forked from apache/sentry
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG.txt
261 lines (255 loc) · 19.5 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
Release Notes - Sentry - Version 1.8.0
** New Feature
* [SENTRY-711] - Implement grant user to role
* [SENTRY-785] - Allow export of sentry for a specific auth object
* [SENTRY-912] - Sentry integration with Apache Kafka
* [SENTRY-1154] - Uber Jira for enabling Sentry with blob storage
** Improvement
* [SENTRY-67] - Complete Hive Integration points
* [SENTRY-480] - Create import tool that will load policy file about Solr into the DB store
* [SENTRY-662] - SentryServiceIntegrationBase should use UGI based login
* [SENTRY-807] - Grant on URI should prepend namenode prefix
* [SENTRY-873] - [HMS HA] Have a HMS leader which would be responsible for sending path updates to Sentry
* [SENTRY-990] - Improve load time for HMS paths + HDFS sync
* [SENTRY-999] - Refactor the sentry to integrate with external components quickly
* [SENTRY-1076] - Add SSL support, print version info on Sentry Service webpage
* [SENTRY-1120] - Show role / privileges info in Sentry Service Webpage
* [SENTRY-1168] - Fix some "major" issues identified by Sonarqube
* [SENTRY-1205] - Refactor the code for sentry-provider-db and create sentry-service module
* [SENTRY-1206] - Add document for how to integrate with Sentry
* [SENTRY-1220] - Improve the import/export to support user scope
* [SENTRY-1229] - Add caching to SentryGenericProviderBackend
* [SENTRY-1233] - Logging improvements to SentryConfigToolSolr
* [SENTRY-1235] - Some pom changes
* [SENTRY-1251] - Move PolicyFileConstants to sentry-core-common
* [SENTRY-1254] - Upgrading SQL script for implement grant user to role
* [SENTRY-1268] - Add solr privilege convertor by default to solr binding
* [SENTRY-1269] - Converter vs Convertor is inconsistent
* [SENTRY-1290] - Performance improvement for ResourceAuthorizationProvider
* [SENTRY-1297] - wget is not a default command on mac
* [SENTRY-1404] - Use the new INodeAttributesProvider API in sentry-hdfs
* [SENTRY-1406] - Refactor: move AuthorizationProvider out of sentry-provider-common
* [SENTRY-1436] - Move PolicyFiles from sentry-provider-file to sentry-core-common
* [SENTRY-1450] - Have privilege converter set by Kafka binding
* [SENTRY-1470] - Apply Checkstyle changes to the core
* [SENTRY-1501] - SentryStore shouldn't synchronize openTransaction() and commitUpdateTransaction()
* [SENTRY-1505] - CommitContext isn't used by anything and should be removed
* [SENTRY-1507] - Sentry should use Datanucleus version of javax.jdo
* [SENTRY-1512] - Refactor the database transaction management
* [SENTRY-1516] - Add gpg configuration to the root pom to enable deployment to Maven Central
* [SENTRY-1517] - SentryStore should actually use function getMSentryRole to get roles
* [SENTRY-1518] - Add metrics for SentryStore transactions
* [SENTRY-1525] - Provide script to run Sentry directly from the repo
* [SENTRY-1533] - Sentry console metrics reporting interval should be configurable
* [SENTRY-1556] - Simplify privilege cleaning
* [SENTRY-1557] - getRolesForGroups() does too many trips to the the DB
* [SENTRY-1564] - Improve error detection and reporting in MetastoreCacheInitializer.java
* [SENTRY-1577] - Support "create function using jar" for hive when Sentry is enabled
* [SENTRY-1581] - Provide Log4J metrics reporter
* [SENTRY-1582] - Comments to clarify the intent of string manipulation methods in SentryStore.java
* [SENTRY-1594] - TransactionBlock should become generic
* [SENTRY-1599] - CloseablePersistenceManager is no longer needed
* [SENTRY-1615] - SentryStore should not allocate empty objects that are immediately returned
* [SENTRY-1625] - PrivilegeOperatePersistence can use QueryParamBuilder
* [SENTRY-1633] - Disable mvn failIfNotTest flag
* [SENTRY-1636] - Remove thrift dependency on fb303
* [SENTRY-1642] - Integrate Sentry build with Error Prone
* [SENTRY-1730] - Remove FileInputStream/FileOutputStream
* [SENTRY-1742] - Upgrade to Maven surefire plugin v2.2
* [SENTRY-1744] - Simplify creation of DelegateSentryStore
* [SENTRY-1811] - Optimize data structures used in HDFS sync
* [SENTRY-1823] - Fix the sentryShell script to support other types
* [SENTRY-1827] - Minimize TPathsDump thrift message used in HDFS sync
* [SENTRY-1836] - Add sentry web service config in service template
* [SENTRY-1846] - Use a consistent configuration variable for the sentry provider property
** Bug
* [SENTRY-320] - show role grant group groupname should not throw an exception if group doesnt exist in db
* [SENTRY-418] - org.mortbay.log package accidentally picked up in a few test classes
* [SENTRY-522] - [Unit Test] TestExportImportPrivileges failed due to error "Couldn't access new HiveServer: "
* [SENTRY-722] - Grant on URI should validate the required resource string format
* [SENTRY-887] - Sentry Hive binding fails with NPE when authorizing permanent Hive UDFs
* [SENTRY-933] - Some UTs in TestPrivilegesAtFunctionScope should have two arguments for “org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf”
* [SENTRY-947] - Improve error message in HDFS NN Plugin when unable to connect to Sentry
* [SENTRY-951] - move hive warehouse dir to /hive, the dir doesn't have hive:hive as owner.
* [SENTRY-961] - Remove fb303.thrift reference from thrift definitions
* [SENTRY-1001] - Improve usability of URIs and URI privileges
* [SENTRY-1020] - Action ALL is not recognized in the generic API
* [SENTRY-1069] - [Unit Test Failure] Fix TestAuditLogForSentryGenericService
* [SENTRY-1094] - SentryMetastorePostEventListener.onAlterTable should check for null dereference
* [SENTRY-1101] - When edit log for HDFS sync in Sentry Server is full, the next Path update is not correctly setup
* [SENTRY-1184] - Clean up HMSPaths.renameAuthzObject
* [SENTRY-1190] - IMPORT TABLE silently fails if Sentry is enabled
* [SENTRY-1193] - Add SQL upgrade script for 1.8.0
* [SENTRY-1201] - Sentry ignores database prefix for MSCK statement
* [SENTRY-1209] - Sentry does not block Hive's cross-schema table renames
* [SENTRY-1212] - Small authorization and compatibility checking bugs in Sentry conversion tool
* [SENTRY-1213] - Remove unnecessary file
* [SENTRY-1215] - Sentry's db provider makes privileges case insensitive.
* [SENTRY-1216] - [unit test failure] disable sentry ha tests for now; add time out for each test class/method; fix trainsient junit time out issue
* [SENTRY-1218] - [unit test failure] testFuncPrivileges1 takes more than 180s to finish so keep failing the test suites
* [SENTRY-1228] - SimpleFileProviderBackend error message missing spaces
* [SENTRY-1230] - Add basic testing workflow to test Sentry with Hive storage on S3
* [SENTRY-1236] - Bump thrift version to 0.9.3
* [SENTRY-1250] - Document kafka integration with sentry
* [SENTRY-1252] - grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified
* [SENTRY-1253] - SentryShellKafka is incorrectly setting component as "KAFKA"
* [SENTRY-1260] - Improve error handling - ArrayIndexOutOfBoundsException in PathsUpdate.parsePath can cause MetastoreCacheInitializer intialization to fail
* [SENTRY-1265] - Sentry service should not require a TGT as it is not talking to other kerberos services as a client
* [SENTRY-1270] - Improve error handling - Database with malformed URI causes NPE in HMS plugin during DDL
* [SENTRY-1294] - Fix the management problem for dependency's version
* [SENTRY-1302] - Update Hive V2 after moving Exception to sentry-core-common module
* [SENTRY-1311] - Improve usability of URI privileges by supporting mixed use of URIs with and without scheme
* [SENTRY-1312] - HDFS_PERMISSION_DEFAULT does not parse correctly
* [SENTRY-1313] - Database prefix is not honoured when executing grant statement
* [SENTRY-1320] - truncate table db_name.table_name fails
* [SENTRY-1334] - [column level privileges] test and add test for CTAS and Create View AS SELECT (cross databases cases)
* [SENTRY-1345] - ACLS on table folder disappear after insert for unpartitioned tables
* [SENTRY-1346] - add a test case into hdfs acl e2e suite to test a db.tbl without partition, can take more than certain number groups
* [SENTRY-1354] - add column level test cases for select ... group by, order by and where in V2
* [SENTRY-1357] - SentryMetastorePostEventListenerBase.onAlterTable should check for null dereference
* [SENTRY-1376] - Fix alter property case correctly - Deletes ACLS on the table
* [SENTRY-1401] - In V2, show role grant group groupname should not throw an exception if group doesnt exist in db.
* [SENTRY-1405] - Add test for "show grant role on all " command in V2
* [SENTRY-1410] - Enable sentry ha, validate is able to read active sentry server
* [SENTRY-1438] - Move PolicyFiles from sentry-provider-file to sentry-core-common in V2
* [SENTRY-1447] - When s3 is configured as HDFS defaultFS and Hive Warehouse Dir, need to fix some e2e test failures. For example, TestDbHdfsMaxGroups.java.
* [SENTRY-1459] - Alter view with HMS Client fails with "java.lang.IllegalArgumentException: Can not create a Path from a null string"
* [SENTRY-1464] - Sentry e2e test failure in org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions.testAlterPartitionLocationPrivileges
* [SENTRY-1471] - TestHDFSIntegrationBase.java implements HDFS ACL checking and query verification incorrectly
* [SENTRY-1476] - SentryStore is subject to JDQL injection
* [SENTRY-1479] - Apply Checkstyle to sentry-policy module
* [SENTRY-1486] - Sentry should use repeatable-read consistency level
* [SENTRY-1491] - Sentry transactions are not rolled back immediately when commit fails
* [SENTRY-1504] - NPE in log4j.properties parsing
* [SENTRY-1508] - MetastorePlugin.java does not handle properly initialization failure
* [SENTRY-1515] - Cleanup exception handling in SentryStore
* [SENTRY-1524] - sentry-dist is missing dependency on sentry-hdfs-dist
* [SENTRY-1526] - Sentry processed stays alive after being killed
* [SENTRY-1532] - Sentry Web UI isn't working
* [SENTRY-1534] - Oracle supports serializable instead of repeatable-read
* [SENTRY-1546] - Generic Policy provides bad error messages for Sentry exceptions
* [SENTRY-1548] - Setting GrantOption to UNSET upsets Sentry
* [SENTRY-1586] - [unit test] Race condition between metastore server/client could cause connection refused errors
* [SENTRY-1605] - SENTRY-1508 need to be fixed because of Kerberos initialization issue
* [SENTRY-1609] - DelegateSentryStore is subject to JDQL injection
* [SENTRY-1624] - DefaultSentryValidator doesn't correctly construct SentryOnFailureHookContextImpl
* [SENTRY-1644] - Partition ACLs disappear after renaming Hive table with partitions
* [SENTRY-1646] - Unable to truncate table <database>.<tablename>; from "default" databases
* [SENTRY-1658] - Null pointer dereference in SentryShellHive
* [SENTRY-1663] - UpdateableAuthzPermissions has mutable static fields
* [SENTRY-1665] - cross-site scripting vulnerability in ConfServlet
* [SENTRY-1683] - MetastoreCacheInitializer has a race condition in handling results list
* [SENTRY-1727] - HMSPathsDumper.cloneToEntry should set authzObjToEntries properly
* [SENTRY-1759] - UpdatableCache leaks connections
* [SENTRY-1783] - alterSentryRoleGrantPrivilegeCore does more persistence work than required
* [SENTRY-1785] - Fix TestKrbConnectionTimeout test
* [SENTRY-1788] - Sentry Store may use JDO object after the associated data is removed in DB
* [SENTRY-1801] - Sentry Namenode Plugin should handle unknown permissions
* [SENTRY-1844] - When setting web authentication type to none, sentry fails to start
* [SENTRY-1845] - LOAD + OVERWRITE not supported in Hive v2. plugin
** Task
* [SENTRY-950] - add column level test cases for select ... group by, order by and where
* [SENTRY-1131] - Add document for Generate audit trail for Sentry generic model in wiki
* [SENTRY-1171] - Please delete old releases from mirroring system
* [SENTRY-1255] - Pull out client dependencies from sentry-provider-db
* [SENTRY-1276] - Bump hadoop version to 2.6.1
* [SENTRY-1315] - Add an interface in WebUI to request for a Sentry full update
* [SENTRY-1431] - Sentry HA test HMSFollower during failover
* [SENTRY-1456] - SENTRY-1454 follow up: Commit message and rat check failure
* [SENTRY-1520] - Provide mechanism for triggering HMS full snapshot
** Sub-task
* [SENTRY-726] - Update thrift API for grant user to role
* [SENTRY-727] - Update jdo model for grant user to role
* [SENTRY-728] - Update audit log for grant user to role
* [SENTRY-729] - Update binding-hive for grant user to role
* [SENTRY-730] - Update policy engine for grant user to role
* [SENTRY-731] - Update provider-backend for grant user to role
* [SENTRY-733] - Update notification handler for grant user to role
* [SENTRY-734] - Update SentryPolicyStoreProcessor for grant user to role
* [SENTRY-735] - Update AuthorizationProvider and e2e test for grant user to role
* [SENTRY-840] - Do not allow async initial updater of MetaStore cache
* [SENTRY-875] - Make update log size configurable in UpdateForwarder
* [SENTRY-1004] - Create CommonPrivilege for external component
* [SENTRY-1024] - Document for Sentry Kafka integration
* [SENTRY-1026] - Fix PMD tag for unused field.
* [SENTRY-1042] - Create CommonPolicy for external component
* [SENTRY-1070] - Rename kafka.superusers -> super.users based on kafka docs
* [SENTRY-1074] - Refactor ResourceAuthorizationProvider with CommonPrivilege and CommonPolicy
* [SENTRY-1086] - Add permission check and test case for alter db set owner
* [SENTRY-1089] - Move validator from sentry-policy-xxx to sentry-core-model-xxx
* [SENTRY-1090] - Improvement for CommonPrivilege
* [SENTRY-1091] - Create Model for specific components
* [SENTRY-1092] - Move Class KeyValue and PolicyConstants to sentry-core-common
* [SENTRY-1093] - Refactor the constructor of PolicyEngine
* [SENTRY-1103] - Authorizable names' case sensitivity must be decided by plugins
* [SENTRY-1104] - Add method in Privilege model to create privilege validators
* [SENTRY-1115] - Add caching to avoid huge performance hit
* [SENTRY-1123] - Add test cases for Hive, Solr, Index, Sqoop with the CommonPrivilege
* [SENTRY-1127] - Move test cases from sentry-policy-xxx to sentry-binding-xxx
* [SENTRY-1153] - Ensure AccessURI work with S3
* [SENTRY-1158] - Remove unnecessary sentry-policy-xxx
* [SENTRY-1160] - Enable dist for kafka-binding
* [SENTRY-1166] - Update default value for sentry.hive.server in Sentry wiki
* [SENTRY-1175] - Improve usability of URI privileges when granting URIs
* [SENTRY-1176] - Update thrift API for export with specific auth object
* [SENTRY-1177] - Update SentryStore for export with specific auth object
* [SENTRY-1178] - Update Sentry Policy Service for export with specific auth object
* [SENTRY-1179] - Update Sentry config tool for export with specific auth object
* [SENTRY-1199] - Update wiki page for export with specific auth object
* [SENTRY-1203] - Rebase the code
* [SENTRY-1208] - Make HOST implied in privileges if not specified explicitly.
* [SENTRY-1214] - Make Kafka resources/ Kafka Model case sensitive
* [SENTRY-1221] - Improve the SentryStore and thrift api for import/export with user scope
* [SENTRY-1222] - Improve SentryIniPolicyFileFormatter to support user section in .ini file
* [SENTRY-1225] - Improve SentryPolicyServiceClientDefaultImpl to support user section with import/export
* [SENTRY-1258] - Mysql upgrade SQL script for implement grant user to role
* [SENTRY-1261] - Derby upgrade SQL script for implement grant user to role
* [SENTRY-1262] - Oracle upgrade SQL script for implement grant user to role
* [SENTRY-1263] - Postgres upgrade SQL script for implement grant user to role
* [SENTRY-1272] - Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding
* [SENTRY-1278] - DB2 upgrade SQL script for implement grant user to role
* [SENTRY-1283] - Enable alter table operation without outputs in hive binding
* [SENTRY-1286] - Create sentry-service-common module
* [SENTRY-1287] - Create sentry-service-server module
* [SENTRY-1288] - Create sentry-service-client module
* [SENTRY-1289] - Move exception to sentry-core-common module
* [SENTRY-1291] - SimpleCacheProviderBackend.getPrivileges should return the permission based on authorizationhierarchy
* [SENTRY-1292] - Reorder DBModelAction EnumSet
* [SENTRY-1293] - Avoid converting string permission to Privilege object
* [SENTRY-1304] - Enable CREATEMACRO and DROPMACRO operations in hive binding
* [SENTRY-1319] - Add metrics for isActive and isHA
* [SENTRY-1327] - Enable "show grant role roleName on all" command
* [SENTRY-1337] - Move GroupMappingService from sentry-provider-common to sentry-core-common
* [SENTRY-1344] - Move AuthorizationComponent from sentry-provider-common to sentry-core-common
* [SENTRY-1348] - Move HA related class from sentry-provider-db to sentry-service-common
* [SENTRY-1349] - Add permission check and test case for alter db set owner in V2
* [SENTRY-1351] - Enable alter table operation without outputs in V2
* [SENTRY-1352] - Enable CREATEMACRO and DROPMACRO operations in V2
* [SENTRY-1358] - Implement Grant role_name To User user_name in V2
* [SENTRY-1359] - Implement SHOW ROLE GRANT USER user_name in V2
* [SENTRY-1360] - Refactor grantPrivilege of Sentry Client
* [SENTRY-1361] - Refactor revokePrivilege of Sentry Client
* [SENTRY-1363] - Clean all pom.xml
* [SENTRY-1369] - Fix compile error for sentry-binding-hive-v2
* [SENTRY-1377] - improve handling of failures, both in tests and after-test cleanup, in TestHDFSIntegration.java
* [SENTRY-1394] - Fix compile error for sentry-test-hive-v2
* [SENTRY-1454] - Fix intermittent time out issue for TestHDFSIntegration
* [SENTRY-1651] - Port SENTRY-1404 to sentry-ha-redesign
* [SENTRY-1652] - Port SENTRY-1464 to sentry-ha-redesign
* [SENTRY-1655] - Port SENTRY-1471 to sentry-ha-redesign
* [SENTRY-1656] - Port Sentry-1459 to sentry-ha-redesign
* [SENTRY-1857] - Create new branch (branch-1.8) based on master
** Test
* [SENTRY-583] - Add boundary condition test coverage to HDFS synchronization test suite around max #of groups
* [SENTRY-858] - Add a test case for - Database prefix is not honoured when executing grant statement
* [SENTRY-1108] - Improve surefire execution to run tests concurrently
* [SENTRY-1134] - Add user defined udf test case
* [SENTRY-1266] - Add ConfigTool tests to skipSlowAndNotThreadSafeTests blacklist
* [SENTRY-1299] - Add a test case to verify SentryStore#verifySentryStoreSchema works
* [SENTRY-1390] - Add test cases to ensure usability of URI privileges for HMS binding
* [SENTRY-1391] - Add more test cases for perm and temp UDF
* [SENTRY-1402] - Add TestGrantUserToRole to V2
* [SENTRY-1489] - Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.
* [SENTRY-1497] - create a sentry scale test tool to add various objects and privileges into Sentry and HMS
* [SENTRY-1503] - Remove all sequence ID checks from TestSentryStore
* [SENTRY-1809] - Use Apache Curator in the Kafka tests