[ 
https://issues.apache.org/jira/browse/RANGER-5667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fabian Morgan updated RANGER-5667:
----------------------------------
    Description: 
A couple PR review comments came in after the PR associated with RANGER-5628 
was already merged.  Essentially, if a Policy Condition has an 
*"action-matches"* condition, but the request does not supply an *s3Action* in 
the *RequestContext*, the request must be denied, and this is not being done 
currently.  This ticket will address this issue.  

Furthermore, a second comment related to unnecessary object allocation and this 
ticket also addresses that one.  

Separately, it was identified that a non-empty list of actions, if they are all 
just whitespace, needs to be treated as if there were no action restrictions. 
This ticket addresses that as well.

Finally, separately, I noticed that for the Ozone service definition, pressing 
the "+" button to add a new rule under "Allow Conditions” section was causing 
an error to throw, and I traced it to a change I made in RANGER-5628.  
Basically, *PolicyPermissionItem.jsx* is pushing *undefined* on the 
*addPolicyItem()* call, and my *usePruneStaleConditions.js* hook wasn't 
properly checking for that undefined. This ticket makes that fix as well.

  was:
A couple PR review comments came in after the PR associated with RANGER-5628 
was already merged.  Essentially, if a Policy Condition has an 
*"action-matches"* condition, but the request does not supply an *s3Action* in 
the *RequestContext*, the request must be denied, and this is not being done 
currently.  This ticket will address this issue.  

Furthermore, a second comment related to unnecessary object allocation and this 
ticket also addresses that one.  

Finally, separately, it was identified that a non-empty list of actions, if 
they are all just whitespace, needs to be treated as if there were no action 
restrictions.  This ticket addresses that as well.


> Follow-on for RANGER-5628
> -------------------------
>
>                 Key: RANGER-5667
>                 URL: https://issues.apache.org/jira/browse/RANGER-5667
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin, plugins
>            Reporter: Fabian Morgan
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> A couple PR review comments came in after the PR associated with RANGER-5628 
> was already merged.  Essentially, if a Policy Condition has an 
> *"action-matches"* condition, but the request does not supply an *s3Action* 
> in the *RequestContext*, the request must be denied, and this is not being 
> done currently.  This ticket will address this issue.  
> Furthermore, a second comment related to unnecessary object allocation and 
> this ticket also addresses that one.  
> Separately, it was identified that a non-empty list of actions, if they are 
> all just whitespace, needs to be treated as if there were no action 
> restrictions. This ticket addresses that as well.
> Finally, separately, I noticed that for the Ozone service definition, 
> pressing the "+" button to add a new rule under "Allow Conditions” section 
> was causing an error to throw, and I traced it to a change I made in 
> RANGER-5628.  Basically, *PolicyPermissionItem.jsx* is pushing *undefined* on 
> the *addPolicyItem()* call, and my *usePruneStaleConditions.js* hook wasn't 
> properly checking for that undefined. This ticket makes that fix as well.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to