Hi, I'd like to understand more about the policies and security config options in the API Gateway and how they impact action invocation.
I'm seeing in the docs at [1] which policies exists and also something about the security options and I have a few questions: 1. Are policies and security configs executed in any order ? 2. What's the difference between them ? Why can't the API KEY security option be executed as another policy and had to be called differently ? 3. What's the behavior if one policy fails ? 4. The "scope" field in security refers to OAuth 2.0 scopes or to an OpenWhisk scope, or a Gateway scope ? 5. Are there more security options than the one documented ? I'm also noticing that policy management is currently tightly coupled with Redis - [2]. I imagine it was done like this in order to get something working, but I'd like to verify my assumption that we're ok to decouple Redis so that configuration can be stored in other formats and data stores in the future ? I'm also seeing the same coupling when requests are handled [3] and I think we might wanna introduce a cache and avoid going to Redis for every request ? It would also be great to enhance the existing documentation about policies and add a few more details on how policies are managed and executed: * how to control the order of execution - how to invoke policies in parallel, in sequence * caching results - i.e. an OAuth policy that has already validated an OAuth token could cache that result and avoid another round-trip to the OAuth provider ; same idea for API KEYs * the behavior when one policy fails * how policies report their execution times * how policies can share values * in which NGINX request phase they could get invoked and how is this configured Thanks, dragos dascalita haut | project lead, software development | adobe cloud platform [1] -<https://github.com/openwhisk/apigateway><https://github.com/openwhisk/apigateway/tree/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50>https://github.com/openwhisk/apigateway/blob/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50/doc/policies.md [2] - https://github.com/openwhisk/apigateway/blob/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50/api-gateway-config/scripts/lua/lib/redis.lua#L94<https://github.com/openwhisk/apigateway><https://github.com/openwhisk/apigateway/tree/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50><https://github.com/openwhisk/apigateway/blob/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50/doc/policies.md> [3] - https://github.com/openwhisk/apigateway/blob/50443fd4b44e7f9c5303b6a3d8bedd08462b7b50/api-gateway-config/scripts/lua/routing.lua#L45
