josh-mckenzie commented on a change in pull request #1213:
URL: https://github.com/apache/cassandra/pull/1213#discussion_r722610189
##########
File path: src/java/org/apache/cassandra/config/Config.java
##########
@@ -515,6 +515,43 @@
*/
public volatile int validation_preview_purge_head_start_in_sec = 60 * 60;
+ /** This feature allows denying access to operations on certain key
partitions, intended for use by operators to
+ * provide another tool to manage cluster health vs application access.
See CASSANDRA-12106 and CEP-13 for more details.
+ */
+ public volatile Boolean enable_partition_denylist = false;
+
+ /** Indicates whether denylisting (i.e. blocking operation) on configured
keys for writes is enabled. */
+ public volatile Boolean enable_denylist_writes = true;
+
+ /** Indicates whether denylisting (i.e. blocking operation) on configured
keys for reads is enabled. */
+ public volatile Boolean enable_denylist_reads = true;
+
+ /** Indicates whether denylisting (i.e. blocking operations) on configured
keys for range reads is enabled. */
+ public volatile Boolean enable_denylist_range_reads = false;
+
+ /** The interval at which keys in the cache for denylisting will "expire"
and async refresh from the backing DB. */
+ public int denylist_refresh_seconds = 86400;
+
+ /** In the event we run into errors on attempting to load the denylist
cache, we'll retry on this interval. */
+ public int denylist_initial_load_retry_seconds = 5;
+
+ /** We cap the number of denylisted keys allowed per table to keep things
from growing unbounded. Operators will
+ * receive warnings and only max_denylist_keys_per_table in natural query
ordering will be processed on overflow.
+ */
+ public volatile int max_denylist_keys_per_table = 1000;
+
+ /** We cap the total number of denylisted keys allowed in the cluster to
keep things from growing unbounded.
+ * Operators will receive warnings on initial cache load that there are
too many keys and be directed to trim
+ * down the entries to within the configured limits.
+ */
+ public volatile int max_denylist_keys_total = 10000;
+
+ /** Since the denylist in many ways serves to protect the health of the
cluster from partitions operators have identified
+ * as being in a bad state, we usually want more robustness than just
CL.ONE on operations to/from these tables to
+ * ensure that these safeguards are in place. That said, we allow users to
configure this if they're so inclined.
+ */
+ public ConsistencyLevel denylist_consistency_level =
ConsistencyLevel.QUORUM;
Review comment:
We had to do that before to keep from static state cascading and
initializing a bunch of stuff during offline tool runs. Right now
DatabaseDescriptorRefTest should catch that and it's passing fine on this
branch in its current form.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
