| Release Notes - Sentry - Version 2.0.0 |
| |
| ** New Feature |
| * [SENTRY-872] - Uber jira for HMS HA + Sentry HA redesign |
| * [SENTRY-1446] - Upgrade httpmime (Sentry) to 4.3.6 or greater. |
| * [SENTRY-1475] - Integrate Sentry with Solr 7 authorization framework |
| * [SENTRY-1853] - Add the log level access mechanism |
| * [SENTRY-1881] - PrivilegeOperatePersistence throws wrong type of exceptions |
| * [SENTRY-2027] - Create mechanism of delivering commands via WebUI |
| |
| ** Improvement |
| * [SENTRY-198] - Create command line utility to display and mutate privileges on Sentry service |
| * [SENTRY-627] - Extend Sentry HA to work with Hive Metastore HA and HDFS |
| * [SENTRY-967] - Use the Maven Dependency Plugin to download artifacts for the Sqoop tests |
| * [SENTRY-1120] - Show role / privileges info in Sentry Service Webpage |
| * [SENTRY-1210] - Refactor the SentryShellSolr and SentryShellKafka |
| * [SENTRY-1404] - Use the new INodeAttributesProvider API in sentry-hdfs |
| * [SENTRY-1453] - Enable passing sentry client cache configs from kafka conf |
| * [SENTRY-1501] - SentryStore shouldn't synchronize openTransaction() and commitUpdateTransaction() |
| * [SENTRY-1507] - Sentry should use Datanucleus version of javax.jdo |
| * [SENTRY-1517] - SentryStore should actually use function getMSentryRole to get roles |
| * [SENTRY-1518] - Add metrics for SentryStore transactions |
| * [SENTRY-1525] - Provide script to run Sentry directly from the repo |
| * [SENTRY-1533] - Sentry console metrics reporting interval should be configurable |
| * [SENTRY-1556] - Simplify privilege cleaning |
| * [SENTRY-1557] - getRolesForGroups() does too many trips to the the DB |
| * [SENTRY-1577] - Support "create function using jar" for hive when Sentry is enabled |
| * [SENTRY-1581] - Provide Log4J metrics reporter |
| * [SENTRY-1582] - Comments to clarify the intent of string manipulation methods in SentryStore.java |
| * [SENTRY-1594] - TransactionBlock should become generic |
| * [SENTRY-1599] - CloseablePersistenceManager is no longer needed |
| * [SENTRY-1604] - Sentry JSON message factory: Need more information in alter partition event |
| * [SENTRY-1615] - SentryStore should not allocate empty objects that are immediately returned |
| * [SENTRY-1625] - PrivilegeOperatePersistence can use QueryParamBuilder |
| * [SENTRY-1633] - Disable mvn failIfNotTest flag |
| * [SENTRY-1636] - Remove thrift dependency on fb303 |
| * [SENTRY-1639] - Refactor thrift clients configuration constants |
| * [SENTRY-1642] - Integrate Sentry build with Error Prone |
| * [SENTRY-1691] - TransactionManager should use try-with-resource for timers |
| * [SENTRY-1710] - Reduce datanucleus key cache size for MSentryPermChange and MSentryPathChange tables to avoid holes in change IDs |
| * [SENTRY-1730] - Remove FileInputStream/FileOutputStream |
| * [SENTRY-1742] - Upgrade to Maven surefire plugin v2.2 |
| * [SENTRY-1744] - Simplify creation of DelegateSentryStore |
| * [SENTRY-1811] - Optimize data structures used in HDFS sync |
| * [SENTRY-1812] - Provide interactive Sentry CLI |
| * [SENTRY-1816] - Sentry client classes should be AutoCloseable |
| * [SENTRY-1820] - Add JSON file reporter for Sentry metrics |
| * [SENTRY-1822] - Allow multiple Sentry reporters. |
| * [SENTRY-1823] - Fix the sentryShell script to support other types |
| * [SENTRY-1827] - Minimize TPathsDump thrift message used in HDFS sync |
| * [SENTRY-1867] - DataNucleus.Query INFO level logging spams Sentry log files |
| * [SENTRY-1873] - Upgrade PMD plugin and fix related issues |
| * [SENTRY-1892] - Reduce memory consumption of HMSPath$Entry and TPathEntry |
| * [SENTRY-1896] - Optimize retrieving role names for groups |
| * [SENTRY-1903] - TransactionManager shows retried transactions starting from 0 |
| * [SENTRY-1905] - How to contribute to documentation |
| * [SENTRY-1906] - Sentry clients to retry connections to server with delay to avoid failing fast |
| * [SENTRY-1907] - Potential memory optimization when handling big full snapshots. |
| * [SENTRY-1909] - Improvements for memory usage when full path snapshot is sent from Sentry to NN |
| * [SENTRY-1921] - Make SentryServiceFactory.create static and all calling instances use the static call |
| * [SENTRY-1932] - Improve logging for HMSPath |
| * [SENTRY-1937] - Optimize performance for listing sentry roles by group name |
| * [SENTRY-1938] - Sentry logs to provide more relevant information |
| * [SENTRY-1943] - Update Guava to 14.0 |
| * [SENTRY-1958] - Bump to Hive version 2.0 |
| * [SENTRY-1962] - Merge hive 2.0 authz1/authz2 profile dependencies |
| * [SENTRY-1963] - Sentry JSON reporter should use regular implementation for local file system |
| * [SENTRY-1966] - Improve logging of HMS sync data (paths and permissions) flowing from Sentry to NameNode |
| * [SENTRY-1968] - Remove sentry-binding-hive-hmsfollower-v2 module after Hive 2.0 version bump |
| * [SENTRY-1973] - Use KafkaPrivilegeModel to retrieve Kafka validators |
| * [SENTRY-1974] - Consolidate the Solr + Kafka PrivilegeValidators into a single GenericPrivilegeValidator |
| * [SENTRY-1975] - Add sqoop support to SentryShellGeneric |
| * [SENTRY-1979] - Consolidate code for converting Hive privilege objects to Strings |
| * [SENTRY-1981] - Bump codehale metrics version to latest 3.0.2 version |
| * [SENTRY-1988] - Bump slf4j version from 1.6.0 to 1.7.25 (latest version) |
| * [SENTRY-1989] - Bump Kafka version from 0.9 to 0.11 |
| * [SENTRY-1992] - Improve parameter handling for SentryGenericProviderBackend |
| * [SENTRY-1996] - Rename Sqoop SentryAuthorizationHander |
| * [SENTRY-2009] - Upgrade Surefire plugin |
| * [SENTRY-2013] - Align the SentryGenericServiceClient and SentryPolicyServiceClient a bit more closely |
| * [SENTRY-2015] - Refactor Command implementations |
| * [SENTRY-2031] - Add trigger mechanism for Sentry to pull full path snapshot from HMS |
| * [SENTRY-2038] - Some ShellCommand improvements |
| * [SENTRY-2042] - Support file based Sentry provider for Solr plugin |
| * [SENTRY-2048] - Bump Hive version to 2.3.2 |
| * [SENTRY-2062] - Support the new Hive 2.3.2 DbNotificationListener |
| * [SENTRY-2076] - Some test artifacts are not defined at test scope |
| |
| |
| ** Sub-task |
| * [SENTRY-851] - UpdateForwarder does not have to implement Updateable |
| * [SENTRY-852] - Create PathUpdateForwarder and PermUpdateForwarder |
| * [SENTRY-1316] - Implement Sentry leadership election |
| * [SENTRY-1317] - Implement fencing required for active/standby |
| * [SENTRY-1321] - Implement HMSFollower in Sentry service which reads the NotificationLog entries |
| * [SENTRY-1324] - Add sentry specific test cases to use NotificationLog |
| * [SENTRY-1325] - Store HMSPaths in Sentry DB to allow fast failover |
| * [SENTRY-1329] - Adapt SentryMetaStorePostEventListener to write HMS notification logs |
| * [SENTRY-1330] - Notify Sentry about HMS new notifications if low delay is desired |
| * [SENTRY-1362] - add sentry ha e2e test back accommodating to the re-design |
| * [SENTRY-1365] - Upgrading SQL script for HMSPaths persistence |
| * [SENTRY-1371] - Rework fetching Hive Paths state |
| * [SENTRY-1388] - Make HiveConf and Hive client jars available to Sentry deamon |
| * [SENTRY-1389] - Handle updating HMSState for HDFS plugin in HMSFollower |
| * [SENTRY-1395] - Move the HDFS code which lives inside the sentry daemon into sentry-provider |
| * [SENTRY-1398] - Fix TestLeaderStatus#testRacingClients |
| * [SENTRY-1399] - Integrate Fencer with SentryStore |
| * [SENTRY-1403] - Move SentryHDFSServiceClient code from hdfs-common into hdfs-service |
| * [SENTRY-1411] - The sentry client should retry RPCs if it gets a SentryStandbyException (SentryPolicyServiceClient - pool version) |
| * [SENTRY-1413] - Changes to get the Fencer working with Oracle and MySQL |
| * [SENTRY-1414] - Evict datanucleus second-level cache during activation |
| * [SENTRY-1415] - [Test hook] Provide a hook to stop the active sentry sevice |
| * [SENTRY-1422] - JDO deadlocks while processing grant while a background thread processes Notificationlogs |
| * [SENTRY-1423] - Sentry HA Test: programmatic failover in a mini cluster env; also add some test data. |
| * [SENTRY-1425] - May want to disallow reads on Sentry passive |
| * [SENTRY-1426] - Do not start up HMSFollower if hive is not using Sentry |
| * [SENTRY-1427] - Test TGT renewals in HMSFollower |
| * [SENTRY-1428] - Only leader should follow HMS updates |
| * [SENTRY-1430] - Test Sentry HA Tasks |
| * [SENTRY-1433] - GenericServiceClient should support connection pools |
| * [SENTRY-1437] - Sentry should not serve requests until the full update processing is finished |
| * [SENTRY-1440] - Fencing implementation in sentry-ha can create two fencing tables |
| * [SENTRY-1441] - Error during fencing table rename can disable master |
| * [SENTRY-1448] - Store processed notification sequence ID in database |
| * [SENTRY-1449] - Rebase sentry-ha-redesign branch on master |
| * [SENTRY-1463] - Ensure HMS point-in-time snapshot consistency |
| * [SENTRY-1477] - Sentry clients should retry with another server when they get connection errors |
| * [SENTRY-1478] - Disable fencing in Sentry store for Active/Active |
| * [SENTRY-1483] - HMS plugin should wait until Sentry handles the update before continuing. |
| * [SENTRY-1487] - Renaming SQL script for HMSPaths persistence |
| * [SENTRY-1499] - Add feature flag for using NotifcationLog |
| * [SENTRY-1510] - Add option to use non pool model for sentry client |
| * [SENTRY-1511] - HDFS Sync change for handling persisted Sentry delta or full updates |
| * [SENTRY-1522] - Port SENTRY-1505 to sentry-ha_redesign branch |
| * [SENTRY-1529] - HMS Follower thread should terminate when Sentry receives ^C |
| * [SENTRY-1535] - HMS Follower should update HDFS plugin paths |
| * [SENTRY-1536] - Refactor SentryStore transaction management to allow for extra TransanctionBlocks for a single permission update |
| * [SENTRY-1538] - Create schema for storing HMS path change and Sentry permission change. |
| * [SENTRY-1539] - HMS Follower should store arriving HMS notifications |
| * [SENTRY-1553] - Port SENTRY1517 to sentry-ha-redesign branch |
| * [SENTRY-1554] - Port SENTRY-1518 to sentry-ha-redesign |
| * [SENTRY-1559] - Remove fencing support |
| * [SENTRY-1560] - Add feature flag to allow stand-alone configuration without ZK |
| * [SENTRY-1566] - Make full Perm/Path snapshot available for NN plugin |
| * [SENTRY-1567] - Refactor propagating logic for Perm/Path delta to NN plugin |
| * [SENTRY-1569] - Upgrading SQL scripts for persist Perm/Path change |
| * [SENTRY-1575] - Backport SENTRY-1404 to Sentry-ha-redesign branch |
| * [SENTRY-1578] - Suport secure ZK configuration for leader election |
| * [SENTRY-1580] - Provide pooled client connection model with HA |
| * [SENTRY-1583] - Refactor ZK/Curator code |
| * [SENTRY-1587] - Refactor SentryStore transaction to persist a single path transcation bundled with corresponding delta path change |
| * [SENTRY-1592] - Implement NN client failover for Sentry HA |
| * [SENTRY-1593] - Implement client failover for Generic and NN clients |
| * [SENTRY-1595] - Backport SENTRY-1577 to sentry-ha-redesign |
| * [SENTRY-1596] - Hive tests failing for sentry-ha-redesign branch |
| * [SENTRY-1598] - Port SENTRY-1507 to sentry-ha-redesign |
| * [SENTRY-1600] - Define Thrift API for HMS to Sentry notification barrier |
| * [SENTRY-1601] - Implement HMS Notification barrier on the server side |
| * [SENTRY-1606] - Sentry HDFS Sync should survive in presence of bad paths objects |
| * [SENTRY-1607] - Backport SENTRY-1134 to sentry-ha-redesign |
| * [SENTRY-1608] - Converting Sentry to a stateless service |
| * [SENTRY-1611] - Purge MSentryPerm/PathChange tables |
| * [SENTRY-1612] - HMSFollower should persist full HMS snapshot into SentryDB if there is not one. |
| * [SENTRY-1613] - Add propagating logic for Perm/Path updates in Sentry service |
| * [SENTRY-1617] - Fetch Hive Paths point-in-time full snapshot during Sentry startup |
| * [SENTRY-1619] - Fix the secure HMS connection code in HMSFollower |
| * [SENTRY-1620] - Incorrect usage of AuthzConfVars.AUTHZ_SERVER_NAME may cause HS2 HA not work |
| * [SENTRY-1621] - HMSFollower to retry connecting to HMS upon connection loss |
| * [SENTRY-1622] - Backport SENTRY-1615 to sentry-ha-redesign branch |
| * [SENTRY-1623] - Typo for notification log feature flag |
| * [SENTRY-1628] - In HMSFollower failing of catching error causes the executor to halt |
| * [SENTRY-1629] - Current MAuthzPathsMapping table definition may cause error 'Duplicate entry XX for key PRIMARY' |
| * [SENTRY-1630] - out of sequence error in HMSFollower |
| * [SENTRY-1632] - Make HMSFollower initialDelay and run period configurable |
| * [SENTRY-1634] - HMSFollower should not check isLoadMetastoreConfig when trying to connect to HMS |
| * [SENTRY-1635] - Limit HMS connections only to the leader of the sentry servers |
| * [SENTRY-1637] - Periodically purge Delta change tables. |
| * [SENTRY-1638] - Update SQL script of MSentryPathChange table to add a column for notification ID |
| * [SENTRY-1641] - Cleanup creation of SentryStore and HMSFollower |
| * [SENTRY-1643] - AutoIncrement ChangeID of MSentryPermChange/MSentryPathChange may be error-prone |
| * [SENTRY-1645] - Port SENTRY-1642 to sentry-ha-redesign |
| * [SENTRY-1649] - Initialize HMSFollower when sentry server actually starts |
| * [SENTRY-1650] - Port SENTRY-1360 to sentry-ha-redesign |
| * [SENTRY-1652] - Port SENTRY-1464 to sentry-ha-redesign |
| * [SENTRY-1655] - Port SENTRY-1471 to sentry-ha-redesign |
| * [SENTRY-1656] - Port Sentry-1459 to sentry-ha-redesign |
| * [SENTRY-1666] - TestHDFSIntegrationAdvanced timeouts on sentry-ha-redesign branch |
| * [SENTRY-1669] - HMSFollower should read current processed notification ID from database every time it runs |
| * [SENTRY-1670] - Expose current HMS notification ID as a Sentry gauge (metric) |
| * [SENTRY-1671] - Provide HMSFollower healthcheck (metric) |
| * [SENTRY-1672] - Expose HMS data via Sentry web UI |
| * [SENTRY-1673] - Improve error reporting from FullUpdateInitializer |
| * [SENTRY-1674] - HMSFollower shouldn't print the same value of notification ID multiple times |
| * [SENTRY-1675] - sentry-hdfs-dist should include sentry-core-common after refactor SentryHDFSServiceClientDefaultImpl |
| * [SENTRY-1676] - FullUpdateInitializer#createInitialUpdate should not throw RuntimeException |
| * [SENTRY-1677] - Add metrics to measure how much time to get Delta Path/Perm Updates |
| * [SENTRY-1680] - MetastoreCacheInitializer is lo longer used and should be removed |
| * [SENTRY-1682] - Investigate use of EXPORT for replication for initial HMS snapshot |
| * [SENTRY-1684] - FullUpdateInitializer has a race condition in handling results list |
| * [SENTRY-1685] - Port SENTRY-1489 to sentry-ha-redesign branch |
| * [SENTRY-1686] - Port SENTRY-1548 to sentry-ha-redesign branch |
| * [SENTRY-1687] - FullUpdateInitializer can be more efficient |
| * [SENTRY-1690] - sql changed needed for AUTHZ_PATH table |
| * [SENTRY-1693] - HMSFollower should handle adding a view with empty path. |
| * [SENTRY-1695] - Waiting for HMS notifications from Thrift should be interruptible |
| * [SENTRY-1696] - Expose time spent creating the initial snapshot as a metric |
| * [SENTRY-1697] - Deprecate feature flag for enabling notification log |
| * [SENTRY-1698] - PathsUpdate.parsePath() calls FileSystem.getDefaultUri() way too often |
| * [SENTRY-1700] - FullUpdateInitializer should not use preconditions to verify HMS data |
| * [SENTRY-1701] - Improve retry handling for FullUpdateInitializer |
| * [SENTRY-1705] - Do not start HMSFollower if Hive isn't configured |
| * [SENTRY-1709] - Avoid randomizing the servers at client side based on configuration. |
| * [SENTRY-1711] - HMSFollower shouldn't call processNotificationEvents() unless there are events |
| * [SENTRY-1713] - Enable TestHDFSIntegrationEnd2End.testEnd2End |
| * [SENTRY-1715] - Disable HMSFollower when HMS integration is not enabled |
| * [SENTRY-1716] - HMSFollower doesn't need to save path info when HDFS sync is disabled |
| * [SENTRY-1717] - Sentry should emit log messages when it is ready to serve requests. |
| * [SENTRY-1718] - TestSentryStore often fails in setup() |
| * [SENTRY-1719] - Implement alternative HMS/Sentry synchronization |
| * [SENTRY-1721] - Unit test failures in TestSentryStore due to changeId miscount |
| * [SENTRY-1722] - Create HMSFollower when SentryService.Start() is called |
| * [SENTRY-1723] - HDFS e2e tests should wait for HMSFollower to start |
| * [SENTRY-1724] - Remove old PoolClientInvocationHandler |
| * [SENTRY-1725] - Include response status in TSentrySyncIDResponse |
| * [SENTRY-1726] - sql changes to store last notification-id processed |
| * [SENTRY-1729] - Test secure ZK connections |
| * [SENTRY-1732] - Test concurrent roles/groups/privs operations |
| * [SENTRY-1733] - Add log message for key store file path |
| * [SENTRY-1734] - Create/Alter/Drop database/table should check corresponding property before drop privileges |
| * [SENTRY-1735] - Sentry Clients should not log every connection request |
| * [SENTRY-1736] - Generic service client should support Kerberos |
| * [SENTRY-1737] - SentryTransportFactory may use incorrect kerberos principal |
| * [SENTRY-1738] - Inefficient connection management by retrying invocation handler |
| * [SENTRY-1741] - HMSFollower doesn't handle INSERT operation |
| * [SENTRY-1747] - HMSFollower shouldn't create local hive during tests |
| * [SENTRY-1750] - HMSFollower does not handle view update correctly |
| * [SENTRY-1751] - HMSFollower should not persist empty full snapshot |
| * [SENTRY-1752] - HMSFollower gets stuck once it fails to process a notification event |
| * [SENTRY-1755] - Add HMSFollower per-operation metrics |
| * [SENTRY-1756] - Passive nodes should still follow latest notification ID |
| * [SENTRY-1757] - Avoid using local hive meta store with wrong configuration |
| * [SENTRY-1758] - Improve Sentry memory usage by interning object names |
| * [SENTRY-1760] - HMSFollower should detect when a full snapshot from HMS is required |
| * [SENTRY-1762] - notification id's in SENTRY_HMS_NOTIFICATION_ID should be purged periodically |
| * [SENTRY-1763] - Fix the config string for server load balancing |
| * [SENTRY-1764] - HMSFollower should check for leader status after each event processed |
| * [SENTRY-1765] - CounterWait.update should be less strict |
| * [SENTRY-1766] - Generic model clients using kerberos can no longer connect to Sentry server |
| * [SENTRY-1767] - Multiple followers should not create full snapshot |
| * [SENTRY-1768] - Avoid detaching object on transaction exit when it isn't needed |
| * [SENTRY-1769] - Refactor HMSFollower Class |
| * [SENTRY-1770] - Avoid more detaches on commit |
| * [SENTRY-1771] - HDFS client concurrently requests full permission update multiple times |
| * [SENTRY-1772] - Permissions created before table creation are not reflected in HDFS ACLs |
| * [SENTRY-1773] - Delta change cleaner should leave way more then a single entry intact |
| * [SENTRY-1774] - HMSFollower should always depend on persisted information to decide is full snapshot is needed |
| * [SENTRY-1776] - SentryStore should clear SENTRY_HMS_NOTIFICATION_ID while clearing store |
| * [SENTRY-1777] - Generic clients are not able to connect to sentry server with kerberos enabled. |
| * [SENTRY-1780] - FullUpdateInitializer does not kill the threads whenever getFullHMSSnapshot throws an exception |
| * [SENTRY-1781] - Persist new HMS snapshots with a new generation ID. |
| * [SENTRY-1782] - Add an HMS image ID to the thrift schema definition for hdfs/sentry requests |
| * [SENTRY-1784] - DBUpdateForwarder returns empty update list to HDFS instead of full update |
| * [SENTRY-1791] - Sentry Clients failover not working with kerberos enabled |
| * [SENTRY-1792] - Ensure DB to sort delta changes by CHANGE_ID |
| * [SENTRY-1793] - Reenable ignored unit tests from TestHDFSIntegrationEnd2End |
| * [SENTRY-1794] - HMSFollower not persisting last processed notifications when partition is altered |
| * [SENTRY-1795] - Delta tables should not have holes |
| * [SENTRY-1796] - Add better debug logging for retrieving the delta changes |
| * [SENTRY-1798] - Provide names for HMSFollower and cleaner threads |
| * [SENTRY-1799] - Fix flaky HDFS END2END tests |
| * [SENTRY-1800] - Flaky testConcurrentUpdateChanges test |
| * [SENTRY-1803] - HMSFollower should handle the case of multiple notifications with the same ID |
| * [SENTRY-1804] - Sentry server can be more efficient in handling full snapshot from HMS |
| * [SENTRY-1805] - Define a DB schema for HMS generation IDs |
| * [SENTRY-1806] - Improve memory handling for HDFS sync |
| * [SENTRY-1807] - NotificationProcessor may put the wrong path in the update |
| * [SENTRY-1814] - Provide unit test for LeaderStatusMonitor |
| * [SENTRY-1815] - Send new HMS snapshots to HDFS requesting an old generation ID |
| * [SENTRY-1817] - Deprecate SENTRY_HA_ENABLED and all tests that use it |
| * [SENTRY-1818] - HMSFollower should be a singleton |
| * [SENTRY-1821] - Transactions could fail to commit to the database under load |
| * [SENTRY-1824] - SentryStore may serialize transactions that rely on unique key |
| * [SENTRY-1825] - Dropping a Hive database/table doesn't cleanup the permissions associated with it |
| * [SENTRY-1828] - Rename version in sentry-ha-redesign branch to 2.0.0-SNAPSHOT |
| * [SENTRY-1830] - Create new release version 2.0.0 on JIRA |
| * [SENTRY-1832] - Sentry e2e tests should enable SentrySyncHMSNotificationsPostEventListener |
| * [SENTRY-1833] - Expose current set of IDs as Sentry metrics |
| * [SENTRY-1834] - Fix build failures when hive-authz2 profile is enabled. |
| * [SENTRY-1839] - Fork files from sentry-binding-hive-common package to sentry-binding-hive and sentry-binding-hive-v2 packages |
| * [SENTRY-1843] - Fork sentry-binding-hive-follower package to support Hive 2.x |
| * [SENTRY-1847] - Integrate sentry with Hive 2.0.0 |
| * [SENTRY-1848] - Separate legacy sentry configs from sentry ha configs for api compatibility |
| * [SENTRY-1849] - Fix the pom file to use appropriate hive dependencies based on hive-authz profile |
| * [SENTRY-1851] - Revert HMSFollower refactoring change |
| * [SENTRY-1854] - HMSFollower should handle notifications even if HDFS sync is disabled. |
| * [SENTRY-1856] - Persisting HMS snapshot and the notification-id to database in same transaction |
| * [SENTRY-1860] - Update CHANGELOG on master to reflect 1.8.0 changes |
| * [SENTRY-1869] - Try to use pool with idle connections first |
| * [SENTRY-1879] - Sentry e2e tests are trying to test without notification log |
| * [SENTRY-1880] - Fake subtask to deal with jenkins issues |
| * [SENTRY-1895] - Sentry should handle the case of multiple notifications with the same ID |
| * [SENTRY-1978] - Move the hive-authz2 grant/revoke implementation into the sentry-binding-hive module |
| * [SENTRY-1980] - Move the hive-authz2 HMS client filtering implementation into the sentry-binding-hive module |
| * [SENTRY-1998] - Create release version 2.1.0 in Jira |
| * [SENTRY-1999] - Sanitize issues that are outstanding for 2.0.0 release |
| * [SENTRY-2000] - Cut 2.0.0 branch |
| * [SENTRY-2001] - Update POM with new version |
| * [SENTRY-2002] - Update CHANGELOG on master to reflect 2.0.0 changes |
| * [SENTRY-2003] - Create tag Release-2.0.0 |
| * [SENTRY-2004] - Create Release-2.0.0 |
| * [SENTRY-2005] - Run vote on Release-2.0.0 |
| * [SENTRY-2006] - Release artifacts for 2.0.0 |
| * [SENTRY-2007] - Finish Release-2.0.0 |
| * [SENTRY-2055] - update the pom file on master with the new version. |
| * [SENTRY-2061] - Prepare release notes for 2.0.0 release |
| |
| ** Bug |
| * [SENTRY-1231] - Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri" |
| * [SENTRY-1260] - Improve error handling - ArrayIndexOutOfBoundsException in PathsUpdate.parsePath can cause MetastoreCacheInitializer intialization to fail |
| * [SENTRY-1270] - Improve error handling - Database with malformed URI causes NPE in HMS plugin during DDL |
| * [SENTRY-1313] - Database prefix is not honoured when executing grant statement |
| * [SENTRY-1331] - Add a kerberos end to end test case to access isActive and isHa metrics. |
| * [SENTRY-1336] - Fix PMD violation in testSentryServiceGauges |
| * [SENTRY-1378] - Login fails for a secure Sentry Web UI |
| * [SENTRY-1397] - Add Notification log tests for Hive commands which do not change obj- location |
| * [SENTRY-1416] - kafka-sentry tool's service name's default is different from KafkaSentryAuthorizer's default service name |
| * [SENTRY-1476] - SentryStore is subject to JDQL injection |
| * [SENTRY-1491] - Sentry transactions are not rolled back immediately when commit fails |
| * [SENTRY-1498] - Move SentryAdminServlet from sentry-service to sentry-provider |
| * [SENTRY-1509] - Disable solr unit tests from e2e runs.are becoming flaky |
| * [SENTRY-1514] - Massive Solr Unit Test Failures found, disable them for now. |
| * [SENTRY-1515] - Cleanup exception handling in SentryStore |
| * [SENTRY-1524] - sentry-dist is missing dependency on sentry-hdfs-dist |
| * [SENTRY-1526] - Sentry processed stays alive after being killed |
| * [SENTRY-1532] - Sentry Web UI isn't working |
| * [SENTRY-1534] - Oracle supports serializable instead of repeatable-read |
| * [SENTRY-1546] - Generic Policy provides bad error messages for Sentry exceptions |
| * [SENTRY-1548] - Setting GrantOption to UNSET upsets Sentry |
| * [SENTRY-1574] - SentryMetastorePostEventListener class is not used by anything |
| * [SENTRY-1586] - [unit test] Race condition between metastore server/client could cause connection refused errors |
| * [SENTRY-1602] - Code cleanup for Sentry JSON message factory for hive notifications |
| * [SENTRY-1609] - DelegateSentryStore is subject to JDQL injection |
| * [SENTRY-1624] - DefaultSentryValidator doesn't correctly construct SentryOnFailureHookContextImpl |
| * [SENTRY-1640] - Implement HMS Notification barrier on the HMS plugin side |
| * [SENTRY-1644] - Partition ACLs disappear after renaming Hive table with partitions |
| * [SENTRY-1646] - Unable to truncate table <database>.<tablename>; from "default" databases |
| * [SENTRY-1658] - Null pointer dereference in SentryShellHive |
| * [SENTRY-1661] - SentryStore has a couple of public static fields that are not final |
| * [SENTRY-1663] - UpdateableAuthzPermissions has mutable static fields |
| * [SENTRY-1665] - cross-site scripting vulnerability in ConfServlet |
| * [SENTRY-1667] - Switching to Jetty v9 library |
| * [SENTRY-1681] - SentryHdfsServiceException is an unchecked exception |
| * [SENTRY-1689] - sql changed needed for MAuthzPathsMapping |
| * [SENTRY-1692] - ZK namespace configuration doesn't work |
| * [SENTRY-1699] - MetastoreCacheInitializer shouldn't use Preconditions for HMS data |
| * [SENTRY-1712] - Add trigger mechanism for Sentry to push full path snapshot to Name Node |
| * [SENTRY-1727] - HMSPathsDumper.cloneToEntry should set authzObjToEntries properly |
| * [SENTRY-1739] - Sentry Kafka tests do not stop periodic update after the test end |
| * [SENTRY-1745] - Bundle sentry-core-common into sentry-hdfs-dist to avoid NN failing with NoClassDefFoundError |
| * [SENTRY-1749] - HMSFollower uses incorrect keytab for HMS connection |
| * [SENTRY-1759] - UpdatableCache leaks connections |
| * [SENTRY-1783] - alterSentryRoleGrantPrivilegeCore does more persistence work than required |
| * [SENTRY-1785] - Fix TestKrbConnectionTimeout test |
| * [SENTRY-1788] - Sentry Store may use JDO object after the associated data is removed in DB |
| * [SENTRY-1790] - NoClassDefFoundError: org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl |
| * [SENTRY-1801] - Sentry Namenode Plugin should handle unknown permissions |
| * [SENTRY-1831] - The MetastorePlugin SyncTask is leaking connection threads when read timed out issues are thrown |
| * [SENTRY-1850] - Duplicate dependency in the sentry-binding-hive pom |
| * [SENTRY-1852] - Refactor HMSFollower without renaming file |
| * [SENTRY-1868] - SentryStore should set loadResultsAtCommit to false when query result isn't needed |
| * [SENTRY-1874] - Do not require quiet HMS when taking initial HMS snapshot |
| * [SENTRY-1886] - Add 1.8.0 -> 2.0.0 upgrade SQL scripts |
| * [SENTRY-1888] - Sentry might not fetch all HMS duplicated events IDs when requested |
| * [SENTRY-1889] - HMSFollower should log better detailed error message if it cannot connect to HMS |
| * [SENTRY-1890] - HMSFollower keep getting full snapshot when HDFS is disabled |
| * [SENTRY-1897] - Rename sentry property to provide the list of sentry servers |
| * [SENTRY-1898] - Sentry no longer supports creating more than ~15 partitions at once |
| * [SENTRY-1901] - sentry-tests-sqoop is pulling hardcoded snapshot version that doesnt exist anymore |
| * [SENTRY-1902] - TestSentryStore causes ID conflicts on MSentryPermChange |
| * [SENTRY-1913] - Incorrect constraints on AUTHZ_PATHS_MAPPING.AUTHZ_OBJ_NAME |
| * [SENTRY-1915] - Sentry is doing a lot of work to convert list of paths to HMSPaths structure |
| * [SENTRY-1916] - Sentry should not store paths outside of the prefix |
| * [SENTRY-1918] - NN snapshot should not be served while HMS snapshot is collected |
| * [SENTRY-1919] - Sentry should prevent two snapshots from being sent to HDFS |
| * [SENTRY-1927] - PathImageRetriever should minimize size of the serialized message when creating path dumps |
| * [SENTRY-1928] - HMSFollower should close HMS connections when an error to HMS occurs |
| * [SENTRY-1929] - When full HMS snapshot is created all higher notifications should be purged |
| * [SENTRY-1931] - NameNode only gets full snapshot once |
| * [SENTRY-1933] - hive-authz2 build fails because SentryJSONAlterPartitionMessage is not compatible |
| * [SENTRY-1934] - SQL Index name is too long for Oracle 11.2 |
| * [SENTRY-1939] - Resetting the CounterWait during full snapshot has to be handled across all sentry servers |
| * [SENTRY-1940] - Sentry should time out threads waiting for notifications |
| * [SENTRY-1941] - Add log4j2.properties file to sentry-hive-tests-v2 |
| * [SENTRY-1942] - Bump BoneCP version from 0.7.1 to 0.8.0 |
| * [SENTRY-1946] - getPathsUpdatesFrom() got its boolean logic inversed which results in sending two snapshots at the same time |
| * [SENTRY-1952] - SentrySyncHMSNotificationsPostEventListener should be public |
| * [SENTRY-1982] - Release sentry 2.0.0 upstream |
| * [SENTRY-1983] - Several commit/rollback errors happen in oracle12c-r1 due to current isolation level |
| * [SENTRY-1984] - Decrease number of max idle connections for Sentry clients |
| * [SENTRY-1985] - Sentry should log in stdout when it is ready to serve requests |
| * [SENTRY-1987] - Remove pom code related to non-existing TestSentryAuthorizationProvider class |
| * [SENTRY-1990] - Use same hadoop.version to hadoop-aws dependencies |
| * [SENTRY-1993] - StringIndexOutOfBoundsException in HMSPathsDumper.java |
| * [SENTRY-1994] - Bump Shiro dependency version to 1.4.0 |
| * [SENTRY-1995] - Bump Derby dependency version to 10.13.1.1 |
| * [SENTRY-1997] - Bump sqoop dependency version to 1.99.7 |
| * [SENTRY-2010] - Oracle does not allow creating more than one index on the same column |
| * [SENTRY-2011] - Oracle does not allow creating more than one index on the same column |
| * [SENTRY-2014] - Incorrect handling of HDFS paths with multiple slashes |
| * [SENTRY-2017] - Fix Sentry e2e tests to use SentryMetastorePostEventListenerNotificationLog |
| * [SENTRY-2018] - Remove SentryMetastorePostEventListener and SentryMetastorePostEventListenerBase classes |
| * [SENTRY-2020] - Fix testConsumeCycleWithInsufficientPrivileges test failure in kafka e2e tests. |
| * [SENTRY-2021] - MR session ACLs in Hive binding does not handle all types of ACLs |
| * [SENTRY-2022] - Alter View Rename and Alter View As commands not being tested for authorization |
| * [SENTRY-2024] - Drop Index that includes AUTHZ_OBJ_NAME |
| * [SENTRY-2026] - Bump Hadoop version from 2.7.2 to 2.7.4 |
| * [SENTRY-2028] - Avoid datanucleus to create/update database schema |
| * [SENTRY-2029] - Unit test fails consistently for org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegeCleanupOnDrop |
| * [SENTRY-2032] - Leading Slashes need to removed when creating HMS path entries |
| * [SENTRY-2033] - Fix TestDbPrivilegeCleanupOnDrop to use SentryMetastorePostEventListenerNotificationLog |
| * [SENTRY-2035] - Metrics should move to destination atomically |
| * [SENTRY-2036] - sentry_sync_notifications() should set ID when it returns errors |
| * [SENTRY-2037] - Remove not needed sentry-binding-hive-v2 dependency from the main pom.xml |
| * [SENTRY-2039] - KeyValue is case sensitive and it causes incompatibility issues with external components |
| * [SENTRY-2041] - Change Index name in Package.jdo to match index name in SQL |
| * [SENTRY-2046] - Create a full snapshot if AUTHZ_PATHS_SNAPSHOT_ID is empty, even if HMS and Sentry Notifications are in sync |
| * [SENTRY-2047] - isTableEmptyCore method in SentryStore has references to MAuthzPathsMapping when it should be generic |
| * [SENTRY-2066] - DB name is not set for AlterTable |
| * [SENTRY-2068] - Disable HTTP TRACE method from the Sentry Web Server |
| * [SENTRY-2072] - log4j2 dependencies brought by Hive 2 are causing conflicts with Sentry log4j |
| * [SENTRY-2073] - Remove snapshot from version 2.0.0-SNAPSHOT in SentryService.html |
| * [SENTRY-2079] - Sentry HA leader monitor does not work due to a mix of curator versions in the classpath |
| * [SENTRY-2081] - Automate the generation LICENSE.txt based on distributed jars |
| * [SENTRY-2082] - Exclude javax.servlet-3.0.0.v201112011016.jar from Sentry dist |
| * [SENTRY-2084] - Exclude javax.jms:jms from sentry distribution |
| |
| ** Task |
| * [SENTRY-1480] - A upgrade tool to migrate Solr/Sentry permissions |
| * [SENTRY-1520] - Provide mechanism for triggering HMS full snapshot |
| * [SENTRY-1838] - Support Hive 2.1.1 for sentry 2.0 |
| * [SENTRY-1859] - Prepare master for next release (2.0.0) |
| * [SENTRY-1893] - Bump the minimum java version to 8 |
| * [SENTRY-1899] - Remove support for HIVE 1.x |
| * [SENTRY-1970] - Configure PreCommit-SENTRY-Build to build and test against JDK8 |
| |
| ** Test |
| * [SENTRY-1134] - Add user defined udf test case |
| * [SENTRY-1296] - Flaky test: TestPrivilegeOperatePersistence.testGrantPrivilegeExternalComponentInvalidConf |
| * [SENTRY-1387] - Add HDFS sync tests for drop partition for external/implicit locations |
| * [SENTRY-1400] - [Flaky test] TestSentryWebServerWithSSL times out |
| * [SENTRY-1458] - Remove unused file from Kafka tests |
| * [SENTRY-1489] - Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc. |
| * [SENTRY-1497] - create a sentry scale test tool to add various objects and privileges into Sentry and HMS |
| * [SENTRY-1503] - Remove all sequence ID checks from TestSentryStore |
| * [SENTRY-1748] - Sentry HA: for testing purposes, allow the client to be configured to deterministically choose which Sentry server to use |
| * [SENTRY-1809] - Use Apache Curator in the Kafka tests |
| * [SENTRY-2052] - Reduce TestSentryStore time by setting transaction retries to 1 and other refactors |
| * [SENTRY-2054] - Unit tests must create temporary files under the Maven target directory |
| * [SENTRY-2057] - Set hadoop.tmp.dir to the maven build directory configured on java.io.tmpdir |
| * [SENTRY-2058] - CLONE - Set hadoop.tmp.dir to the maven build directory configured on java.io.tmpdir |
| |