CHANGELOG.txt - sentry - Git at Google


 Release Notes - Sentry - Version 1.6.0

 ** Sub-task
     * [SENTRY-537] - Refactor AbstractTestWithHiveServer to cut down some test cases runtime
     * [SENTRY-600] - Extend SentryClient by SentryClientInvocationHandler
     * [SENTRY-601] - Create connection pool factory
     * [SENTRY-621] - Add new thrift interface for import/export in sentry
     * [SENTRY-622] - Update SentryService for import/export feature
     * [SENTRY-623] - Create processor to deal with the file format for import/export feature
     * [SENTRY-631] - Run full tests locally: mvn verify to see if it can pass nowadays
     * [SENTRY-644] - Sentry Sqoop binding framework for role-based authorization
     * [SENTRY-645] - Add sqoop authorizable model for sentry authorization
     * [SENTRY-646] - Add Sqoop policy engine  for sentry authorization
     * [SENTRY-656] - Update SentryStore for import/export feature
     * [SENTRY-657] - Update SentryConfigTool for import/export feature
     * [SENTRY-661] - Ensure Sqoop Sentry authorizaiton works with sentry service
     * [SENTRY-681] - Update the versions on trunk after branching
     * [SENTRY-697] - Test parallel cache loading with large metastore
     * [SENTRY-828] - Cleanup the unnecessary ProviderBackend
     * [SENTRY-863] - Create release branch for 1.6.0
     * [SENTRY-864] - Update the version to 1.7.0-incubating-SNAPSHOT on trunk after branch-1.6.0 created
     * [SENTRY-865] - Update changelog.txt, notice.txt, etc... for 1.5.0 release
     * [SENTRY-866] - Update sentry website after 1.6.0 release
     * [SENTRY-867] - Remove SNAPSHOT tag of branch-1.6.0
     * [SENTRY-868] - Create rc for 1.6.0

 ** Bug
     * [SENTRY-227] - Fix for "Unsupported entity type DUMMYPARTITION"
     * [SENTRY-296] - Sentry Service Client does not allow for connection pooling
     * [SENTRY-453] - Hadoop and hive tars are downloaded even if download-hadoop profile not used.
     * [SENTRY-467] - Fix minor failures in cluster-hadoop profile
     * [SENTRY-508] - Improve runtime of 'Sentry Hive Tests' (currently it is >30m)
     * [SENTRY-546] - Permissions on external tables does not always translate to HDFS acls
     * [SENTRY-596] - The jar files of sentry binary and source code should publish to maven central
     * [SENTRY-605] - For locations using HDFS synchronization, users should not be allowed access to HDFS files if column-level restrictions are present
     * [SENTRY-611] - The SecureCoreAdminHandler.getCollectionFromCoreName will throw null-point exception when Solr running in non-solrCloud mode.
     * [SENTRY-670] - Fix the Sentry build to remove snapshot and non apache dependencies
     * [SENTRY-676] - Address Sentry HA issues in secure cluster
     * [SENTRY-678] - Sentry-Solr Binding may not load group mapping service correctly
     * [SENTRY-683] - HDFS service client should ensure the kerberos ticket validity before new service connection
     * [SENTRY-687] - Handle authorization for 'select <expr>' hive queries
     * [SENTRY-698] - Uncaught OutOfMemoryError
     * [SENTRY-699] - Memory leak when running Sentry w/ HiveServer2
     * [SENTRY-702] - Hive binding should support RELOAD command
     * [SENTRY-703] - Calls to add_partition fail when passed a Partition object with a null location
     * [SENTRY-714] - Support TCompactProtocol for Sentry RPC
     * [SENTRY-717] - Fix the UDF whitelist format for functions row_number and unbase64
     * [SENTRY-721] - HDFS Cascading permissions not applied to child file ACLs if a direct grant exists
     * [SENTRY-736] - Add a new constructor to HadoopGroupMappingService
     * [SENTRY-739] - when user doesn't have admin privileges, show grant throw exception, better improve error message
     * [SENTRY-744] - DB provider client should support grantServerPrivilege() method without action for backward compatibility
     * [SENTRY-746] - After revoke select from view, select fails with a confusing error message
     * [SENTRY-750] - Use the Sqoop Server principal as the requester when removing the Sqoop resource
     * [SENTRY-752] - Sentry service audit log file name format should be consistent
     * [SENTRY-763] - Remove multiple .gitignore files
     * [SENTRY-766] - Fixed the broken builds link on the sentry site web page
     * [SENTRY-770] - When use sentry to configuration hive,to ensure safety of data access.The functions(row_number and unbase64) can't be used.The Problem caused by a sentry bug. I have already found a way to solve the problem,except to modify the sentry source code.
     * [SENTRY-777] - SentryServiceIntegrationBase#after() should be run under client subject
     * [SENTRY-780] - HDFS Plugin should not execute path callbacks for views
     * [SENTRY-788] - Fix mysql and postgres scripts of generalized model
     * [SENTRY-789] - Jenkins should support test branch with special character
     * [SENTRY-790] - Remove MetaStoreClient interface
     * [SENTRY-791] - java.lang.AbstractMethodError when using HDFS sync
     * [SENTRY-792] - Throw underlying exception if SentryService start fails
     * [SENTRY-794] - TestHDFSIntegrationWithHA#testEnd2End fails
     * [SENTRY-796] - Fix log levels in SentryAuthorizationInfo
     * [SENTRY-797] - TestHDFSIntegration#testEndToEnd is flaky
     * [SENTRY-799] - Fix sentry unit test error: TestDbEndToEnd.testBasic: Table t1 already exists
     * [SENTRY-800] - Oracle: first run A1.Scope invalid identifier
     * [SENTRY-801] - Update README: Does not compile with JDK8
     * [SENTRY-802] - SentryService: Log error if you processor cannot be registered.
     * [SENTRY-803] - TestLinkEndToEnd.testUpdateDtestUpdateDeleteLinkeleteLink test failure: SentryAlreadyExistsException: Role: role4
     * [SENTRY-805] - Reclassify CoreAdminHandler Actions
     * [SENTRY-806] - Fix unit test failure: TestMetastoreEndToEnd.testPartionInsert, java.lang.RuntimeException: Cannot make directory: hdfs://localhost:60362/tmp/hive-jenkins/hive_2015-07-09_21-50-34_878_9035087593722312500-1
     * [SENTRY-808] - Change default protocol version to V2
     * [SENTRY-810] - CTAS without location is not verified properly
     * [SENTRY-819] - select on all columns is not same as select on table
     * [SENTRY-822] - OutOfMemory in hive e2e test
     * [SENTRY-823] - Clean up roles properly in TestHDFSIntegration
     * [SENTRY-825] - SecureAdminHandler no longer pulls collection name for create correctly
     * [SENTRY-827] - Server Scope always grants ALL
     * [SENTRY-829] - Fix all sentry hive test failure in TestDbCrossDbOps class: create database/table, grant select on table to role, but drop database then recreate it, privileges are removed.
     * [SENTRY-830] - Enable setMetastoreListener in the tests so that we can debug flaky test failures from local testing enviroment
     * [SENTRY-834] - Fix hive e2e real cluster failures in TestDbConnections, TestDbExportImportPrivileges, TestDbJDBCInterface
     * [SENTRY-836] - Refactor test TestDatabaseProvider.java: make each test case independent from other tests, not assume any external states/data
     * [SENTRY-839] - posexplode() missing from HIVE_UDF_WHITE_LIST
     * [SENTRY-841] - Revoke on SERVER scope breaks Client API, allows any string to be passed in
     * [SENTRY-842] - Fix typos in pom.xml
     * [SENTRY-847] - [column level privilege] if grant column level privilege to user, show columns in table shouldn't require extra table level privilege
     * [SENTRY-850] - Fix dbprovider test failures when run on a real cluster or setMetastoreListener = true, when db/tab gets recreated their associated privileges will be deleted.
     * [SENTRY-856] - [unit test] Sentry unit tests failures when it run at new Jenkins nodes
     * [SENTRY-860] - Fix intermittent test failure for TestPrivilegesAtFunctionScope.testFuncPrivileges1

 ** Improvement
     * [SENTRY-530] - Add thrift protocol version check
     * [SENTRY-590] - Client factory for generic authorization model
     * [SENTRY-626] - Test case improvement
     * [SENTRY-647] - Add e2e tests for Sqoop Sentry integration
     * [SENTRY-695] - Sentry service should read the hadoop group mapping properties from core-site
     * [SENTRY-696] - Improve Metastoreplugin Cache Initialization time
     * [SENTRY-720] - Patch related files should be excluded from version control
     * [SENTRY-723] - Clean unused methods in HiveAuthzBindingHook
     * [SENTRY-740] - Move the class PolicyFileConstants and KeyValue to provider-common
     * [SENTRY-755] - HDFS access of data files should be disabled for user with privileges only on some columns
     * [SENTRY-767] - SENTRY jenkins support test the patch for branch
     * [SENTRY-774] - *.rej files should be added to rat ignore list
     * [SENTRY-776] - Sentry client should support cache based kerberos ticket for secure zookeeper connection
     * [SENTRY-821] - Add thrift protocol version check for generic model
     * [SENTRY-843] - Add the link of wiki page in README.md
     * [SENTRY-874] - Handle HMS updates correctly while full update is being built

 ** New Feature
     * [SENTRY-197] - Create tool to dump and load of entire Sentry service
     * [SENTRY-612] - Sqoop2 integration with sentry
     * [SENTRY-778] - CredentialProvider for Sentry DB password
     * [SENTRY-804] - Add Audit Log Support for Solr Sentry Handlers

 ** Task
     * [SENTRY-684] - Upgrade to Apache Curator 2.7.1
     * [SENTRY-692] - Add schema creation scripts for 1.6.0 version
     * [SENTRY-757] - Add documentation for import/export feature
     * [SENTRY-758] - Add test cases for partition columns with column level privileges
     * [SENTRY-771] - Add documentation for Delegated GRANT and REVOKE
     * [SENTRY-772] - Add documentation for Sentry Webserver Authentication and Authorization
     * [SENTRY-779] - Add documentation for Sentry Client Connection Pool
     * [SENTRY-818] - Add document for “Sqoop2 integration with Sentry”
     * [SENTRY-857] - Apache Sentry 1.6.0 Release

 ** Test
     * [SENTRY-485] - Add test coverage for auditing in E2E, secure environment
     * [SENTRY-741] - Add a test case for hive query which creates dummy partition
     * [SENTRY-824] - Enable column level privileges e2e tests on real cluster runs

	Release Notes - Sentry - Version 1.6.0

	** Sub-task
	* [SENTRY-537] - Refactor AbstractTestWithHiveServer to cut down some test cases runtime
	* [SENTRY-600] - Extend SentryClient by SentryClientInvocationHandler
	* [SENTRY-601] - Create connection pool factory
	* [SENTRY-621] - Add new thrift interface for import/export in sentry
	* [SENTRY-622] - Update SentryService for import/export feature
	* [SENTRY-623] - Create processor to deal with the file format for import/export feature
	* [SENTRY-631] - Run full tests locally: mvn verify to see if it can pass nowadays
	* [SENTRY-644] - Sentry Sqoop binding framework for role-based authorization
	* [SENTRY-645] - Add sqoop authorizable model for sentry authorization
	* [SENTRY-646] - Add Sqoop policy engine for sentry authorization
	* [SENTRY-656] - Update SentryStore for import/export feature
	* [SENTRY-657] - Update SentryConfigTool for import/export feature
	* [SENTRY-661] - Ensure Sqoop Sentry authorizaiton works with sentry service
	* [SENTRY-681] - Update the versions on trunk after branching
	* [SENTRY-697] - Test parallel cache loading with large metastore
	* [SENTRY-828] - Cleanup the unnecessary ProviderBackend
	* [SENTRY-863] - Create release branch for 1.6.0
	* [SENTRY-864] - Update the version to 1.7.0-incubating-SNAPSHOT on trunk after branch-1.6.0 created
	* [SENTRY-865] - Update changelog.txt, notice.txt, etc... for 1.5.0 release
	* [SENTRY-866] - Update sentry website after 1.6.0 release
	* [SENTRY-867] - Remove SNAPSHOT tag of branch-1.6.0
	* [SENTRY-868] - Create rc for 1.6.0

	** Bug
	* [SENTRY-227] - Fix for "Unsupported entity type DUMMYPARTITION"
	* [SENTRY-296] - Sentry Service Client does not allow for connection pooling
	* [SENTRY-453] - Hadoop and hive tars are downloaded even if download-hadoop profile not used.
	* [SENTRY-467] - Fix minor failures in cluster-hadoop profile
	* [SENTRY-508] - Improve runtime of 'Sentry Hive Tests' (currently it is >30m)
	* [SENTRY-546] - Permissions on external tables does not always translate to HDFS acls
	* [SENTRY-596] - The jar files of sentry binary and source code should publish to maven central
	* [SENTRY-605] - For locations using HDFS synchronization, users should not be allowed access to HDFS files if column-level restrictions are present
	* [SENTRY-611] - The SecureCoreAdminHandler.getCollectionFromCoreName will throw null-point exception when Solr running in non-solrCloud mode.
	* [SENTRY-670] - Fix the Sentry build to remove snapshot and non apache dependencies
	* [SENTRY-676] - Address Sentry HA issues in secure cluster
	* [SENTRY-678] - Sentry-Solr Binding may not load group mapping service correctly
	* [SENTRY-683] - HDFS service client should ensure the kerberos ticket validity before new service connection
	* [SENTRY-687] - Handle authorization for 'select <expr>' hive queries
	* [SENTRY-698] - Uncaught OutOfMemoryError
	* [SENTRY-699] - Memory leak when running Sentry w/ HiveServer2
	* [SENTRY-702] - Hive binding should support RELOAD command
	* [SENTRY-703] - Calls to add_partition fail when passed a Partition object with a null location
	* [SENTRY-714] - Support TCompactProtocol for Sentry RPC
	* [SENTRY-717] - Fix the UDF whitelist format for functions row_number and unbase64
	* [SENTRY-721] - HDFS Cascading permissions not applied to child file ACLs if a direct grant exists
	* [SENTRY-736] - Add a new constructor to HadoopGroupMappingService
	* [SENTRY-739] - when user doesn't have admin privileges, show grant throw exception, better improve error message
	* [SENTRY-744] - DB provider client should support grantServerPrivilege() method without action for backward compatibility
	* [SENTRY-746] - After revoke select from view, select fails with a confusing error message
	* [SENTRY-750] - Use the Sqoop Server principal as the requester when removing the Sqoop resource
	* [SENTRY-752] - Sentry service audit log file name format should be consistent
	* [SENTRY-763] - Remove multiple .gitignore files
	* [SENTRY-766] - Fixed the broken builds link on the sentry site web page
	* [SENTRY-770] - When use sentry to configuration hive,to ensure safety of data access.The functions(row_number and unbase64) can't be used.The Problem caused by a sentry bug. I have already found a way to solve the problem,except to modify the sentry source code.
	* [SENTRY-777] - SentryServiceIntegrationBase#after() should be run under client subject
	* [SENTRY-780] - HDFS Plugin should not execute path callbacks for views
	* [SENTRY-788] - Fix mysql and postgres scripts of generalized model
	* [SENTRY-789] - Jenkins should support test branch with special character
	* [SENTRY-790] - Remove MetaStoreClient interface
	* [SENTRY-791] - java.lang.AbstractMethodError when using HDFS sync
	* [SENTRY-792] - Throw underlying exception if SentryService start fails
	* [SENTRY-794] - TestHDFSIntegrationWithHA#testEnd2End fails
	* [SENTRY-796] - Fix log levels in SentryAuthorizationInfo
	* [SENTRY-797] - TestHDFSIntegration#testEndToEnd is flaky
	* [SENTRY-799] - Fix sentry unit test error: TestDbEndToEnd.testBasic: Table t1 already exists
	* [SENTRY-800] - Oracle: first run A1.Scope invalid identifier
	* [SENTRY-801] - Update README: Does not compile with JDK8
	* [SENTRY-802] - SentryService: Log error if you processor cannot be registered.
	* [SENTRY-803] - TestLinkEndToEnd.testUpdateDtestUpdateDeleteLinkeleteLink test failure: SentryAlreadyExistsException: Role: role4
	* [SENTRY-805] - Reclassify CoreAdminHandler Actions
	* [SENTRY-806] - Fix unit test failure: TestMetastoreEndToEnd.testPartionInsert, java.lang.RuntimeException: Cannot make directory: hdfs://localhost:60362/tmp/hive-jenkins/hive_2015-07-09_21-50-34_878_9035087593722312500-1
	* [SENTRY-808] - Change default protocol version to V2
	* [SENTRY-810] - CTAS without location is not verified properly
	* [SENTRY-819] - select on all columns is not same as select on table
	* [SENTRY-822] - OutOfMemory in hive e2e test
	* [SENTRY-823] - Clean up roles properly in TestHDFSIntegration
	* [SENTRY-825] - SecureAdminHandler no longer pulls collection name for create correctly
	* [SENTRY-827] - Server Scope always grants ALL
	* [SENTRY-829] - Fix all sentry hive test failure in TestDbCrossDbOps class: create database/table, grant select on table to role, but drop database then recreate it, privileges are removed.
	* [SENTRY-830] - Enable setMetastoreListener in the tests so that we can debug flaky test failures from local testing enviroment
	* [SENTRY-834] - Fix hive e2e real cluster failures in TestDbConnections, TestDbExportImportPrivileges, TestDbJDBCInterface
	* [SENTRY-836] - Refactor test TestDatabaseProvider.java: make each test case independent from other tests, not assume any external states/data
	* [SENTRY-839] - posexplode() missing from HIVE_UDF_WHITE_LIST
	* [SENTRY-841] - Revoke on SERVER scope breaks Client API, allows any string to be passed in
	* [SENTRY-842] - Fix typos in pom.xml
	* [SENTRY-847] - [column level privilege] if grant column level privilege to user, show columns in table shouldn't require extra table level privilege
	* [SENTRY-850] - Fix dbprovider test failures when run on a real cluster or setMetastoreListener = true, when db/tab gets recreated their associated privileges will be deleted.
	* [SENTRY-856] - [unit test] Sentry unit tests failures when it run at new Jenkins nodes
	* [SENTRY-860] - Fix intermittent test failure for TestPrivilegesAtFunctionScope.testFuncPrivileges1

	** Improvement
	* [SENTRY-530] - Add thrift protocol version check
	* [SENTRY-590] - Client factory for generic authorization model
	* [SENTRY-626] - Test case improvement
	* [SENTRY-647] - Add e2e tests for Sqoop Sentry integration
	* [SENTRY-695] - Sentry service should read the hadoop group mapping properties from core-site
	* [SENTRY-696] - Improve Metastoreplugin Cache Initialization time
	* [SENTRY-720] - Patch related files should be excluded from version control
	* [SENTRY-723] - Clean unused methods in HiveAuthzBindingHook
	* [SENTRY-740] - Move the class PolicyFileConstants and KeyValue to provider-common
	* [SENTRY-755] - HDFS access of data files should be disabled for user with privileges only on some columns
	* [SENTRY-767] - SENTRY jenkins support test the patch for branch
	* [SENTRY-774] - *.rej files should be added to rat ignore list
	* [SENTRY-776] - Sentry client should support cache based kerberos ticket for secure zookeeper connection
	* [SENTRY-821] - Add thrift protocol version check for generic model
	* [SENTRY-843] - Add the link of wiki page in README.md
	* [SENTRY-874] - Handle HMS updates correctly while full update is being built

	** New Feature
	* [SENTRY-197] - Create tool to dump and load of entire Sentry service
	* [SENTRY-612] - Sqoop2 integration with sentry
	* [SENTRY-778] - CredentialProvider for Sentry DB password
	* [SENTRY-804] - Add Audit Log Support for Solr Sentry Handlers

	** Task
	* [SENTRY-684] - Upgrade to Apache Curator 2.7.1
	* [SENTRY-692] - Add schema creation scripts for 1.6.0 version
	* [SENTRY-757] - Add documentation for import/export feature
	* [SENTRY-758] - Add test cases for partition columns with column level privileges
	* [SENTRY-771] - Add documentation for Delegated GRANT and REVOKE
	* [SENTRY-772] - Add documentation for Sentry Webserver Authentication and Authorization
	* [SENTRY-779] - Add documentation for Sentry Client Connection Pool
	* [SENTRY-818] - Add document for “Sqoop2 integration with Sentry”
	* [SENTRY-857] - Apache Sentry 1.6.0 Release

	** Test
	* [SENTRY-485] - Add test coverage for auditing in E2E, secure environment
	* [SENTRY-741] - Add a test case for hive query which creates dummy partition
	* [SENTRY-824] - Enable column level privileges e2e tests on real cluster runs