[
https://issues.apache.org/jira/browse/HDDS-13942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-13942:
---------------------------------
Description:
Convert IAM policy to OzoneObj and Acls so Ranger can use to authorize the
AssumeRole call.
Supports limited scope subset of IAM policy.
This fourth part deduplicates by acl type across all statements when returning
a response and adds more unit tests. It also checks if ALL is added as a
permission for an OzoneObj, and if so, does not also add individual Acls like
READ, LIST, etc.
was:
Convert IAM policy to OzoneObj and Acls so Ranger can use to authorize the
AssumeRole call.
Supports limited scope subset of IAM policy.
This fourth part deduplicates by acl type across all statements when returning
a response and adds more unit tests.
> [STS] Part 4 - Create utility to convert IAM policy to OzoneObj and Acls so
> Ranger can use
> ------------------------------------------------------------------------------------------
>
> Key: HDDS-13942
> URL: https://issues.apache.org/jira/browse/HDDS-13942
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Fabian Morgan
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
>
> Convert IAM policy to OzoneObj and Acls so Ranger can use to authorize the
> AssumeRole call.
> Supports limited scope subset of IAM policy.
> This fourth part deduplicates by acl type across all statements when
> returning a response and adds more unit tests. It also checks if ALL is
> added as a permission for an OzoneObj, and if so, does not also add
> individual Acls like READ, LIST, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
