art9440 opened a new pull request, #9774: URL: https://github.com/apache/ozone/pull/9774
## What changes were proposed in this pull request? This pull request refactors the request processing logic in Ozone Manager by moving selected ACL checks from validateAndUpdateCache to preExecute and introducing unified early validation for object names. @duongkame in the [HDDS-6931](https://issues.apache.org/jira/browse/HDDS-6931) mentioned: "I think pre-process validation should only perform logic on data which is not supposed to change between pre-process and actual execution in validateAndUpdateCache. Otherwise, that validation should be moved to {{validateAndUpdateCache, }}and is done together with the real data change in a proper lock scope to ensure consistency." This change improves the architectural consistency of request handling in Ozone Manager by ensuring that access control checks and basic input validation are performed at the earliest possible stage of request processing. Currently, ACL checks are implemented inconsistently across different OM request types. In some requests (e.g., volume and bucket creation), ACL validation is already performed in preExecute, while in others it is deferred to validateAndUpdateCache. This inconsistency leads to: - Unnecessary lock acquisition for requests that will eventually fail due to insufficient permissions - Increased lock holding time under high load - Reduced predictability of request lifecycle This patch moves ACL checks for selected operations (volume, bucket, key and related management requests) to the preExecute stage, where it is safe to do so — i.e., only when the validation logic depends on data that does not change between preExecute and validateAndUpdateCache. The approach follows the principle discussed in HDDS-6931: pre-processing validation should only operate on immutable or request-local data. All validations that depend on mutable metadata state remain in validateAndUpdateCache under proper lock scope. Additionally, this PR introduces unified early validation of volume, bucket and key names. Previously, name validation was either duplicated or missing in some request classes. Validation logic is now centralized and executed during preExecute, ensuring: - Early rejection of malformed requests - Reduced propagation of invalid inputs into metadata handling - Improved maintainability and consistency across request implementations No functional changes are introduced in terms of authorization semantics; the patch strictly changes when the validation occurs, not how it is evaluated. This refactoring improves scalability (by reducing unnecessary lock usage), strengthens architectural consistency, and simplifies future maintenance of OM request logic. ## What is the link to the Apache JIRA [HDDS-6931](https://issues.apache.org/jira/browse/HDDS-6931) ## How was this patch tested? For all changes in preExecute with ACL checks were written Unit tests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
