Fabian Morgan created RANGER-5628:
-------------------------------------
Summary: Support for actions in Ozone Service Definition
Key: RANGER-5628
URL: https://issues.apache.org/jira/browse/RANGER-5628
Project: Ranger
Issue Type: Improvement
Components: admin, plugins
Reporter: Fabian Morgan
For upcoming Ozone STS feature, we need the ability to identify what actions
are allowed for an STS token (ex GetObject, GetObjectTagging, PutObject, etc),
in addition to the more granular existing permission system (read, write,
create, etc). This ticket updates the Ranger policy evaluation to keep the
existing permission evaluation for legacy reasons, and add optional action
evaluation via policy condition in the UI. If the resource policy has an
action and an action is supplied in the RequestContext, they must match (in
addition to the permissions). If no action is identified in the resource
policy, then all actions are allowed and only the permissions are required.
Also there are several UI updates:
- Support actions in UI in only in Policy Conditions section, not on the
overall Resource Policy.
- populate Ozone action choices based on permissions
- ensure actions wrap around instead of scrolling horizontally indefinitely.
- It also fixes latent React hook violations of having useState within a
conditional (CommonComponents.jsx) and a loop (Editable.jsx).
The UI updates are implemented in a way such that the hdfs service definition
can later make use of the filtering actions by permissions behavior.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
