ChenSammi commented on code in PR #9292:
URL: https://github.com/apache/ozone/pull/9292#discussion_r2554559606
##########
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/iam/IamSessionPolicyResolver.java:
##########
@@ -321,16 +374,77 @@ public enum AuthorizerType {
}
/**
- * Utility to help categorize IAM policy resources, whether for bucket, key,
wildcards, etc.
+ * The type of resource the S3 action applies to.
*/
- private static final class ResourceSpec {
- // TODO implement in future PR
+ private enum ActionKind {
+ VOLUME,
+ BUCKET,
+ OBJECT,
+ ALL
}
/**
- * Represents S3 actions and requisite permissions required and at what
level.
+ * Utility to help categorize IAM policy resources, whether for bucket, key,
wildcards, etc.
*/
- private enum S3Action {
+ private static final class ResourceSpec {
// TODO implement in future PR
}
+
+ @VisibleForTesting
+ enum S3Action {
Review Comment:
@fmorg-git, I saw the change you made in PR3. But the total permissions
required, one part is in the S3Action enum, another part is in the code, which
makes the code not straightforward and not easy to maintain. Could you improve
the S3Action to hold all the permissions required for an action? For example,
combine kind and perms to a map.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
