+  it should ("allow access to get of shared package binding when config option is disabled") in {
+    testExecuteOnly = false
+    implicit val tid = transid()
+    val auser = WhiskAuthHelpers.newIdentity()
+    val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
+    val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
+    put(entityStore, provider)
+    put(entityStore, binding)
+    Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
+      status should be(OK)
+    }
   }
 
-  it should("allow access to get of shared package when config option is disabled") in {
-      testExecuteOnly = false
-      implicit val tid = transid()
-      val auser = WhiskAuthHelpers.newIdentity()
-      val provider = WhiskPackage(namespace, aname(), None, publish = true)
-      put(entityStore, provider)
+  it should ("allow access to get of shared package when config option is disabled") in {
+    testExecuteOnly = false
+    implicit val tid = transid()
+    val auser = WhiskAuthHelpers.newIdentity()
+    val provider = WhiskPackage(namespace, aname(), None, publish = true)
+    put(entityStore, provider)
 
-      Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
-        status should be(OK)
-      }
+    Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
+      status should be(OK)
+    }
   }
 
   it should ("deny access to get of shared package binding when config option is enabled") in {
-      testExecuteOnly = true
-      implicit val tid = transid()
-      val auser = WhiskAuthHelpers.newIdentity()
-      val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
-      val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
-      put(entityStore, provider)
-      put(entityStore, binding)
-      Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
-        status should be(Forbidden)
-      }
+    testExecuteOnly = true
+    implicit val tid = transid()
+    val auser = WhiskAuthHelpers.newIdentity()
+    val provider = WhiskPackage(namespace, aname(), None, Parameters("p", "P"), publish = true)
+    val binding = WhiskPackage(EntityPath(auser.subject.asString), aname(), provider.bind, Parameters("b", "B"))
+    put(entityStore, provider)
+    put(entityStore, binding)
+    Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
+      status should be(Forbidden)
+    }
 
   }
 
-  it should("deny access to get of shared package when config option is enabled") in {
-      testExecuteOnly = true
-      implicit val tid = transid()
-      val auser = WhiskAuthHelpers.newIdentity()
-      val provider = WhiskPackage(namespace, aname(), None, publish = true)
-      put(entityStore, provider)
+  it should ("deny access to get of shared package when config option is enabled") in {
+    testExecuteOnly = true
+    implicit val tid = transid()
+    val auser = WhiskAuthHelpers.newIdentity()
+    val provider = WhiskPackage(namespace, aname(), None, publish = true)
+    put(entityStore, provider)
 
-      Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
-        status should be(Forbidden)
-      }
+    Get(s"/$namespace/${collection.path}/${provider.name}") ~> Route.seal(routes(auser)) ~> check {
+      status should be(Forbidden)
+    }
   }
-}
+}