fmorg-git opened a new pull request, #10688:
URL: https://github.com/apache/ozone/pull/10688

   Please describe your PR in detail:
   * [RANGER-5667](https://issues.apache.org/jira/browse/RANGER-5667) makes a 
fix such that if a role has an action-matches condition with a value (such as 
PutObject), and in the incoming RequestContext.s3Action is null/empty, then the 
request is denied. Most of the S3 requests have an action associated, however, 
there are two edge cases currently where the RequestContext.s3Action is null: 
1) in CopyObject with expected-bucket-owner/expected-source-bucket-owner 
headers 2) in UploadPartCopy with 
expected-bucket-owner/expected-source-bucket-owner headers.
   
   This PR ensures that the bucket owner verification condition checks are have 
s3 action associated with them so that the Ranger authorization checks will 
pass.
   
   ## What is the link to the Apache JIRA
   https://issues.apache.org/jira/browse/HDDS-15771
   
   ## How was this patch tested?
   unit tests and smoke tests
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to