RANGER-5667: Follow-on updates for RANGER-5628#1053
Merged
Conversation
(cherry picked from commit 67b9575ef7489b41ca25ba83afe2c524cfda0a50)
Contributor
Author
|
FYI @mneethiraj and @rameeshm |
mneethiraj
approved these changes
Jul 7, 2026
(cherry picked from commit a414321a8bb371b593f7ba81d6b4ea3c0ecab0e7)
(cherry picked from commit 4b633bbd6d1cd8715e75d13324a01925b5c9743c)
mneethiraj
approved these changes
Jul 9, 2026
ramackri
pushed a commit
that referenced
this pull request
Jul 9, 2026
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
A couple PR review comments came in after the PR associated with RANGER-5628 was already merged. Essentially, if a Policy Condition has an
"action-matches"condition, but the request does not supply ans3Actionin theRequestContext, the request must be denied, and this is not being done currently. This ticket will address this issue.Furthermore, a second comment related to unnecessary object allocation and this ticket also addresses that one.
Separately, it was identified that a non-empty list of actions, if they are all just whitespace, needs to be treated as if there were no action restrictions. This ticket addresses that as well.
Finally, separately, I noticed that for the Ozone service definition, pressing the "+" button to add a new rule under "Allow Conditions” section was causing an error to throw, and I traced it to a change I made in RANGER-5628. Basically, PolicyPermissionItem.jsx is pushing
undefinedon theaddPolicyItem()call, and myusePruneStaleConditions.jshook wasn't properly checking for that undefined. This ticket makes that fix as well.How was this patch tested?
unit tests and end-to-end smoke tests locally with Ozone and Ranger