Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support require-adobe-auth on sequences #827

Open
moritzraho opened this issue Dec 16, 2024 · 3 comments
Open

support require-adobe-auth on sequences #827

moritzraho opened this issue Dec 16, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@moritzraho
Copy link
Member

moritzraho commented Dec 16, 2024
edited
Loading

Describe the bug
Currently setting the annotation on a sequence doesn't add the /adobeio/shared-validators-v1/app-registry action to the sequence and hence doesn't protect the sequence. Individual web actions "components" of the sequence should also be protected with the require-whisk-annotation

Workaround

A workaround is to configure the protection manually:
EDIT: See comments below, you may want to remove the require-whisk-auth annotation and remove the web option instead.

runtimeManifest:
  packages:
    dx-excshell-1:
      license: Apache-2.0
      actions:
        action1:
          function: actions/action1/index.js
          web: 'yes'
          runtime: nodejs:18
          annotations:
            require-whisk-auth: true
        action2:
          function: actions/action2/index.js
          web: 'yes'
          runtime: nodejs:18
          annotations:
            require-whisk-auth: true
      sequences:
        mysequence:
          web: 'yes'
          actions: /adobeio/shared-validators-v1/app-registry, action1, action2
@moritzraho moritzraho added the bug Something isn't working label Dec 16, 2024
@shazron
Copy link
Member

shazron commented Dec 17, 2024

why does an action need require-whisk-auth here? Especially since they might want it to be public, as well as in a sequence?

If they wanted the action to require-whisk-auth, they can make it a non-web-action (web: false)

@aiojbot
Copy link
Collaborator

aiojbot commented Dec 18, 2024

JIRA issue created: https://jira.corp.adobe.com/browse/ACNA-3424

@moritzraho
Copy link
Member Author

moritzraho commented Dec 18, 2024
edited
Loading

@shazron the idea is to protect the actions in the sequence, otherwise the sequence is not secured. It's one way of doing it, the other way would be to delete the web annotation (just like we do when parsing require-adobe-auth for non-sequences)

Here is an updated workaround

runtimeManifest:
  packages:
    dx-excshell-1:
      license: Apache-2.0
      actions:
        action1:
          function: actions/action1/index.js
          runtime: nodejs:18
        action2:
          function: actions/action2/index.js
          runtime: nodejs:18
      sequences:
        mysequence:
          web: 'yes'
          actions: /adobeio/shared-validators-v1/app-registry, action1, action2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shazron @moritzraho @aiojbot