| Release Notes - Sentry - Version 2.1.0 |
| |
| |
| ** New Feature |
| * [SENTRY-2106] - If Sentry is ahead do not trigger a full snapshot |
| * [SENTRY-2151] - Automatically derive owner privileges from Hive Object Ownership |
| * [SENTRY-2220] - Support all Hive SHOW GRANT commands |
| |
| |
| ** Improvement |
| * [SENTRY-853] - Handle show grant on <auth> failure correctly |
| * [SENTRY-1572] - SentryMain() shouldn't dynamically load tool class |
| * [SENTRY-1930] - Switch to hive-authz2 profile by default |
| * [SENTRY-1951] - Old SentryStore.retrieveFullPathsImage() should be removed |
| * [SENTRY-2076] - Some test artifacts are not defined at test scope |
| * [SENTRY-2145] - Some misc code cleanups |
| * [SENTRY-2147] - Fix Javadoc for SentryHiveAuthorizerFactory |
| * [SENTRY-2150] - Update Apache parent pom version |
| * [SENTRY-2165] - NotificationProcesser process notification methods have logs wrongly flagged as ERROR |
| * [SENTRY-2183] - Increase default sentry-hdfs rpc timeout to 20 mins |
| * [SENTRY-2198] - Update to Kafka 1.0.0 |
| * [SENTRY-2269] - Make SentryStore pluggable |
| * [SENTRY-2284] - Add two client API to get all roles or users privileges mapping |
| * [SENTRY-2285] - Add a profile '-Pdist' to package Sentry binaries |
| * [SENTRY-2311] - Intellij is broken by shaded jars |
| * [SENTRY-2335] - Allow multiple callbacks to be run when a Signal is received. |
| * [SENTRY-2366] - Exclude jackson transitive dependencies |
| * [SENTRY-2376] - Bump Jackson libraries versions to 1.9.13 and 2.9.6 |
| * [SENTRY-2392] - Add metrics statistics to list_user_privileges and list_role_privileges API |
| * [SENTRY-2398] - Support multiple target versions on single source versions during schema upgrades |
| |
| ** Sub-task |
| * [SENTRY-641] - Add binding for lily hbase indexer |
| * [SENTRY-2023] - Add sentry-shell support for hbase-indexer permissions |
| * [SENTRY-2055] - Update the pom file on master with the 2.1.0-SNAPSHOT. |
| * [SENTRY-2063] - Add timestamp in Thrift API for HDFS integration |
| * [SENTRY-2064] - Sentry client at HDFS should send back the timestamp in last response |
| * [SENTRY-2065] - Timestamp in MSentryPathChange and MSentryPermChange should be set by DB server |
| * [SENTRY-2152] - Only Admin can set dbproperty 'owner.privileges' |
| * [SENTRY-2153] - Get owner.privileges value from hive for a given DB |
| * [SENTRY-2154] - Update schema to grant privileges to user |
| * [SENTRY-2155] - Update JDO to grant privileges to user |
| * [SENTRY-2156] - Update provider-db backend code to grant privileges to user |
| * [SENTRY-2157] - Update audit log to grant/revoke owner privileges |
| * [SENTRY-2159] - Add e2e tests for granting owner privileges |
| * [SENTRY-2160] - Add owner in create table notification event |
| * [SENTRY-2162] - Retrieve and list user privileges for authorization |
| * [SENTRY-2169] - Make sure that the implicit privileges for a role are synced with HDFS |
| * [SENTRY-2174] - Sentry authorization provider should now generate ACL for users |
| * [SENTRY-2206] - Refactor out sentry api from sentry-provider-db to own module |
| * [SENTRY-2207] - Refactor out Sentry CLI from sentry-provider-db into own module |
| * [SENTRY-2208] - Refactor out Sentry service into own module from sentry-provider-db |
| * [SENTRY-2224] - Support SHOW GRANT on HIVE_OBJECT |
| * [SENTRY-2233] - Add e2e tests for testing HDFS sync for owner privileges. |
| * [SENTRY-2241] - Extend the Sync Listener to pass owner information to sentry server. |
| * [SENTRY-2246] - Construct owner privilege (TSentryPrivilege) |
| * [SENTRY-2247] - Add e2e tests to verify owner privileges |
| * [SENTRY-2251] - Update user privileges based on changes to authorizables |
| * [SENTRY-2252] - Normalize the Sentry store API's to handle both user/role privileges |
| * [SENTRY-2256] - Make thrift API changes to get user privileges from Sentry |
| * [SENTRY-2260] - Update HDFS ACL's based on owner privileges. |
| * [SENTRY-2264] - It is possible to elevate privileges from DROP using alter table rename |
| * [SENTRY-2265] - Translate owner privilege in sentry binding for authorization |
| * [SENTRY-2272] - Fix the sentry store logic for listing user privileges |
| * [SENTRY-2273] - Create the SHOW GRANT USER task for Hive |
| * [SENTRY-2274] - Grant and revoke owner privileges based on HMS updates(server-side) |
| * [SENTRY-2275] - Grant and revoke owner privileges based on HMS updates(client-side) |
| * [SENTRY-2280] - The request received in SentryPolicyStoreProcessor.sentry_notify_hms_event is null |
| * [SENTRY-2281] - list_privileges_by_user() fails with a JDODetachedFieldAccessException |
| * [SENTRY-2290] - Avoid storing the path information for partitions in default location |
| * [SENTRY-2294] - Add requestorUsername to client.notifyHmsEvent() method |
| * [SENTRY-2295] - Owner privileges should not be granted to sentry admin users |
| * [SENTRY-2296] - Add PermissionsUpdate for adding owner privilege on owner transfer |
| * [SENTRY-2307] - Avoid HMS event synchronization while sentry is fetching full snapshot. |
| * [SENTRY-2312] - Update owner privileges for table when owner is changed. |
| * [SENTRY-2319] - ownership change should be done only by admin users |
| * [SENTRY-2339] - Support transfer of ownership for database/table to roles |
| * [SENTRY-2355] - Merge the DB owner privileges configurations into one enum configuration |
| * [SENTRY-2358] - Close JIRA version for 2.0.1 |
| * [SENTRY-2363] - Update the wiki "How to release sentry" |
| * [SENTRY-2364] - Make an announcement for 2.0.1 release |
| * [SENTRY-2367] - Implement subsystem to allow for pluggable attribute providers and transports |
| * [SENTRY-2374] - Add Lombok for easier development |
| |
| |
| ** Bug |
| * [SENTRY-379] - Db entities are not captured when firing failurehook for SentryAccessDeniedException |
| * [SENTRY-1662] - Constants java uses mutable collection |
| * [SENTRY-1688] - Apache fails to build Sentry package Sentry-jdk-1.7-v2 |
| * [SENTRY-1819] - HMSFollower and friends do not belong in sentry.service.thrift |
| * [SENTRY-2034] - Add e2e tests for testing HMS notification processing. |
| * [SENTRY-2040] - When getting Snapshots from HMS we need more logging around cases when a snapshot is not being received |
| * [SENTRY-2049] - Remove hive-authz2 profile from the sentry-dist module |
| * [SENTRY-2078] - Have sentry server print an obvious INFO level log message when it becomes the writer |
| * [SENTRY-2079] - Sentry HA leader monitor does not work due to a mix of curator versions in the classpath |
| * [SENTRY-2082] - Exclude javax.servlet-3.0.0.v201112011016.jar from Sentry dist |
| * [SENTRY-2084] - Exclude javax.jms:jms from sentry distribution |
| * [SENTRY-2085] - Sentry error handling exposes SentryGroupNotFoundException externally |
| * [SENTRY-2092] - Drop Role log message shows "Creating role" |
| * [SENTRY-2115] - Incorrect behavior of HMsFollower when HDFSSync feature is disabled. |
| * [SENTRY-2120] - Escape input string for error response message in LogLevelServlet |
| * [SENTRY-2123] - Specify code path of auth-generated thrift files for Javadoc and exclude them from Javadoc generation |
| * [SENTRY-2124] - LeaderStatusMonitor.toString() throws IllegalFormatConversionException with AtomicLong |
| * [SENTRY-2127] - Fix unstable unit test TestColumnEndToEnd.testCrossDbTableOperations |
| * [SENTRY-2136] - Bump metrics dependency to new namespace and version used by the rest of Hadoop |
| * [SENTRY-2164] - Convert uses of TransactionBlock to lambdas |
| * [SENTRY-2167] - Change ignored logging messages to debug level in NotificationProcessor |
| * [SENTRY-2178] - Sentry permissions for Solr are deleted as part of migration process |
| * [SENTRY-2184] - Performance Issue: MPath is queried for each MAuthzPathsMapping in full snapshot |
| * [SENTRY-2190] - Have verbose debug logs in CounterWait class |
| * [SENTRY-2192] - supress date value in @Generated annotation generated by thrift |
| * [SENTRY-2193] - Synchronize thrift definition with the generated sources |
| * [SENTRY-2200] - Migrate 3.x Datanucleus unsupported configurations to 4.1 Datanucleus |
| * [SENTRY-2209] - Incorrect class in SentryHdfsMetricsUtil.java |
| * [SENTRY-2212] - smart-apply-patch.sh isn't so smart, won't apply changes when files have been moved or renamed |
| * [SENTRY-2214] - Sentry should not allow URI grants to EMPTY or NULL locations |
| * [SENTRY-2226] - Support Hive operation ALTER TABLE EXCHANGE |
| * [SENTRY-2231] - Fix URI check on List Privileges by Provider in SentryStore |
| * [SENTRY-2236] - Add UNKNOWN to PrincipalType |
| * [SENTRY-2238] - Explicitly set Database on SentryHivePrivilegeObjectDesc |
| * [SENTRY-2257] - Implement Sentry store API's to update owner privilege on a authorizable |
| * [SENTRY-2262] - Sentry client is not compatible when connecting to Sentry 2.0 |
| * [SENTRY-2267] - Listing user privileges fails because roleName field is required on Thrift |
| * [SENTRY-2270] - Illegal privileges on columns can be granted on Hive |
| * [SENTRY-2271] - Wrong log messages/method names in SentrySchema related classes. |
| * [SENTRY-2278] - SentryPolicyServiceClientDefaultImpl setupSentryAuthorizable methods always returns a single TSentryAuthorizable for a list of authorizable |
| * [SENTRY-2282] - Remove hive-authzv2 binding and tests modules completely |
| * [SENTRY-2283] - Multiple versions of metrics on the classpath causes Sentry to not startup |
| * [SENTRY-2308] - Create privilege on table has no use case |
| * [SENTRY-2310] - Sentry is not be able to fetch full update subsequently, when there is HMS restart in the snapshot process. |
| * [SENTRY-2315] - The grant all operation is not dropping the create/alter/drop/index/lock privileges. |
| * [SENTRY-2330] - Change sentry-service-server to use ${project.version} |
| * [SENTRY-2337] - [REVERT] SENTRY-2295: Owner privileges should not be granted to sentry admin users |
| * [SENTRY-2352] - User roles with ALTER on a table can not show or describe the table on which they have ALTER |
| * [SENTRY-2359] - Object owner is unable to grant privileges: SentryAccessDeniedException |
| * [SENTRY-2369] - Remove the index for `USER_ID` and `DB_PRIVILEGE_ID` in `SENTRY_USER_DB_PRIVILEGE_MAP` |
| * [SENTRY-2375] - Fix API typos on SentryPolicyServiceClient |
| * [SENTRY-2394] - Typo in sentry-site.xml.service.template |
| * [SENTRY-2395] - ALTER VIEW AS SELECT is asking for CREATE privileges instead of ALTER |
| |
| |
| ** Task |
| * [SENTRY-2056] - Display test-patch.py output on the standard console to see progress on Jenkins |
| * [SENTRY-2096] - Fail unit tests at end during test-patch.py execution |
| * [SENTRY-2118] - Document Configuration required to make Column authentication work |
| * [SENTRY-2199] - Bump Hive version from 2.3.2 to 2.3.3 |
| * [SENTRY-2215] - Remove unused SentryGrantRevokeTask class |
| * [SENTRY-2277] - Add to SentryStore testURI test case testing with multiple URI privileges |
| |
| ** Test |
| * [SENTRY-2094] - Enable TestHDFSIntegrationWithHA tests |