[
https://issues.apache.org/jira/browse/RANGER-5667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated RANGER-5667:
----------------------------------
Description:
A couple PR review comments came in after the PR associated with RANGER-5628
was already merged. Essentially, if a Policy Condition has an
*"action-matches"* condition, but the request does not supply an *s3Action* in
the *RequestContext*, the request must be denied, and this is not being done
currently. This ticket will address this issue.
Furthermore, a second comment related to unnecessary object allocation and this
ticket also addresses that one.
Separately, it was identified that a non-empty list of actions, if they are all
just whitespace, needs to be treated as if there were no action restrictions.
This ticket addresses that as well.
Finally, separately, I noticed that for the Ozone service definition, pressing
the "+" button to add a new rule under "Allow Conditions” section was causing
an error to throw, and I traced it to a change I made in RANGER-5628.
Basically, *PolicyPermissionItem.jsx* is pushing *undefined* on the
*addPolicyItem()* call, and my *usePruneStaleConditions.js* hook wasn't
properly checking for that undefined. This ticket makes that fix as well.
was:
A couple PR review comments came in after the PR associated with RANGER-5628
was already merged. Essentially, if a Policy Condition has an
*"action-matches"* condition, but the request does not supply an *s3Action* in
the *RequestContext*, the request must be denied, and this is not being done
currently. This ticket will address this issue.
Furthermore, a second comment related to unnecessary object allocation and this
ticket also addresses that one.
Finally, separately, it was identified that a non-empty list of actions, if
they are all just whitespace, needs to be treated as if there were no action
restrictions. This ticket addresses that as well.
> Follow-on for RANGER-5628
> -------------------------
>
> Key: RANGER-5667
> URL: https://issues.apache.org/jira/browse/RANGER-5667
> Project: Ranger
> Issue Type: Improvement
> Components: admin, plugins
> Reporter: Fabian Morgan
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A couple PR review comments came in after the PR associated with RANGER-5628
> was already merged. Essentially, if a Policy Condition has an
> *"action-matches"* condition, but the request does not supply an *s3Action*
> in the *RequestContext*, the request must be denied, and this is not being
> done currently. This ticket will address this issue.
> Furthermore, a second comment related to unnecessary object allocation and
> this ticket also addresses that one.
> Separately, it was identified that a non-empty list of actions, if they are
> all just whitespace, needs to be treated as if there were no action
> restrictions. This ticket addresses that as well.
> Finally, separately, I noticed that for the Ozone service definition,
> pressing the "+" button to add a new rule under "Allow Conditions” section
> was causing an error to throw, and I traced it to a change I made in
> RANGER-5628. Basically, *PolicyPermissionItem.jsx* is pushing *undefined* on
> the *addPolicyItem()* call, and my *usePruneStaleConditions.js* hook wasn't
> properly checking for that undefined. This ticket makes that fix as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)