azotcsit commented on a change in pull request #1213:
URL: https://github.com/apache/cassandra/pull/1213#discussion_r734720954
##########
File path: src/java/org/apache/cassandra/service/StorageProxy.java
##########
@@ -2730,4 +2794,121 @@ public void
disableCheckForDuplicateRowsDuringCompaction()
{
DatabaseDescriptor.setCheckForDuplicateRowsDuringCompaction(false);
}
+
+ public void initialLoadPartitionDenylist()
+ {
+ partitionDenylist.initialLoad();
+ }
+
+ @Override
+ public void loadPartitionDenylist()
+ {
+ partitionDenylist.load();
+ }
+
+ @Override
+ public int getPartitionDenylistLoadAttempts()
+ {
+ return partitionDenylist.getLoadAttempts();
+ }
+
+ @Override
+ public int getPartitionDenylistLoadSuccesses()
+ {
+ return partitionDenylist.getLoadSuccesses();
+ }
+
+ @Override
+ public void setEnablePartitionDenylist(boolean enabled)
+ {
+ DatabaseDescriptor.setEnablePartitionDenylist(enabled);
+ }
+
+ @Override
+ public void setEnableDenylistWrites(boolean enabled)
+ {
+ DatabaseDescriptor.setEnableDenylistWrites(enabled);
+ }
+
+ @Override
+ public void setEnableDenylistReads(boolean enabled)
+ {
+ DatabaseDescriptor.setEnableDenylistReads(enabled);
+ }
+
+ @Override
+ public void setEnableDenylistRangeReads(boolean enabled)
+ {
+ DatabaseDescriptor.setEnableDenylistRangeReads(enabled);
+ }
+
+ @Override
+ public void setDenylistMaxKeysPerTable(int value)
+ {
+ DatabaseDescriptor.setDenylistMaxKeysPerTable(value);
+ }
+
+ @Override
+ public void setDenylistMaxKeysTotal(int value)
+ {
+ DatabaseDescriptor.setDenylistMaxKeysTotal(value);
+ }
+
+ /**
+ * Actively denies read and write access to the provided Partition Key
+ * @param keyspace Name of keyspace containing the PK you wish to deny
access to
+ * @param table Name of table containing the PK you wish to deny access to
+ * @param partitionKeyAsString String representation of the PK you want to
deny access to
+ * @return true if successfully added, false if failure
+ */
+ @Override
+ public boolean denylistKey(String keyspace, String table, String
partitionKeyAsString)
+ {
+ if (!Schema.instance.getKeyspaces().contains(keyspace))
+ return false;
+
+ final ColumnFamilyStore cfs = ColumnFamilyStore.getIfExists(keyspace,
table);
+ if (cfs == null)
+ return false;
+
+ final ByteBuffer bytes =
cfs.metadata.get().partitionKeyType.fromString(partitionKeyAsString);
+ return partitionDenylist.addKeyToDenylist(keyspace, table, bytes);
+ }
+
+ /**
+ * Attempts to remove the provided pk from the ks + table deny list
+ * @param keyspace Keyspace containing the pk to remove the denylist entry
for
+ * @param table Table containing the pk to remove denylist entry for
+ * @param partitionKeyAsString String representation of the PK you want to
re-allow access to
+ * @return true if found and removed, false if not
+ */
+ @Override
+ public boolean removeDenylistKey(String keyspace, String table, String
partitionKeyAsString)
+ {
+ if (!Schema.instance.getKeyspaces().contains(keyspace))
+ return false;
+
+ final ColumnFamilyStore cfs = ColumnFamilyStore.getIfExists(keyspace,
table);
+ if (cfs == null)
+ return false;
+
+ final ByteBuffer bytes =
cfs.metadata.get().partitionKeyType.fromString(partitionKeyAsString);
+ return partitionDenylist.removeKeyFromDenylist(keyspace, table, bytes);
+ }
+
+ /**
+ * A simple check for operators to determine what the denylisted value for
a pk is on a node
+ */
+ public boolean isKeyDenylisted(String keyspace, String table, String
partitionKeyAsString)
+ {
+ if (!Schema.instance.getKeyspaces().contains(keyspace))
Review comment:
I can see you removed it and then added back. Looks like it is required.
Sorry for confusion!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
