Ranger 5628 - Support for actions in Ozone Service Definition

[fmorg-git]

What changes were proposed in this pull request?

For upcoming Ozone STS feature, we need the ability to identify what actions are allowed for an STS token (ex GetObject, GetObjectTagging, PutObject, etc), in addition to the less granular existing permission system (read, write, create, etc). This ticket updates the Ranger policy evaluation to keep the existing permission evaluation for legacy reasons, and add optional action evaluation via policy condition in the UI. If the resource policy has an action and an action is supplied in the RequestContext, they must match (in addition to the permissions). If no action is identified in the resource policy, then all actions are allowed and only the permissions are required.

Also there are several UI updates:

• Support actions in UI in only in Policy Conditions section, not on the overall Resource Policy.
• populate Ozone action choices based on permissions
• ensure actions wrap around instead of scrolling horizontally indefinitely.
• It also fixes latent React hook violations of having useState within a conditional (CommonComponents.jsx) and a loop (Editable.jsx).

The UI updates are implemented in a way such that the hdfs service definition can later make use of the filtering actions by permissions behavior.

The majority of this code was generated with Cursor and Claude Code, with some manual modifications afterward by me. I have broken into reviewable commits - please let me know if this needs to be more than one PR.

https://issues.apache.org/jira/browse/RANGER-5628

How was this patch tested?

manual testing locally in Ranger docker, also end-to-end smoke tests locally with Ozone and Ranger