SENTRY-369: Update changelog.txt, notice.txt, etc... for 1.4.0 release ( Tuong Truong via Sravya Tirukkovalur)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 759ea94..962ac73 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,53 +1,181 @@
-Release Notes - Sentry - Version v1.2.0
+Release Notes - Sentry - Version 1.4.0
+
+** Sub-task
+ * [SENTRY-97] - Create service configuration properties
+ * [SENTRY-129] - Implement Hive Sentry Authz DDL Task Factory
+ * [SENTRY-134] - Use BoneCP, add unique constraint to GROUP_NAME, and expose jdo/datanucleus properties
+ * [SENTRY-137] - Validate privilege scope in sentry service
+ * [SENTRY-138] - Use server timestamp for createTime for role, privilege and group
+ * [SENTRY-142] - Create database backed ProviderBackend
+ * [SENTRY-143] - Merge db_policy_store branch into master
+ * [SENTRY-153] - Add Hive e2e test with grant/revoke statements
+ * [SENTRY-156] - Support local privilege validation APIs
+ * [SENTRY-160] - Class to table mapping in package.jdo is incorrect
+ * [SENTRY-364] - Bump up hive and hadoop versions from SNAPSHOT to released bits
+ * [SENTRY-365] - Create release branch for 1.4.0
+ * [SENTRY-369] - Update changelog.txt, notice.txt, etc... for 1.4.0 release
+
+
** Bug
- * [SENTRY-15] - log4j.properties file under sentry-tests references the old access package
- * [SENTRY-1] - use default on HiveServer2 fails with invalid privileges exception
- * [SENTRY-2] - Code cleanup in various poms
- * [ACCESS-8] - Log warning if authorization is not used with strong authentication
- * [ACCESS-49] - Modify test cases to restrict LOAD from specific locations
- * [ACCESS-140] - malformatted policy is permitted conditionally
- * [ACCESS-164] - policy file doesn't check non-exist entity mapping
- * [ACCESS-174] - access only throw first error message in HiveServer2 log, and ignore the rest
- * [ACCESS-180] - per DB policy file usability issues
- * [ACCESS-197] - Child authorizeable objects are not inheriting permissions from parent
- * [ACCESS-201] - Bad error message in HiveAuthzBinding
- * [ACCESS-203] - Update trunk version to 1.1 and update dependencies
- * [ACCESS-230] - CREATE TABLE AS works even if user does not have DB-level access
- * [ACCESS-231] - ALTER TABLE SET TBLPROPERTIES allows updates to tables even when the user doesn't have the right privileges
- * [ACCESS-232] - The per-db policy fies can't be accessed if they are not in the same file system as the global policy file.
- * [ACCESS-233] - The URI permission checks should append path separator before checking the parent path
- * [ACCESS-235] - Format unqualified URI as DFS uri by default
+ * [SENTRY-118] - cast udf should be added to sentry udf whitelist for hive
+ * [SENTRY-131] - bin/sentry script doesn't find config-tool.sh under some circumstances
+ * [SENTRY-133] - Alter table create partition if not exists - results in error
+ * [SENTRY-161] - Sentry master branch is trying to download Hadoop tarball from nonexisting URL
+ * [SENTRY-162] - Cleanup DB store privilege metadata on Hive DDL statements
+ * [SENTRY-166] - Sentry does not accept URIs with an equals sign (=) in path. Fails with llegalArgumentException: Invalid key value
+ * [SENTRY-169] - JAAS login options not compatible with IBM JDK
+ * [SENTRY-172] - config-tool.sh is missing from master branch
+ * [SENTRY-174] - Sentry should not package hadoop, hive and other jars
+ * [SENTRY-175] - sentry script throws error for the dbstore service invocation
+ * [SENTRY-176] - Not able to read policy files on HDFS (Regression)
+ * [SENTRY-177] - Sentry Policy Service does not treat role names as case insensitive
+ * [SENTRY-178] - Poor performance for Sentry Policy Service as #of privileges is scaled up
+ * [SENTRY-181] - Add a test case for duplicate privileges
+ * [SENTRY-182] - Granting ALL privileges to table does not seem to do the right thing when using the SimpleDbPolicyProvider
+ * [SENTRY-183] - Sentry Policy Service goes into an unusable state when granting privileges. Subsequent access fail with a DataNucleusException: "Iteration request failed: SELECT ..."
+ * [SENTRY-186] - e2e tests for solr document-level security
+ * [SENTRY-187] - Use invariants rather than default for specification of update index level authorization
+ * [SENTRY-188] - Reduce the logging level during per-db policy loading
+ * [SENTRY-190] - Support for getting set of roles from ProviderBackend
+ * [SENTRY-191] - Sentry Policy Service should not require passing the RPC requestor's user/group information
+ * [SENTRY-192] - Convert solr doc-level e2e test to be based on roles rather than groups
+ * [SENTRY-194] - Sentry script should note use Hive script by default for service and tool execution
+ * [SENTRY-195] - Sentry schema tool can't process comments inside statement
+ * [SENTRY-200] - Remove sentry-provider dependencies on hive
+ * [SENTRY-201] - TestDatabaseProvider tests fail after Sentry schema tool was added.
+ * [SENTRY-202] - Sentry end to end tests which use ClusterDFS will need to explicitly add the policy file to HDFS
+ * [SENTRY-203] - Column name mismatch causes DataNucleus to throw exceptions
+ * [SENTRY-204] - Test cases extending SentryServiceIntegrationBase are failing
+ * [SENTRY-205] - Sentry throws Exception when trying to revoke Table level privileges
+ * [SENTRY-206] - Sentry distribution should include a template config file for the service
+ * [SENTRY-207] - Sentry script should return non-zero exist status in error conditions
+ * [SENTRY-209] - Empty list returned when calling listPrivilegesByRoleName
+ * [SENTRY-210] - Exception Thrown When Trying to grantRoleToGroup
+ * [SENTRY-212] - Restrict access to hive config property hive.sentry.active.role.set which is set by Sentry Hive binding
+ * [SENTRY-213] - Sentry schema tool doesn't handle sentry.javax.jdo.* properties
+ * [SENTRY-214] - Sentry Service does not allow the same Privilege to be associated to multiple Roles
+ * [SENTRY-217] - Add Insert and URI tests for Sentry DB provider
+ * [SENTRY-218] - Use defaults for user, password and driver in SchemaTool
+ * [SENTRY-219] - Sentry Cache Backend Provider initialization does not work as expected
+ * [SENTRY-220] - Trivial fix to SentrySchemaTool to set default driver
+ * [SENTRY-221] - Privilege scope is case sensitive
+ * [SENTRY-222] - Privileges are sometimes granted to the wrong roles
+ * [SENTRY-224] - Provider resource should not be required for DB provider backend
+ * [SENTRY-229] - SentrySchemaTool initSchema does not work with postgres 8.1and oracle
+ * [SENTRY-231] - Fix JDK 6 build
+ * [SENTRY-235] - Change tests in TestSentryServerWithoutKerberos to use new Sentry service APIs
+ * [SENTRY-236] - Sentry PolicyFile provider incorrectly logs error messages when reading policy file
+ * [SENTRY-237] - Support log4j configuration for Sentry service
+ * [SENTRY-238] - Denied Show roles and show role grant throw thrift exception
+ * [SENTRY-239] - Setup in TestDatabaseProvider is flaky
+ * [SENTRY-241] - Sentry GrantRevokeTask should fire the sentry failure look
+ * [SENTRY-243] - The operation type needs to be set in the grant/revoke task context for the failure hook
+ * [SENTRY-244] - Sentry deprecated properties do not work
+ * [SENTRY-245] - Fix failing db provider tests
+ * [SENTRY-246] - Load command does not seem to work with filter push down
+ * [SENTRY-247] - Go back to using filter push down once the bugs are fixed
+ * [SENTRY-248] - The sentry-provider-cache dependency is not correctly set
+ * [SENTRY-249] - "Use default" should be allowed for all the users even when using filter push down
+ * [SENTRY-250] - Create external table fails with filter push down
+ * [SENTRY-251] - PolicyProviderForTest.addPrivilege breaks in some cases
+ * [SENTRY-252] - Per db policy files based tests should be updated for dbprovider usage
+ * [SENTRY-253] - Creating external table seems to be failing when using provider db.
+ * [SENTRY-254] - Privilege name in provider db has a limit of length 128 which might be very low for long uris.
+ * [SENTRY-255] - Revoke on Server privilege fails
+ * [SENTRY-256] - Fix TestDbEndToEnd.testEndToEnd1
+ * [SENTRY-257] - Upgrade master to use version 1.4.0-incubating-SNAPSHOT
+ * [SENTRY-259] - Implement Hive metastore plugin
+ * [SENTRY-260] - Add support to use DB2 as database for sentry metastore
+ * [SENTRY-262] - Updating patch for SENTRY-178
+ * [SENTRY-263] - Remove usage of getHostString() from AbstractTestWithStaticConfiguration
+ * [SENTRY-266] - Implement _HOST substitution in principal
+ * [SENTRY-268] - Allow only granted roles to be set in "SET ROLE <roleName>"
+ * [SENTRY-269] - Add a test case for Denied Alter table, should fire SentryOnFailureHook
+ * [SENTRY-271] - Test TestSentryServiceIntegration is flaky
+ * [SENTRY-272] - Test TestSentryStoreToAuthorizable.testUri is failing on comparing URI string
+ * [SENTRY-273] - org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions is failing
+ * [SENTRY-274] - MySQL init scripts contains invalid comments
+ * [SENTRY-275] - Fix compilation error in SentryService
+ * [SENTRY-276] - SentryService tests are currently timing out
+ * [SENTRY-277] - Add Pig+HCat test for Metastore auth plugin
+ * [SENTRY-278] - TestSearchModelAuthorizables.testTooManyKV and TestDBModelAuthorizables.testTooManyKV fail
+ * [SENTRY-279] - Revert back using lowercase for uri label
+ * [SENTRY-280] - Sentry-202 missing changes
+ * [SENTRY-281] - Revoking a parent privilege should revoke all child privileges
+ * [SENTRY-282] - Select on DB should give privileges to query tables within it.
+ * [SENTRY-283] - Secure connection from HS2 to Sentry service fails
+ * [SENTRY-284] - Create test for creating external partition
+ * [SENTRY-285] - privilege->action=all is not same as privilege
+ * [SENTRY-288] - Dissable MetastoreBinding for test cases that do not require it
+ * [SENTRY-289] - Kerberos based connection from HS2 and Metastore to Sentry service fails
+ * [SENTRY-290] - Handle null pointer in SentryPolicyProcessor
+ * [SENTRY-294] - The Sentry service client should execute UGI privilege action by default
+ * [SENTRY-297] - Increase privilege_name to 4000 in mysql to be consistent with other dbs
+ * [SENTRY-299] - Partial Revoke Fails under certain conditions
+ * [SENTRY-300] - HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server
+ * [SENTRY-301] - Sentry plugin fails access service from secure Hive Metastore
+ * [SENTRY-302] - Partial revoke on Table fails if both ALL and a SELECT/INSERT grant exists
+ * [SENTRY-304] - Limit on index key in MYSQL (innoDB ) is 767 bytes
+ * [SENTRY-305] - SHOW CURRENT ROLES shouldn't require admin privileges
+ * [SENTRY-306] - Fix grant all on table in db based provider
+ * [SENTRY-307] - Unqualified URIs should be reconstructed in a standard way
+ * [SENTRY-309] - Metastore binding should use fully qualified URI for validating alter table operations
+ * [SENTRY-310] - Make Hive operation to required privileges more granular
+ * [SENTRY-311] - Metastore plugin needs to be changed to updated privilege model
+ * [SENTRY-312] - Add 'decimal' and 'date' to default UDF whitelist
+ * [SENTRY-313] - Fix some uri failing tests
+ * [SENTRY-314] - Metastore plugin should verify the storage descriptor before referencing
+ * [SENTRY-315] - SHOW CURRENT ROLE fails if the one of the groups doesn't have any roles granted
+ * [SENTRY-317] - Fix TestDbOperations.testLoad test
+ * [SENTRY-319] - group names should be case sensitive.
+ * [SENTRY-321] - SentryMetastorePostEventListener should use sentry config to create SentryClient
+ * [SENTRY-332] - A role may got empty privilege, although the role have some privileges
+ * [SENTRY-336] - Fix test failures on real cluster
+ * [SENTRY-337] - When the parameter sentry.metastore.service.users isn't set or set empty, starting metastore will throw java.lang.NullPointerException
+ * [SENTRY-363] - CTAS from view is requiring select on underlying table
+
+
** Improvement
- * [SENTRY-5] - Normalize the usernames used in the end to end tests
- * [ACCESS-100] - ResourceAuthzProvider should ensure the subject name is non-null before doing the group lookup
- * [ACCESS-157] - Access hard codes hive authentication method none
- * [ACCESS-211] - Add maven profile for compiling access with upstream Apache hadoop/hive
- * [ACCESS-221] - Restrict the URI access granted from a per-database policy file
+ * [SENTRY-106] - Make solr testing work against apache 4.7 version
+ * [SENTRY-193] - Add schematool for creating Sentry store schema from the SQL scripts
+ * [SENTRY-211] - Do the user: group lookup in the Sentry db policy server
+ * [SENTRY-258] - Increase field PRIVILEGE_NAME to 4000 characters to enable long URIs
+ * [SENTRY-293] - Create a new mvn cluster test profile for provider db tests
+ * [SENTRY-303] - Allow users to grant/revoke SELECT/INSERT to ALL tables in a Database
+ * [SENTRY-333] - Add conf directory to sentry distribution
+ * [SENTRY-361] - Sentry server should use sentry-site.xml in conf directory by default
+
+** New Feature
+ * [SENTRY-3] - Create a diagnostics tool for configuration validation
+ * [SENTRY-37] - Implement a DB backed policy store
+ * [SENTRY-115] - Give bindings the ability to access the group mappings
+ * [SENTRY-157] - Support filter pushdown in DB Store client to reduce data transfer from DB Store service
+ * [SENTRY-158] - Hive bindings should enable MR level ACLs for session user
+ * [SENTRY-165] - Implement createShowRolesTask() in SentryHiveAuthorizationTaskFactoryImpl
+ * [SENTRY-184] - Add Sentry service APIs to query roles and privileges
+ * [SENTRY-199] - Create tool that will convert policy file into into DB store
+ * [SENTRY-215] - SHOW GRANT ROLE xxx ON [SERVER, DATABASE, TABLE, URI] xxx
+ * [SENTRY-216] - Support SHOW CURRENT ROLES
+
** Task
- * [ACCESS-16] - Implement the test cases in the test plan
- * [ACCESS-34] - Analyze Path Security
- * [ACCESS-115] - Format all files using a consistent code style formatter for the project
- * [ACCESS-122] - Remove context.close() mid-test
- * [ACCESS-123] - Fix confusing communication mechanism to request if ANY access is exists
- * [ACCESS-125] - TestUserManagement major issues
- * [ACCESS-127] - TestSandboxOps Major issues
- * [ACCESS-130] - TestMovingToProduction major issues
- * [ACCESS-136] - TestCrossDbOps major issues
- * [ACCESS-145] - TestMetadataObjectRetrieval major issues
- * [ACCESS-147] - TestPrivilegeAtTransform major issues
- * [ACCESS-149] - TestPrivilegesAtDatabaseScope major issues
- * [ACCESS-152] - TestPrivilegesAtTableScope minor issues
- * [ACCESS-166] - Policy Engine should do expanded validation of policy file
- * [ACCESS-194] - Explore options for metastore access restriction
- * [ACCESS-195] - Support username mapping at access level
+ * [SENTRY-159] - Convert AbstractSolrSentryTestBase to use MiniSolrCloudCluster rather than Lucene test hierarchy
+ * [SENTRY-164] - Missing implementation for HiveAuthorizationTaskFactory: createShowRolesTask()
+ * [SENTRY-230] - e2e test for doc level security to cover failure scenarios around Index level auth
+ * [SENTRY-356] - Apache Sentry 1.4.0 Release
-** Sub-task
- * [ACCESS-101] - Implement more test cases regarding subquery
- * [ACCESS-209] - be able to run e2e test in cluster mode
- * [ACCESS-225] - Update master branch version to 1.2.0-SNAPSHOT
+
+** Test
+ * [SENTRY-223] - Add a test for updates with doc-level security
+ * [SENTRY-233] - Disable hdfs blockcache during solr e2e tests
+ * [SENTRY-261] - Improve test coverage for grant/revoke statements in Hive e2e tests
+ * [SENTRY-287] - Add test case for giving select privieleges on a table in a non default database
+ * [SENTRY-291] - Remove duplicate testSameGrantTwice
+
+
+
diff --git a/NOTICE.txt b/NOTICE.txt
index 7232bcb..9fde419 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,5 +1,5 @@
Apache Sentry
-Copyright 2013 The Apache Software Foundation
+Copyright 2013-2014 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
