fimugdha commented on code in PR #1073:
URL: https://github.com/apache/ranger/pull/1073#discussion_r3602195975
##########
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java:
##########
@@ -101,4 +109,112 @@ protected RangerServiceDef
mapEntityToViewBean(RangerServiceDef vObj, XXServiceD
return ret;
}
+
+ @Override
+ protected RangerServiceDef populateViewBean(XXServiceDef xServiceDef) {
+ final RangerServiceDef ret = super.populateViewBean(xServiceDef);
+
+ applyActionMatcherInPoliciesConditionHiddenOption(ret);
+
+ return ret;
+ }
+
+ void applyActionMatcherInPoliciesConditionHiddenOption(RangerServiceDef
serviceDef) {
+ if (serviceDef == null) {
+ return;
+ }
+
+ Map<String, String> serviceDefOptions = serviceDef.getOptions();
+
+ if (serviceDefOptions == null) {
+ serviceDefOptions = new HashMap<>();
+ serviceDef.setOptions(serviceDefOptions);
+ }
+
+ if (!StringUtils.equalsIgnoreCase(serviceDef.getName(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME)) {
+
serviceDefOptions.put(OPTION_ENABLE_ACTION_MATCHER_IN_POLICIES_CONDITION,
Boolean.FALSE.toString());
Review Comment:
@mneethiraj, Good point. Since the action-matcher is currently being enabled
for Ozone, the suggestion was to keep
OPTION_ENABLE_ACTION_MATCHER_IN_POLICIES_CONDITION set to false for all other
serviceDefs.
Alternatively, we could make this option dynamic for each serviceDef XML
configuration by using
ranger.servicedef.<service-def-hard-coded-name>.enableActionMatcherInPoliciesCondition.
Could you please share your thoughts on whether this approach makes sense ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]