fmorg-git commented on code in PR #9292:
URL: https://github.com/apache/ozone/pull/9292#discussion_r2554323327
##########
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/iam/IamSessionPolicyResolver.java:
##########
@@ -321,16 +374,77 @@ public enum AuthorizerType {
}
/**
- * Utility to help categorize IAM policy resources, whether for bucket, key,
wildcards, etc.
+ * The type of resource the S3 action applies to.
*/
- private static final class ResourceSpec {
- // TODO implement in future PR
+ private enum ActionKind {
+ VOLUME,
+ BUCKET,
+ OBJECT,
+ ALL
}
/**
- * Represents S3 actions and requisite permissions required and at what
level.
+ * Utility to help categorize IAM policy resources, whether for bucket, key,
wildcards, etc.
*/
- private enum S3Action {
+ private static final class ResourceSpec {
// TODO implement in future PR
}
+
+ @VisibleForTesting
+ enum S3Action {
Review Comment:
updated.
Regarding hierarchical READ permissions, I noticed this when testing the
prototype, but I mistakenly handled it on the RangerOzoneAuthorizer side,
instead of Ozone side. I added this commit in part 3 of the PR to address:
https://github.com/apache/ozone/pull/9306/commits/8c6f779fb2f6937a5c74a38687e5c96154f7aa0e.
I also updated the comments in this PR to specify that additional READ
permissions would be added as necessary.
Regarding object versioning, I removed those actions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
