| Release Notes - Sentry - Version 2.2.0 |
| |
| ** Sub-task |
| * [SENTRY-2170] - Update the Sentry-HDFS thrift for user level privileges. |
| * [SENTRY-2171] - Permission full snapshot should include owner privileges |
| * [SENTRY-2172] - Owner privileges added should be persisted and sent in delta updates |
| * [SENTRY-2173] - Extend PrivilegeInfo to hold user privileges |
| * [SENTRY-2218] - Sentry-plug-in should have API's to handle grant/revoke privileges to users. |
| * [SENTRY-2229] - Update SentryPermissions with user permissions |
| * [SENTRY-2243] - Extend the thrift definition for policy service to learn owner information |
| * [SENTRY-2244] - Alter sentry role or user at granting privilege can avoid extra query to database |
| * [SENTRY-2245] - Remove privileges that do not associate with a role or a user |
| * [SENTRY-2255] - alter table set owner command can be executed only by user with proper privilege |
| * [SENTRY-2258] - Remove user when it is not associated with other objects |
| * [SENTRY-2290] - Avoid storing the path information for partitions in default location |
| * [SENTRY-2291] - Notification Processor should update user privileges for path notification events |
| * [SENTRY-2313] - alter database set owner command can be executed only by user with proper privilege |
| * [SENTRY-2331] - Support grant option for DDL operation |
| * [SENTRY-2333] - Create index AUTHZ_PATH_FK_IDX at table AUTHZ_PATH for Postgres only when it does not exist |
| * [SENTRY-2382] - Create tag Release-2.1.0 |
| * [SENTRY-2383] - create release 2.1.0 |
| * [SENTRY-2384] - Close JIRA version for 2.1.0 |
| * [SENTRY-2385] - Run vote on Release 2.1.0 |
| * [SENTRY-2386] - Release artifacts for 2.1.0 |
| * [SENTRY-2387] - Prepare release notes for 2.1.0 release |
| * [SENTRY-2388] - Preparing for 2.2.0-SNAPSHOT release |
| * [SENTRY-2389] - Update the Sentry website |
| * [SENTRY-2390] - Make an announcement for 2.1.0 release |
| * [SENTRY-2407] - SentrySchemaInfo and SQL scripts do not have the new 2.2.0 version |
| * [SENTRY-2419] - Log where sentry stands in the process of persisting the snpashot |
| * [SENTRY-2423] - Increase the allocation size for auto-increment of id's for Snapshot tables. |
| * [SENTRY-2426] - Update the version in pom file at 2.1 branch |
| * [SENTRY-2438] - Persist HMS paths in batches. |
| * [SENTRY-2448] - Ability read/write import/export file(s) from HDFS. |
| * [SENTRY-2495] - Support Conjunctive Matching in Solr QueryDocAuthorizationComponent |
| * [SENTRY-2496] - Support multi-field attribute based document level controls for Solr |
| * [SENTRY-2543] - Preparing branch 2.2.0 for release. |
| |
| |
| ** Bug |
| * [SENTRY-1679] - HDFS tests configure MetastorePlugin which is gone |
| * [SENTRY-1797] - SentryKerberosContext should use periodic executor instead of managing periodic execution via run() method. |
| * [SENTRY-2141] - Sentry Privilege TimeStamp is not converted to grantTime in HivePrivilegeInfo correctly |
| * [SENTRY-2143] - Table renames should synchronize with Sentry |
| * [SENTRY-2144] - Table Rename Cross Database should update permission correctly |
| * [SENTRY-2146] - Add better error handling to ResourceAuthorizationProvider and improve logging in related classes |
| * [SENTRY-2168] - Altering table will not update sentry permissions when HDFS sync is disabled |
| * [SENTRY-2187] - Sentry page is broken |
| * [SENTRY-2205] - Improve Sentry NN Logging |
| * [SENTRY-2213] - Increase schema version from 2.0.0 to 2.1.0 |
| * [SENTRY-2240] - User can DROP function under a database that he/she has no access |
| * [SENTRY-2259] - SQL CONSTRAINT name for user privilege is too long for Oracle 11.2 |
| * [SENTRY-2276] - Sentry-Kafka integration does not support Kafka's Alter/DescribeConfigs and IdempotentWrite operations |
| * [SENTRY-2293] - Fix logging parameters on SentryHDFSServiceProcessor |
| * [SENTRY-2299] - NPE In Sentry HDFS Sync Plugin |
| * [SENTRY-2316] - Rename any 'entity' word for 'principal' to be consistent with Hive principal name and type |
| * [SENTRY-2332] - Load hadoop default configuration when starting sentry service |
| * [SENTRY-2373] - Incorrect WARN message when processing add partition messages |
| * [SENTRY-2403] - Incorrect naming in RollingFileWithoutDeleteAppender |
| * [SENTRY-2406] - Make sure inputHierarchy and outputHierarchy have unique values |
| * [SENTRY-2409] - ALTER TABLE SET OWNER does not allow to change the table if using only the table name |
| * [SENTRY-2417] - LocalGroupMappingService class docs do not accurately reflect required INI format |
| * [SENTRY-2425] - Add metric to track the time taken to update the owner privilege |
| * [SENTRY-2428] - Skip null partitions or partitions with null sds entries |
| * [SENTRY-2429] - Transfer database owner drops table owner |
| * [SENTRY-2432] - The case of a username is ignored when determining object ownership |
| * [SENTRY-2433] - Dropping object privileges does not include update of dropping user privileges |
| * [SENTRY-2437] - When granting privileges a single transaction per grant causes long delays |
| * [SENTRY-2441] - When MAuthzPathsMapping is deleted all associated MPaths should be deleted automatically. |
| * [SENTRY-2464] - Catch exception thrown on first reload for UpdatableCache |
| * [SENTRY-2469] - Fix bugs in RoleServlet |
| * [SENTRY-2471] - Table rename should sync Sentry privilege even without location information |
| * [SENTRY-2477] - When requesting for deltas check if nn seq num is 1 more than latest sequence num |
| * [SENTRY-2480] - Change processDropDatabase to call removeAllPaths |
| * [SENTRY-2486] - Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode |
| * [SENTRY-2490] - When building a full perm update for each object we only build 1 privilege per role |
| * [SENTRY-2491] - Sentry High availability unit tests run into deadlock sometimes |
| * [SENTRY-2492] - Consecutive ALL grants get deleted when multiple roles have ALL grants on that object |
| * [SENTRY-2493] - Sentry store api's for path mapping should handle empty/null paths. |
| * [SENTRY-2494] - Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern |
| * [SENTRY-2497] - show grant role results in NPE when URI does not have scheme |
| * [SENTRY-2498] - Exception while deleting paths that does't exist |
| * [SENTRY-2500] - CREATE on server does not provide HMS server side read authorization for get_all_tables(database_name) |
| * [SENTRY-2501] - Add cache for HMS server filtering hook |
| * [SENTRY-2502] - Sentry NN plug-in stops fetching updates from sentry server |
| * [SENTRY-2503] - Failed to revoke the privilege from impala-shell if the privilege added from beeline cli |
| * [SENTRY-2528] - Format exception when fetching a full snapshot |
| * [SENTRY-2535] - SentryKafkaAuthorizer throws Exception when describing ACLs |
| * [SENTRY-2538] - consecutiveUpdateFailuresCount is not reset |
| * [SENTRY-2545] - Rolling back Privilege Cache to SimplePrivilegeCache does not work |
| |
| |
| |
| ** New Feature |
| * [SENTRY-1242] - Enable getting all privileges on a hive object |
| * [SENTRY-2427] - Use Hadoop KerberosName class to derive shortName |
| * [SENTRY-2445] - Implement backup and restore mechanism for sentry permissions. |
| * [SENTRY-2481] - Filter HMS server-side objects based on HMS user authorization |
| * [SENTRY-2533] - The UDF in_file should be blacked default |
| |
| ** Improvement |
| * [SENTRY-1944] - Optimize DelegateSentryStore.getGroupsByRoles() and update SentryGenericPolicyProcessor to retrieve roles to group mapping in a single transaction |
| * [SENTRY-2019] - Improve logging in SentryPlugin |
| * [SENTRY-2176] - IllegalFormatConversionException while trying to convert AtomicLong to int |
| * [SENTRY-2194] - Upgrade Sentry hadoop-version dependency to 2.7.5 |
| * [SENTRY-2210] - AUTHZ_PATH should have index on the foreign key AUTHZ_OBJ_ID |
| * [SENTRY-2219] - Create index AUTHZ_PATH_FK_IDX at table AUTHZ_PATH only when it does not exist for Oracle |
| * [SENTRY-2249] - Enable batch insert of HMS paths in Full Snapshot. |
| * [SENTRY-2324] - Allow sentry to fetch configurable notifications from HMS |
| * [SENTRY-2329] - Integrate sentry with Hadoop 3.1.1 |
| * [SENTRY-2371] - Add a new thrift API for getting all privileges a user has |
| * [SENTRY-2372] - SentryStore should not implement grantOptionCheck |
| * [SENTRY-2413] - Provide a configuration option to permit specific DB privileges to be granted explicitly |
| * [SENTRY-2431] - Update Solr permission mapping to include Metric history reading permission |
| * [SENTRY-2440] - Add a new thrift API for checking if a user is in admin group |
| * [SENTRY-2444] - SigUtils signal handler needs a way to unregister functions. |
| * [SENTRY-2452] - Change the thrift interface to send the list of authorizable to sentry server |
| * [SENTRY-2453] - Sentry client should perform translation before sending export/import requests. |
| * [SENTRY-2454] - Add new sentry store api to gather the privileges for a list of authorizables. |
| * [SENTRY-2458] - Separate Web UI and service from service-server to prevent circular dependencies |
| * [SENTRY-2460] - Export sentry permission information to HDFS location |
| * [SENTRY-2466] - Create generic sentry store metrics |
| * [SENTRY-2482] - Sentry Solr to support multi-attribute document level security |
| * [SENTRY-2483] - Implement HMS PreReadEvent support in MetastoreAuthzBinding |
| * [SENTRY-2488] - Add privilege cache to sentry hive bindings in DefaultAccessValidator |
| * [SENTRY-2522] - Add a new thrift API for getting all privileges a user has for a given set of authorizable |
| * [SENTRY-2539] - PolicyEngine should be able to return privilege directly |
| * [SENTRY-2540] - Only use SELECT action for filter SHOW DATABASES and SHOW TABLES command based on configuration |
| |
| ** Test |
| * [SENTRY-2457] - Reuse connection objects on TestConcurrentClients#testConcurrentHS2Client |
| |
| |
| ** Task |
| * [SENTRY-2377] - Sentry 2.1.0 release |
| * [SENTRY-2436] - Add annotations for classes that are used in binding as public |
| |