fmorg-git opened a new pull request, #995: URL: https://github.com/apache/ranger/pull/995
## What changes were proposed in this pull request? For upcoming Ozone STS feature, we need the ability to identify what actions are allowed for an STS token (ex GetObject, GetObjectTagging, PutObject, etc), in addition to the more granular existing permission system (read, write, create, etc). This ticket updates the Ranger policy evaluation to keep the existing permission evaluation for legacy reasons, and add optional action evaluation via policy condition in the UI. If the resource policy has an action and an action is supplied in the RequestContext, they must match (in addition to the permissions). If no action is identified in the resource policy, then all actions are allowed and only the permissions are required. Also there are several UI updates: Support actions in UI in only in Policy Conditions section, not on the overall Resource Policy. populate Ozone action choices based on permissions ensure actions wrap around instead of scrolling horizontally indefinitely. It also fixes latent React hook violations of having useState within a conditional (CommonComponents.jsx) and a loop (Editable.jsx). The UI updates are implemented in a way such that the hdfs service definition can later make use of the filtering actions by permissions behavior. https://issues.apache.org/jira/browse/RANGER-5628 ## How was this patch tested? manual testing locally in Ranger docker, also end-to-end smoke tests locally with Ozone and Ranger -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
