blob: 28815335efd2c9662986692d3dd1e595960a3418 [file] [log] [blame]
Release Notes - Sentry - Version 2.0.0
** New Feature
* [SENTRY-872] - Uber jira for HMS HA + Sentry HA redesign
* [SENTRY-1446] - Upgrade httpmime (Sentry) to 4.3.6 or greater.
* [SENTRY-1475] - Integrate Sentry with Solr 7 authorization framework
* [SENTRY-1853] - Add the log level access mechanism
* [SENTRY-1881] - PrivilegeOperatePersistence throws wrong type of exceptions
* [SENTRY-2027] - Create mechanism of delivering commands via WebUI
** Improvement
* [SENTRY-198] - Create command line utility to display and mutate privileges on Sentry service
* [SENTRY-627] - Extend Sentry HA to work with Hive Metastore HA and HDFS
* [SENTRY-967] - Use the Maven Dependency Plugin to download artifacts for the Sqoop tests
* [SENTRY-1120] - Show role / privileges info in Sentry Service Webpage
* [SENTRY-1210] - Refactor the SentryShellSolr and SentryShellKafka
* [SENTRY-1404] - Use the new INodeAttributesProvider API in sentry-hdfs
* [SENTRY-1453] - Enable passing sentry client cache configs from kafka conf
* [SENTRY-1501] - SentryStore shouldn't synchronize openTransaction() and commitUpdateTransaction()
* [SENTRY-1507] - Sentry should use Datanucleus version of javax.jdo
* [SENTRY-1517] - SentryStore should actually use function getMSentryRole to get roles
* [SENTRY-1518] - Add metrics for SentryStore transactions
* [SENTRY-1525] - Provide script to run Sentry directly from the repo
* [SENTRY-1533] - Sentry console metrics reporting interval should be configurable
* [SENTRY-1556] - Simplify privilege cleaning
* [SENTRY-1557] - getRolesForGroups() does too many trips to the the DB
* [SENTRY-1577] - Support "create function using jar" for hive when Sentry is enabled
* [SENTRY-1581] - Provide Log4J metrics reporter
* [SENTRY-1582] - Comments to clarify the intent of string manipulation methods in SentryStore.java
* [SENTRY-1594] - TransactionBlock should become generic
* [SENTRY-1599] - CloseablePersistenceManager is no longer needed
* [SENTRY-1604] - Sentry JSON message factory: Need more information in alter partition event
* [SENTRY-1615] - SentryStore should not allocate empty objects that are immediately returned
* [SENTRY-1625] - PrivilegeOperatePersistence can use QueryParamBuilder
* [SENTRY-1633] - Disable mvn failIfNotTest flag
* [SENTRY-1636] - Remove thrift dependency on fb303
* [SENTRY-1639] - Refactor thrift clients configuration constants
* [SENTRY-1642] - Integrate Sentry build with Error Prone
* [SENTRY-1691] - TransactionManager should use try-with-resource for timers
* [SENTRY-1710] - Reduce datanucleus key cache size for MSentryPermChange and MSentryPathChange tables to avoid holes in change IDs
* [SENTRY-1730] - Remove FileInputStream/FileOutputStream
* [SENTRY-1742] - Upgrade to Maven surefire plugin v2.2
* [SENTRY-1744] - Simplify creation of DelegateSentryStore
* [SENTRY-1811] - Optimize data structures used in HDFS sync
* [SENTRY-1812] - Provide interactive Sentry CLI
* [SENTRY-1816] - Sentry client classes should be AutoCloseable
* [SENTRY-1820] - Add JSON file reporter for Sentry metrics
* [SENTRY-1822] - Allow multiple Sentry reporters.
* [SENTRY-1823] - Fix the sentryShell script to support other types
* [SENTRY-1827] - Minimize TPathsDump thrift message used in HDFS sync
* [SENTRY-1867] - DataNucleus.Query INFO level logging spams Sentry log files
* [SENTRY-1873] - Upgrade PMD plugin and fix related issues
* [SENTRY-1892] - Reduce memory consumption of HMSPath$Entry and TPathEntry
* [SENTRY-1896] - Optimize retrieving role names for groups
* [SENTRY-1903] - TransactionManager shows retried transactions starting from 0
* [SENTRY-1905] - How to contribute to documentation
* [SENTRY-1906] - Sentry clients to retry connections to server with delay to avoid failing fast
* [SENTRY-1907] - Potential memory optimization when handling big full snapshots.
* [SENTRY-1909] - Improvements for memory usage when full path snapshot is sent from Sentry to NN
* [SENTRY-1921] - Make SentryServiceFactory.create static and all calling instances use the static call
* [SENTRY-1932] - Improve logging for HMSPath
* [SENTRY-1937] - Optimize performance for listing sentry roles by group name
* [SENTRY-1938] - Sentry logs to provide more relevant information
* [SENTRY-1943] - Update Guava to 14.0
* [SENTRY-1958] - Bump to Hive version 2.0
* [SENTRY-1962] - Merge hive 2.0 authz1/authz2 profile dependencies
* [SENTRY-1963] - Sentry JSON reporter should use regular implementation for local file system
* [SENTRY-1966] - Improve logging of HMS sync data (paths and permissions) flowing from Sentry to NameNode
* [SENTRY-1968] - Remove sentry-binding-hive-hmsfollower-v2 module after Hive 2.0 version bump
* [SENTRY-1973] - Use KafkaPrivilegeModel to retrieve Kafka validators
* [SENTRY-1974] - Consolidate the Solr + Kafka PrivilegeValidators into a single GenericPrivilegeValidator
* [SENTRY-1975] - Add sqoop support to SentryShellGeneric
* [SENTRY-1979] - Consolidate code for converting Hive privilege objects to Strings
* [SENTRY-1981] - Bump codehale metrics version to latest 3.0.2 version
* [SENTRY-1988] - Bump slf4j version from 1.6.0 to 1.7.25 (latest version)
* [SENTRY-1989] - Bump Kafka version from 0.9 to 0.11
* [SENTRY-1992] - Improve parameter handling for SentryGenericProviderBackend
* [SENTRY-1996] - Rename Sqoop SentryAuthorizationHander
* [SENTRY-2009] - Upgrade Surefire plugin
* [SENTRY-2013] - Align the SentryGenericServiceClient and SentryPolicyServiceClient a bit more closely
* [SENTRY-2015] - Refactor Command implementations
* [SENTRY-2031] - Add trigger mechanism for Sentry to pull full path snapshot from HMS
* [SENTRY-2038] - Some ShellCommand improvements
* [SENTRY-2042] - Support file based Sentry provider for Solr plugin
* [SENTRY-2048] - Bump Hive version to 2.3.2
* [SENTRY-2062] - Support the new Hive 2.3.2 DbNotificationListener
* [SENTRY-2076] - Some test artifacts are not defined at test scope
** Sub-task
* [SENTRY-851] - UpdateForwarder does not have to implement Updateable
* [SENTRY-852] - Create PathUpdateForwarder and PermUpdateForwarder
* [SENTRY-1316] - Implement Sentry leadership election
* [SENTRY-1317] - Implement fencing required for active/standby
* [SENTRY-1321] - Implement HMSFollower in Sentry service which reads the NotificationLog entries
* [SENTRY-1324] - Add sentry specific test cases to use NotificationLog
* [SENTRY-1325] - Store HMSPaths in Sentry DB to allow fast failover
* [SENTRY-1329] - Adapt SentryMetaStorePostEventListener to write HMS notification logs
* [SENTRY-1330] - Notify Sentry about HMS new notifications if low delay is desired
* [SENTRY-1362] - add sentry ha e2e test back accommodating to the re-design
* [SENTRY-1365] - Upgrading SQL script for HMSPaths persistence
* [SENTRY-1371] - Rework fetching Hive Paths state
* [SENTRY-1388] - Make HiveConf and Hive client jars available to Sentry deamon
* [SENTRY-1389] - Handle updating HMSState for HDFS plugin in HMSFollower
* [SENTRY-1395] - Move the HDFS code which lives inside the sentry daemon into sentry-provider
* [SENTRY-1398] - Fix TestLeaderStatus#testRacingClients
* [SENTRY-1399] - Integrate Fencer with SentryStore
* [SENTRY-1403] - Move SentryHDFSServiceClient code from hdfs-common into hdfs-service
* [SENTRY-1411] - The sentry client should retry RPCs if it gets a SentryStandbyException (SentryPolicyServiceClient - pool version)
* [SENTRY-1413] - Changes to get the Fencer working with Oracle and MySQL
* [SENTRY-1414] - Evict datanucleus second-level cache during activation
* [SENTRY-1415] - [Test hook] Provide a hook to stop the active sentry sevice
* [SENTRY-1422] - JDO deadlocks while processing grant while a background thread processes Notificationlogs
* [SENTRY-1423] - Sentry HA Test: programmatic failover in a mini cluster env; also add some test data.
* [SENTRY-1425] - May want to disallow reads on Sentry passive
* [SENTRY-1426] - Do not start up HMSFollower if hive is not using Sentry
* [SENTRY-1427] - Test TGT renewals in HMSFollower
* [SENTRY-1428] - Only leader should follow HMS updates
* [SENTRY-1430] - Test Sentry HA Tasks
* [SENTRY-1433] - GenericServiceClient should support connection pools
* [SENTRY-1437] - Sentry should not serve requests until the full update processing is finished
* [SENTRY-1440] - Fencing implementation in sentry-ha can create two fencing tables
* [SENTRY-1441] - Error during fencing table rename can disable master
* [SENTRY-1448] - Store processed notification sequence ID in database
* [SENTRY-1449] - Rebase sentry-ha-redesign branch on master
* [SENTRY-1463] - Ensure HMS point-in-time snapshot consistency
* [SENTRY-1477] - Sentry clients should retry with another server when they get connection errors
* [SENTRY-1478] - Disable fencing in Sentry store for Active/Active
* [SENTRY-1483] - HMS plugin should wait until Sentry handles the update before continuing.
* [SENTRY-1487] - Renaming SQL script for HMSPaths persistence
* [SENTRY-1499] - Add feature flag for using NotifcationLog
* [SENTRY-1510] - Add option to use non pool model for sentry client
* [SENTRY-1511] - HDFS Sync change for handling persisted Sentry delta or full updates
* [SENTRY-1522] - Port SENTRY-1505 to sentry-ha_redesign branch
* [SENTRY-1529] - HMS Follower thread should terminate when Sentry receives ^C
* [SENTRY-1535] - HMS Follower should update HDFS plugin paths
* [SENTRY-1536] - Refactor SentryStore transaction management to allow for extra TransanctionBlocks for a single permission update
* [SENTRY-1538] - Create schema for storing HMS path change and Sentry permission change.
* [SENTRY-1539] - HMS Follower should store arriving HMS notifications
* [SENTRY-1553] - Port SENTRY1517 to sentry-ha-redesign branch
* [SENTRY-1554] - Port SENTRY-1518 to sentry-ha-redesign
* [SENTRY-1559] - Remove fencing support
* [SENTRY-1560] - Add feature flag to allow stand-alone configuration without ZK
* [SENTRY-1566] - Make full Perm/Path snapshot available for NN plugin
* [SENTRY-1567] - Refactor propagating logic for Perm/Path delta to NN plugin
* [SENTRY-1569] - Upgrading SQL scripts for persist Perm/Path change
* [SENTRY-1575] - Backport SENTRY-1404 to Sentry-ha-redesign branch
* [SENTRY-1578] - Suport secure ZK configuration for leader election
* [SENTRY-1580] - Provide pooled client connection model with HA
* [SENTRY-1583] - Refactor ZK/Curator code
* [SENTRY-1587] - Refactor SentryStore transaction to persist a single path transcation bundled with corresponding delta path change
* [SENTRY-1592] - Implement NN client failover for Sentry HA
* [SENTRY-1593] - Implement client failover for Generic and NN clients
* [SENTRY-1595] - Backport SENTRY-1577 to sentry-ha-redesign
* [SENTRY-1596] - Hive tests failing for sentry-ha-redesign branch
* [SENTRY-1598] - Port SENTRY-1507 to sentry-ha-redesign
* [SENTRY-1600] - Define Thrift API for HMS to Sentry notification barrier
* [SENTRY-1601] - Implement HMS Notification barrier on the server side
* [SENTRY-1606] - Sentry HDFS Sync should survive in presence of bad paths objects
* [SENTRY-1607] - Backport SENTRY-1134 to sentry-ha-redesign
* [SENTRY-1608] - Converting Sentry to a stateless service
* [SENTRY-1611] - Purge MSentryPerm/PathChange tables
* [SENTRY-1612] - HMSFollower should persist full HMS snapshot into SentryDB if there is not one.
* [SENTRY-1613] - Add propagating logic for Perm/Path updates in Sentry service
* [SENTRY-1617] - Fetch Hive Paths point-in-time full snapshot during Sentry startup
* [SENTRY-1619] - Fix the secure HMS connection code in HMSFollower
* [SENTRY-1620] - Incorrect usage of AuthzConfVars.AUTHZ_SERVER_NAME may cause HS2 HA not work
* [SENTRY-1621] - HMSFollower to retry connecting to HMS upon connection loss
* [SENTRY-1622] - Backport SENTRY-1615 to sentry-ha-redesign branch
* [SENTRY-1623] - Typo for notification log feature flag
* [SENTRY-1628] - In HMSFollower failing of catching error causes the executor to halt
* [SENTRY-1629] - Current MAuthzPathsMapping table definition may cause error 'Duplicate entry XX for key PRIMARY'
* [SENTRY-1630] - out of sequence error in HMSFollower
* [SENTRY-1632] - Make HMSFollower initialDelay and run period configurable
* [SENTRY-1634] - HMSFollower should not check isLoadMetastoreConfig when trying to connect to HMS
* [SENTRY-1635] - Limit HMS connections only to the leader of the sentry servers
* [SENTRY-1637] - Periodically purge Delta change tables.
* [SENTRY-1638] - Update SQL script of MSentryPathChange table to add a column for notification ID
* [SENTRY-1641] - Cleanup creation of SentryStore and HMSFollower
* [SENTRY-1643] - AutoIncrement ChangeID of MSentryPermChange/MSentryPathChange may be error-prone
* [SENTRY-1645] - Port SENTRY-1642 to sentry-ha-redesign
* [SENTRY-1649] - Initialize HMSFollower when sentry server actually starts
* [SENTRY-1650] - Port SENTRY-1360 to sentry-ha-redesign
* [SENTRY-1652] - Port SENTRY-1464 to sentry-ha-redesign
* [SENTRY-1655] - Port SENTRY-1471 to sentry-ha-redesign
* [SENTRY-1656] - Port Sentry-1459 to sentry-ha-redesign
* [SENTRY-1666] - TestHDFSIntegrationAdvanced timeouts on sentry-ha-redesign branch
* [SENTRY-1669] - HMSFollower should read current processed notification ID from database every time it runs
* [SENTRY-1670] - Expose current HMS notification ID as a Sentry gauge (metric)
* [SENTRY-1671] - Provide HMSFollower healthcheck (metric)
* [SENTRY-1672] - Expose HMS data via Sentry web UI
* [SENTRY-1673] - Improve error reporting from FullUpdateInitializer
* [SENTRY-1674] - HMSFollower shouldn't print the same value of notification ID multiple times
* [SENTRY-1675] - sentry-hdfs-dist should include sentry-core-common after refactor SentryHDFSServiceClientDefaultImpl
* [SENTRY-1676] - FullUpdateInitializer#createInitialUpdate should not throw RuntimeException
* [SENTRY-1677] - Add metrics to measure how much time to get Delta Path/Perm Updates
* [SENTRY-1680] - MetastoreCacheInitializer is lo longer used and should be removed
* [SENTRY-1682] - Investigate use of EXPORT for replication for initial HMS snapshot
* [SENTRY-1684] - FullUpdateInitializer has a race condition in handling results list
* [SENTRY-1685] - Port SENTRY-1489 to sentry-ha-redesign branch
* [SENTRY-1686] - Port SENTRY-1548 to sentry-ha-redesign branch
* [SENTRY-1687] - FullUpdateInitializer can be more efficient
* [SENTRY-1690] - sql changed needed for AUTHZ_PATH table
* [SENTRY-1693] - HMSFollower should handle adding a view with empty path.
* [SENTRY-1695] - Waiting for HMS notifications from Thrift should be interruptible
* [SENTRY-1696] - Expose time spent creating the initial snapshot as a metric
* [SENTRY-1697] - Deprecate feature flag for enabling notification log
* [SENTRY-1698] - PathsUpdate.parsePath() calls FileSystem.getDefaultUri() way too often
* [SENTRY-1700] - FullUpdateInitializer should not use preconditions to verify HMS data
* [SENTRY-1701] - Improve retry handling for FullUpdateInitializer
* [SENTRY-1705] - Do not start HMSFollower if Hive isn't configured
* [SENTRY-1709] - Avoid randomizing the servers at client side based on configuration.
* [SENTRY-1711] - HMSFollower shouldn't call processNotificationEvents() unless there are events
* [SENTRY-1713] - Enable TestHDFSIntegrationEnd2End.testEnd2End
* [SENTRY-1715] - Disable HMSFollower when HMS integration is not enabled
* [SENTRY-1716] - HMSFollower doesn't need to save path info when HDFS sync is disabled
* [SENTRY-1717] - Sentry should emit log messages when it is ready to serve requests.
* [SENTRY-1718] - TestSentryStore often fails in setup()
* [SENTRY-1719] - Implement alternative HMS/Sentry synchronization
* [SENTRY-1721] - Unit test failures in TestSentryStore due to changeId miscount
* [SENTRY-1722] - Create HMSFollower when SentryService.Start() is called
* [SENTRY-1723] - HDFS e2e tests should wait for HMSFollower to start
* [SENTRY-1724] - Remove old PoolClientInvocationHandler
* [SENTRY-1725] - Include response status in TSentrySyncIDResponse
* [SENTRY-1726] - sql changes to store last notification-id processed
* [SENTRY-1729] - Test secure ZK connections
* [SENTRY-1732] - Test concurrent roles/groups/privs operations
* [SENTRY-1733] - Add log message for key store file path
* [SENTRY-1734] - Create/Alter/Drop database/table should check corresponding property before drop privileges
* [SENTRY-1735] - Sentry Clients should not log every connection request
* [SENTRY-1736] - Generic service client should support Kerberos
* [SENTRY-1737] - SentryTransportFactory may use incorrect kerberos principal
* [SENTRY-1738] - Inefficient connection management by retrying invocation handler
* [SENTRY-1741] - HMSFollower doesn't handle INSERT operation
* [SENTRY-1747] - HMSFollower shouldn't create local hive during tests
* [SENTRY-1750] - HMSFollower does not handle view update correctly
* [SENTRY-1751] - HMSFollower should not persist empty full snapshot
* [SENTRY-1752] - HMSFollower gets stuck once it fails to process a notification event
* [SENTRY-1755] - Add HMSFollower per-operation metrics
* [SENTRY-1756] - Passive nodes should still follow latest notification ID
* [SENTRY-1757] - Avoid using local hive meta store with wrong configuration
* [SENTRY-1758] - Improve Sentry memory usage by interning object names
* [SENTRY-1760] - HMSFollower should detect when a full snapshot from HMS is required
* [SENTRY-1762] - notification id's in SENTRY_HMS_NOTIFICATION_ID should be purged periodically
* [SENTRY-1763] - Fix the config string for server load balancing
* [SENTRY-1764] - HMSFollower should check for leader status after each event processed
* [SENTRY-1765] - CounterWait.update should be less strict
* [SENTRY-1766] - Generic model clients using kerberos can no longer connect to Sentry server
* [SENTRY-1767] - Multiple followers should not create full snapshot
* [SENTRY-1768] - Avoid detaching object on transaction exit when it isn't needed
* [SENTRY-1769] - Refactor HMSFollower Class
* [SENTRY-1770] - Avoid more detaches on commit
* [SENTRY-1771] - HDFS client concurrently requests full permission update multiple times
* [SENTRY-1772] - Permissions created before table creation are not reflected in HDFS ACLs
* [SENTRY-1773] - Delta change cleaner should leave way more then a single entry intact
* [SENTRY-1774] - HMSFollower should always depend on persisted information to decide is full snapshot is needed
* [SENTRY-1776] - SentryStore should clear SENTRY_HMS_NOTIFICATION_ID while clearing store
* [SENTRY-1777] - Generic clients are not able to connect to sentry server with kerberos enabled.
* [SENTRY-1780] - FullUpdateInitializer does not kill the threads whenever getFullHMSSnapshot throws an exception
* [SENTRY-1781] - Persist new HMS snapshots with a new generation ID.
* [SENTRY-1782] - Add an HMS image ID to the thrift schema definition for hdfs/sentry requests
* [SENTRY-1784] - DBUpdateForwarder returns empty update list to HDFS instead of full update
* [SENTRY-1791] - Sentry Clients failover not working with kerberos enabled
* [SENTRY-1792] - Ensure DB to sort delta changes by CHANGE_ID
* [SENTRY-1793] - Reenable ignored unit tests from TestHDFSIntegrationEnd2End
* [SENTRY-1794] - HMSFollower not persisting last processed notifications when partition is altered
* [SENTRY-1795] - Delta tables should not have holes
* [SENTRY-1796] - Add better debug logging for retrieving the delta changes
* [SENTRY-1798] - Provide names for HMSFollower and cleaner threads
* [SENTRY-1799] - Fix flaky HDFS END2END tests
* [SENTRY-1800] - Flaky testConcurrentUpdateChanges test
* [SENTRY-1803] - HMSFollower should handle the case of multiple notifications with the same ID
* [SENTRY-1804] - Sentry server can be more efficient in handling full snapshot from HMS
* [SENTRY-1805] - Define a DB schema for HMS generation IDs
* [SENTRY-1806] - Improve memory handling for HDFS sync
* [SENTRY-1807] - NotificationProcessor may put the wrong path in the update
* [SENTRY-1814] - Provide unit test for LeaderStatusMonitor
* [SENTRY-1815] - Send new HMS snapshots to HDFS requesting an old generation ID
* [SENTRY-1817] - Deprecate SENTRY_HA_ENABLED and all tests that use it
* [SENTRY-1818] - HMSFollower should be a singleton
* [SENTRY-1821] - Transactions could fail to commit to the database under load
* [SENTRY-1824] - SentryStore may serialize transactions that rely on unique key
* [SENTRY-1825] - Dropping a Hive database/table doesn't cleanup the permissions associated with it
* [SENTRY-1828] - Rename version in sentry-ha-redesign branch to 2.0.0-SNAPSHOT
* [SENTRY-1830] - Create new release version 2.0.0 on JIRA
* [SENTRY-1832] - Sentry e2e tests should enable SentrySyncHMSNotificationsPostEventListener
* [SENTRY-1833] - Expose current set of IDs as Sentry metrics
* [SENTRY-1834] - Fix build failures when hive-authz2 profile is enabled.
* [SENTRY-1839] - Fork files from sentry-binding-hive-common package to sentry-binding-hive and sentry-binding-hive-v2 packages
* [SENTRY-1843] - Fork sentry-binding-hive-follower package to support Hive 2.x
* [SENTRY-1847] - Integrate sentry with Hive 2.0.0
* [SENTRY-1848] - Separate legacy sentry configs from sentry ha configs for api compatibility
* [SENTRY-1849] - Fix the pom file to use appropriate hive dependencies based on hive-authz profile
* [SENTRY-1851] - Revert HMSFollower refactoring change
* [SENTRY-1854] - HMSFollower should handle notifications even if HDFS sync is disabled.
* [SENTRY-1856] - Persisting HMS snapshot and the notification-id to database in same transaction
* [SENTRY-1860] - Update CHANGELOG on master to reflect 1.8.0 changes
* [SENTRY-1869] - Try to use pool with idle connections first
* [SENTRY-1879] - Sentry e2e tests are trying to test without notification log
* [SENTRY-1880] - Fake subtask to deal with jenkins issues
* [SENTRY-1895] - Sentry should handle the case of multiple notifications with the same ID
* [SENTRY-1978] - Move the hive-authz2 grant/revoke implementation into the sentry-binding-hive module
* [SENTRY-1980] - Move the hive-authz2 HMS client filtering implementation into the sentry-binding-hive module
* [SENTRY-1998] - Create release version 2.1.0 in Jira
* [SENTRY-1999] - Sanitize issues that are outstanding for 2.0.0 release
* [SENTRY-2000] - Cut 2.0.0 branch
* [SENTRY-2001] - Update POM with new version
* [SENTRY-2002] - Update CHANGELOG on master to reflect 2.0.0 changes
* [SENTRY-2003] - Create tag Release-2.0.0
* [SENTRY-2004] - Create Release-2.0.0
* [SENTRY-2005] - Run vote on Release-2.0.0
* [SENTRY-2006] - Release artifacts for 2.0.0
* [SENTRY-2007] - Finish Release-2.0.0
* [SENTRY-2055] - update the pom file on master with the new version.
* [SENTRY-2061] - Prepare release notes for 2.0.0 release
** Bug
* [SENTRY-1231] - Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"
* [SENTRY-1260] - Improve error handling - ArrayIndexOutOfBoundsException in PathsUpdate.parsePath can cause MetastoreCacheInitializer intialization to fail
* [SENTRY-1270] - Improve error handling - Database with malformed URI causes NPE in HMS plugin during DDL
* [SENTRY-1313] - Database prefix is not honoured when executing grant statement
* [SENTRY-1331] - Add a kerberos end to end test case to access isActive and isHa metrics.
* [SENTRY-1336] - Fix PMD violation in testSentryServiceGauges
* [SENTRY-1378] - Login fails for a secure Sentry Web UI
* [SENTRY-1397] - Add Notification log tests for Hive commands which do not change obj- location
* [SENTRY-1416] - kafka-sentry tool's service name's default is different from KafkaSentryAuthorizer's default service name
* [SENTRY-1476] - SentryStore is subject to JDQL injection
* [SENTRY-1491] - Sentry transactions are not rolled back immediately when commit fails
* [SENTRY-1498] - Move SentryAdminServlet from sentry-service to sentry-provider
* [SENTRY-1509] - Disable solr unit tests from e2e runs.are becoming flaky
* [SENTRY-1514] - Massive Solr Unit Test Failures found, disable them for now.
* [SENTRY-1515] - Cleanup exception handling in SentryStore
* [SENTRY-1524] - sentry-dist is missing dependency on sentry-hdfs-dist
* [SENTRY-1526] - Sentry processed stays alive after being killed
* [SENTRY-1532] - Sentry Web UI isn't working
* [SENTRY-1534] - Oracle supports serializable instead of repeatable-read
* [SENTRY-1546] - Generic Policy provides bad error messages for Sentry exceptions
* [SENTRY-1548] - Setting GrantOption to UNSET upsets Sentry
* [SENTRY-1574] - SentryMetastorePostEventListener class is not used by anything
* [SENTRY-1586] - [unit test] Race condition between metastore server/client could cause connection refused errors
* [SENTRY-1602] - Code cleanup for Sentry JSON message factory for hive notifications
* [SENTRY-1609] - DelegateSentryStore is subject to JDQL injection
* [SENTRY-1624] - DefaultSentryValidator doesn't correctly construct SentryOnFailureHookContextImpl
* [SENTRY-1640] - Implement HMS Notification barrier on the HMS plugin side
* [SENTRY-1644] - Partition ACLs disappear after renaming Hive table with partitions
* [SENTRY-1646] - Unable to truncate table <database>.<tablename>; from "default" databases
* [SENTRY-1658] - Null pointer dereference in SentryShellHive
* [SENTRY-1661] - SentryStore has a couple of public static fields that are not final
* [SENTRY-1663] - UpdateableAuthzPermissions has mutable static fields
* [SENTRY-1665] - cross-site scripting vulnerability in ConfServlet
* [SENTRY-1667] - Switching to Jetty v9 library
* [SENTRY-1681] - SentryHdfsServiceException is an unchecked exception
* [SENTRY-1689] - sql changed needed for MAuthzPathsMapping
* [SENTRY-1692] - ZK namespace configuration doesn't work
* [SENTRY-1699] - MetastoreCacheInitializer shouldn't use Preconditions for HMS data
* [SENTRY-1712] - Add trigger mechanism for Sentry to push full path snapshot to Name Node
* [SENTRY-1727] - HMSPathsDumper.cloneToEntry should set authzObjToEntries properly
* [SENTRY-1739] - Sentry Kafka tests do not stop periodic update after the test end
* [SENTRY-1745] - Bundle sentry-core-common into sentry-hdfs-dist to avoid NN failing with NoClassDefFoundError
* [SENTRY-1749] - HMSFollower uses incorrect keytab for HMS connection
* [SENTRY-1759] - UpdatableCache leaks connections
* [SENTRY-1783] - alterSentryRoleGrantPrivilegeCore does more persistence work than required
* [SENTRY-1785] - Fix TestKrbConnectionTimeout test
* [SENTRY-1788] - Sentry Store may use JDO object after the associated data is removed in DB
* [SENTRY-1790] - NoClassDefFoundError: org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl
* [SENTRY-1801] - Sentry Namenode Plugin should handle unknown permissions
* [SENTRY-1831] - The MetastorePlugin SyncTask is leaking connection threads when read timed out issues are thrown
* [SENTRY-1850] - Duplicate dependency in the sentry-binding-hive pom
* [SENTRY-1852] - Refactor HMSFollower without renaming file
* [SENTRY-1868] - SentryStore should set loadResultsAtCommit to false when query result isn't needed
* [SENTRY-1874] - Do not require quiet HMS when taking initial HMS snapshot
* [SENTRY-1886] - Add 1.8.0 -> 2.0.0 upgrade SQL scripts
* [SENTRY-1888] - Sentry might not fetch all HMS duplicated events IDs when requested
* [SENTRY-1889] - HMSFollower should log better detailed error message if it cannot connect to HMS
* [SENTRY-1890] - HMSFollower keep getting full snapshot when HDFS is disabled
* [SENTRY-1897] - Rename sentry property to provide the list of sentry servers
* [SENTRY-1898] - Sentry no longer supports creating more than ~15 partitions at once
* [SENTRY-1901] - sentry-tests-sqoop is pulling hardcoded snapshot version that doesnt exist anymore
* [SENTRY-1902] - TestSentryStore causes ID conflicts on MSentryPermChange
* [SENTRY-1913] - Incorrect constraints on AUTHZ_PATHS_MAPPING.AUTHZ_OBJ_NAME
* [SENTRY-1915] - Sentry is doing a lot of work to convert list of paths to HMSPaths structure
* [SENTRY-1916] - Sentry should not store paths outside of the prefix
* [SENTRY-1918] - NN snapshot should not be served while HMS snapshot is collected
* [SENTRY-1919] - Sentry should prevent two snapshots from being sent to HDFS
* [SENTRY-1927] - PathImageRetriever should minimize size of the serialized message when creating path dumps
* [SENTRY-1928] - HMSFollower should close HMS connections when an error to HMS occurs
* [SENTRY-1929] - When full HMS snapshot is created all higher notifications should be purged
* [SENTRY-1931] - NameNode only gets full snapshot once
* [SENTRY-1933] - hive-authz2 build fails because SentryJSONAlterPartitionMessage is not compatible
* [SENTRY-1934] - SQL Index name is too long for Oracle 11.2
* [SENTRY-1939] - Resetting the CounterWait during full snapshot has to be handled across all sentry servers
* [SENTRY-1940] - Sentry should time out threads waiting for notifications
* [SENTRY-1941] - Add log4j2.properties file to sentry-hive-tests-v2
* [SENTRY-1942] - Bump BoneCP version from 0.7.1 to 0.8.0
* [SENTRY-1946] - getPathsUpdatesFrom() got its boolean logic inversed which results in sending two snapshots at the same time
* [SENTRY-1952] - SentrySyncHMSNotificationsPostEventListener should be public
* [SENTRY-1982] - Release sentry 2.0.0 upstream
* [SENTRY-1983] - Several commit/rollback errors happen in oracle12c-r1 due to current isolation level
* [SENTRY-1984] - Decrease number of max idle connections for Sentry clients
* [SENTRY-1985] - Sentry should log in stdout when it is ready to serve requests
* [SENTRY-1987] - Remove pom code related to non-existing TestSentryAuthorizationProvider class
* [SENTRY-1990] - Use same hadoop.version to hadoop-aws dependencies
* [SENTRY-1993] - StringIndexOutOfBoundsException in HMSPathsDumper.java
* [SENTRY-1994] - Bump Shiro dependency version to 1.4.0
* [SENTRY-1995] - Bump Derby dependency version to 10.13.1.1
* [SENTRY-1997] - Bump sqoop dependency version to 1.99.7
* [SENTRY-2010] - Oracle does not allow creating more than one index on the same column
* [SENTRY-2011] - Oracle does not allow creating more than one index on the same column
* [SENTRY-2014] - Incorrect handling of HDFS paths with multiple slashes
* [SENTRY-2017] - Fix Sentry e2e tests to use SentryMetastorePostEventListenerNotificationLog
* [SENTRY-2018] - Remove SentryMetastorePostEventListener and SentryMetastorePostEventListenerBase classes
* [SENTRY-2020] - Fix testConsumeCycleWithInsufficientPrivileges test failure in kafka e2e tests.
* [SENTRY-2021] - MR session ACLs in Hive binding does not handle all types of ACLs
* [SENTRY-2022] - Alter View Rename and Alter View As commands not being tested for authorization
* [SENTRY-2024] - Drop Index that includes AUTHZ_OBJ_NAME
* [SENTRY-2026] - Bump Hadoop version from 2.7.2 to 2.7.4
* [SENTRY-2028] - Avoid datanucleus to create/update database schema
* [SENTRY-2029] - Unit test fails consistently for org.apache.sentry.tests.e2e.dbprovider.TestDbPrivilegeCleanupOnDrop
* [SENTRY-2032] - Leading Slashes need to removed when creating HMS path entries
* [SENTRY-2033] - Fix TestDbPrivilegeCleanupOnDrop to use SentryMetastorePostEventListenerNotificationLog
* [SENTRY-2035] - Metrics should move to destination atomically
* [SENTRY-2036] - sentry_sync_notifications() should set ID when it returns errors
* [SENTRY-2037] - Remove not needed sentry-binding-hive-v2 dependency from the main pom.xml
* [SENTRY-2039] - KeyValue is case sensitive and it causes incompatibility issues with external components
* [SENTRY-2041] - Change Index name in Package.jdo to match index name in SQL
* [SENTRY-2046] - Create a full snapshot if AUTHZ_PATHS_SNAPSHOT_ID is empty, even if HMS and Sentry Notifications are in sync
* [SENTRY-2047] - isTableEmptyCore method in SentryStore has references to MAuthzPathsMapping when it should be generic
* [SENTRY-2066] - DB name is not set for AlterTable
* [SENTRY-2068] - Disable HTTP TRACE method from the Sentry Web Server
* [SENTRY-2072] - log4j2 dependencies brought by Hive 2 are causing conflicts with Sentry log4j
* [SENTRY-2073] - Remove snapshot from version 2.0.0-SNAPSHOT in SentryService.html
* [SENTRY-2079] - Sentry HA leader monitor does not work due to a mix of curator versions in the classpath
* [SENTRY-2081] - Automate the generation LICENSE.txt based on distributed jars
* [SENTRY-2082] - Exclude javax.servlet-3.0.0.v201112011016.jar from Sentry dist
* [SENTRY-2084] - Exclude javax.jms:jms from sentry distribution
* [SENTRY-2086] - Sentry distribution source does not build due to missing modules
** Task
* [SENTRY-1480] - A upgrade tool to migrate Solr/Sentry permissions
* [SENTRY-1520] - Provide mechanism for triggering HMS full snapshot
* [SENTRY-1838] - Support Hive 2.1.1 for sentry 2.0
* [SENTRY-1859] - Prepare master for next release (2.0.0)
* [SENTRY-1893] - Bump the minimum java version to 8
* [SENTRY-1899] - Remove support for HIVE 1.x
* [SENTRY-1970] - Configure PreCommit-SENTRY-Build to build and test against JDK8
** Test
* [SENTRY-1134] - Add user defined udf test case
* [SENTRY-1296] - Flaky test: TestPrivilegeOperatePersistence.testGrantPrivilegeExternalComponentInvalidConf
* [SENTRY-1387] - Add HDFS sync tests for drop partition for external/implicit locations
* [SENTRY-1400] - [Flaky test] TestSentryWebServerWithSSL times out
* [SENTRY-1458] - Remove unused file from Kafka tests
* [SENTRY-1489] - Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.
* [SENTRY-1497] - create a sentry scale test tool to add various objects and privileges into Sentry and HMS
* [SENTRY-1503] - Remove all sequence ID checks from TestSentryStore
* [SENTRY-1748] - Sentry HA: for testing purposes, allow the client to be configured to deterministically choose which Sentry server to use
* [SENTRY-1809] - Use Apache Curator in the Kafka tests
* [SENTRY-2052] - Reduce TestSentryStore time by setting transaction retries to 1 and other refactors
* [SENTRY-2054] - Unit tests must create temporary files under the Maven target directory
* [SENTRY-2057] - Set hadoop.tmp.dir to the maven build directory configured on java.io.tmpdir
* [SENTRY-2058] - CLONE - Set hadoop.tmp.dir to the maven build directory configured on java.io.tmpdir