We have seen FSImage corruption cases (e.g.
HDFS-13101) where files inside one snapshottable directories are moved outside of it. The most common case of this is when trash is enabled and user deletes some file via the command line without skipTrash.
This jira aims to make a trash root for each snapshottable directory, same as how encryption zone behaves at the moment.
This will make trash cleanup a little bit more expensive on the NameNode as it will be to iterate all trash roots. But should be fine as long as there aren't many snapshottable directories.
I could make this improvement as an option and disable it by default if needed, such as dfs.namenode.snapshot.trashroot.enabled
One small caveat though, when disabling (disallowing) snapshot on the snapshottable directory when this improvement is in place. The client should merge the snapshottable directory's trash with that user's trash to ensure proper trash cleanup.