[jira] [Updated] (HDDS-14843) Support cluster-wide blacklist on OM

Mon, 16 Mar 2026 19:19:10 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-14843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ivan Andika updated HDDS-14843:
-------------------------------
    Description: 
We have supported an internal user / group blacklist mechanisms to block some 
anomalous users from destabilizing the cluster for a while. The idea is similar 
to Ozone admin, but instead of allowing all access, blacklist denies all 
operations. The configuration is made reconfigurable to allow quick reaction 
after detection.

We should prefer to set readonly blacklist first before setting blacklist since 
(re)configuration is local to each OM (and not applied using Ratis), which 
might cause state divergence. Although some OM request already push the 
permission check to preExecute (not validateAndUpdateCache), there are still 
some requests (mostly multi-keys OM requests) still check in 
validateAndUpdateCache

  was:We have supported an internal user / group blacklist mechanisms to block 
some anomalous users from destabilizing the cluster for a while. The idea is 
similar to Ozone admin, but instead of allowing all access, blacklist denies 
all operations. The configuration is made reconfigurable to allow quick 
reaction after detection.


> Support cluster-wide blacklist on OM
> ------------------------------------
>
>                 Key: HDDS-14843
>                 URL: https://issues.apache.org/jira/browse/HDDS-14843
>             Project: Apache Ozone
>          Issue Type: New Feature
>            Reporter: Ivan Andika
>            Assignee: Ivan Andika
>            Priority: Major
>
> We have supported an internal user / group blacklist mechanisms to block some 
> anomalous users from destabilizing the cluster for a while. The idea is 
> similar to Ozone admin, but instead of allowing all access, blacklist denies 
> all operations. The configuration is made reconfigurable to allow quick 
> reaction after detection.
> We should prefer to set readonly blacklist first before setting blacklist 
> since (re)configuration is local to each OM (and not applied using Ratis), 
> which might cause state divergence. Although some OM request already push the 
> permission check to preExecute (not validateAndUpdateCache), there are still 
> some requests (mostly multi-keys OM requests) still check in 
> validateAndUpdateCache



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to