CDH 5.14.4 Release Notes
The following lists all Cloudera authorization component Jiras included in CDH 5.14.4
that are not included in the Cloudera authorization component base version 1.5.1. The
sentry-1.5.1-cdh5.14.4.CHANGES.txt
file lists all changes included in CDH 5.14.4. The patch for each
change can be found in the cloudera/patches directory in the release tarball.
Changes Not In Cloudera authorization component 1.5.1
HDFS
Improvement
- [HDFS-7454] - Reduce memory footprint for AclEntries in NameNode
Sentry
Bug
- [SENTRY-2144] - Table Rename Cross Database should update permission correctly
- [SENTRY-1209] - Sentry does not block Hive's cross-schema table renames
- [SENTRY-2020] - Fix testConsumeCycleWithInsufficientPrivileges test failure in kafka e2e tests.
- [SENTRY-2184] - Performance Issue: MPath is queried for each MAuthzPathsMapping in full snapshot
- [SENTRY-2124] - LeaderStatusMonitor.toString() throws IllegalFormatConversionException with AtomicLong
- [SENTRY-2120] - Escape input string for error response message in LogLevelServlet
- [SENTRY-2066] - DB name is not set for AlterTable
- [SENTRY-1459] - Alter view with HMS Client fails with "java.lang.IllegalArgumentException: Can not create a Path from a null string"
- [SENTRY-2078] - Have sentry server print an obvious INFO level log message when it becomes the writer
- [SENTRY-2040] - When getting Snapshots from HMS we need more logging around cases when a snapshot is not being received
- [SENTRY-2068] - Disable HTTP TRACE method from the Sentry Web Server
- [SENTRY-2046] - Create a full snapshot if AUTHZ_PATHS_SNAPSHOT_ID is empty, even if HMS and Sentry Notifications are in sync
- [SENTRY-2047] - isTableEmptyCore method in SentryStore has references to MAuthzPathsMapping when it should be generic
- [SENTRY-2032] - Leading Slashes need to removed when creating HMS path entries
- [SENTRY-2036] - sentry_sync_notifications() should set ID when it returns errors
- [SENTRY-2035] - Metrics should move to destination atomically
- [SENTRY-1712] - Add trigger mechanism for Sentry to push full path snapshot to Name Node
- [SENTRY-1272] - Enable ALTERVIEW_RENAME and ALTERVIEW_AS operation in hive binding
- [SENTRY-2014] - Incorrect handling of HDFS paths with multiple slashes
- [SENTRY-1993] - StringIndexOutOfBoundsException in HMSPathsDumper.java
- [SENTRY-1942] - Bump BoneCP version from 0.7.1 to 0.8.0
- [SENTRY-1940] - Sentry should time out threads waiting for notifications
- [SENTRY-1946] - getPathsUpdatesFrom() got its boolean logic inversed which results in sending two snapshots at the same time
- [SENTRY-1939] - Resetting the CounterWait during full snapshot has to be handled across all sentry servers
- [SENTRY-1918] - NN snapshot should not be served while HMS snapshot is collected
- [SENTRY-1934] - SQL Index name is too long for Oracle 11.2
- [SENTRY-1931] - NameNode only gets full snapshot once
- [SENTRY-1929] - When full HMS snapshot is created all higher notifications should be purged
- [SENTRY-1928] - HMSFollower should close HMS connections when an error to HMS occurs
- [SENTRY-1915] - Sentry is doing a lot of work to convert list of paths to HMSPaths structure
- [SENTRY-1919] - Sentry should prevent two snapshots from being sent to HDFS
- [SENTRY-1916] - Sentry should not store paths outside of the prefix
- [SENTRY-1913] - Incorrect constraints on AUTHZ_PATHS_MAPPING.AUTHZ_OBJ_NAME
- [SENTRY-1888] - Sentry might not fetch all HMS duplicated events IDs when requested
- [SENTRY-1898] - Sentry no longer supports creating more than ~15 partitions at once
- [SENTRY-1890] - HMSFollower keep getting full snapshot when HDFS is disabled
- [SENTRY-1889] - HMSFollower should log better detailed error message if it cannot connect to HMS
- [SENTRY-1646] - Unable to truncate table <database>.<tablename>; from "default" databases
- [SENTRY-1874] - Do not require quiet HMS when taking initial HMS snapshot
- [SENTRY-1868] - SentryStore should set loadResultsAtCommit to false when query result isn't needed
- [SENTRY-1665] - cross-site scripting vulnerability in ConfServlet
- [SENTRY-1852] - Refactor HMSFollower without renaming file
- [SENTRY-1546] - Generic Policy provides bad error messages for Sentry exceptions
- [SENTRY-1801] - Sentry Namenode Plugin should handle unknown permissions
- [SENTRY-1788] - Sentry Store may use JDO object after the associated data is removed in DB
- [SENTRY-1714] - MetastorePlugin.java should quetly return from renameAuthzObject() when both paths are null
- [SENTRY-1759] - UpdatableCache leaks connections
- [SENTRY-1548] - Setting GrantOption to UNSET upsets Sentry
- [SENTRY-1644] - Partition ACLs disappear after renaming Hive table with partitions
- [SENTRY-1683] - MetastoreCacheInitializer has a race condition in handling results list
- [SENTRY-1508] - MetastorePlugin.java does not handle properly initialization failure
- [SENTRY-1609] - DelegateSentryStore is subject to JDQL injection
- [SENTRY-1476] - SentryStore is subject to JDQL injection
- [SENTRY-1515] - Cleanup exception handling in SentryStore
- [SENTRY-1534] - Oracle supports serializable instead of repeatable-read
- [SENTRY-1504] - NPE in log4j.properties parsing
- [SENTRY-1260] - Improve error handling - ArrayIndexOutOfBoundsException in PathsUpdate.parsePath can cause MetastoreCacheInitializer intialization to fail
- [SENTRY-1270] - Improve error handling - Database with malformed URI causes NPE in HMS plugin during DDL
- [SENTRY-1313] - Database prefix is not honoured when executing grant statement
- [SENTRY-1464] - Sentry e2e test failure in org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions.testAlterPartitionLocationPrivileges
- [SENTRY-1447] - When s3 is configured as HDFS defaultFS and Hive Warehouse Dir, need to fix some e2e test failures. For example, TestDbHdfsMaxGroups.java.
- [SENTRY-1416] - kafka-sentry tool's service name's default is different from KafkaSentryAuthorizer's default service name
- [SENTRY-1378] - Login fails for a secure Sentry Web UI
- [SENTRY-1334] - [column level privileges] test and add test for CTAS and Create View AS SELECT (cross databases cases)
- [SENTRY-1376] - Fix alter property case correctly - Deletes ACLS on the table
- [SENTRY-1311] - Improve usability of URI privileges by supporting mixed use of URIs with and without scheme
- [SENTRY-1345] - ACLS on table folder disappear after insert for unpartitioned tables
- [SENTRY-1346] - add a test case into hdfs acl e2e suite to test a db.tbl without partition, can take more than certain number groups
- [SENTRY-1320] - truncate table db_name.table_name fails
- [SENTRY-1201] - Sentry ignores database prefix for MSCK statement
- [SENTRY-1230] - Add basic testing workflow to test Sentry with Hive storage on S3
- [SENTRY-1265] - Sentry service should not require a TGT as it is not talking to other kerberos services as a client
- [SENTRY-1252] - grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified
- [SENTRY-1228] - SimpleFileProviderBackend error message missing spaces
- [SENTRY-1253] - SentryShellKafka is incorrectly setting component as "KAFKA"
- [SENTRY-1215] - Sentry's db provider makes privileges case insensitive.
- [SENTRY-1234] - JDO exception for list_sentry_privileges_by_authorizable
- [SENTRY-1190] - IMPORT TABLE silently fails if Sentry is enabled
- [SENTRY-1216] - [unit test failure] disable sentry ha tests for now; add time out for each test class/method; fix trainsient junit time out issue
- [SENTRY-1217] - NPE for list_sentry_privileges_by_authorizable when activeRoleSet is not set
- [SENTRY-1212] - Small authorization and compatibility checking bugs in Sentry conversion tool
- [SENTRY-1035] - Generic service does not handle group name casing correctly
- [SENTRY-1175] - Improve usability of URI privileges when granting URIs
- [SENTRY-922] - INSERT OVERWRITE DIRECTORY permission not working correctly
- [SENTRY-1184] - Clean up HMSPaths.renameAuthzObject
- [SENTRY-1169] - MetastorePlugin#renameAuthzObject log message prints oldpathname as newpathname
- [SENTRY-1164] - Fix testCaseSensitivity test failure on a real cluster
- [SENTRY-1157] - Fix Unit Tests TestAclsCrud&TestAuthorize failed
- [SENTRY-1122] - Allow Solr Audit Log to Read Impersonator Info
- [SENTRY-1112] - Change default value of "sentry.hive.server" to empty string
- [SENTRY-1099] - JDK8 autoboxing compilation failure
- [SENTRY-1095] - Insert into requires URI privilege on partition location under table.
- [SENTRY-1096] - Fix TestDbOperations#testCaseSensitivity failure on a real cluster
- [SENTRY-989] - RealTimeGet with explicit ids can bypass document level authorization
- [SENTRY-1066] - Sentry oracle upgrade script failed with ORA-0955 duplicate name issue
- [SENTRY-1055] - Sentry service solr constants refer to clusters rather than services
- [SENTRY-1064] - Fix TestDbOperations#testCaseSensitivity
- [SENTRY-1054] - Updated Apache Shiro dependency
- [SENTRY-1060] - Improve the SentryAuthFilter error message when authentication failure
- [SENTRY-993] - list_sentry_privileges_by_authorizable() gone in API v2
- [SENTRY-1050] - Improve clearAll method to avoid throwing exceptions because of deleting objects created outside of tests.
- [SENTRY-1044] - Tables with non-hdfs locations breaks HMS startup
- [SENTRY-968] - Uri check needs to be case sensitive
- [SENTRY-1007] - Sentry column-level performance for wide tables
- [SENTRY-1039] - Sentry shell tests assume order of option group privileges
- [SENTRY-1037] - Set "hadoop.security.authentication" to "kerberos" in the Generic Client
- [SENTRY-826] - TRUNCATE on empty partitioned table in Hive fails
- [SENTRY-1002] - PathsUpdate.parsePath(path) will throw an NPE when parsing relative paths
- [SENTRY-1008] - Path should be not be updated if the create/drop table/partition event fails
- [SENTRY-965] - Solr /terms request handler broken because of components declaration
- [SENTRY-945] - Avoid logging all DataNucleus queries when debug logging is enabled
- [SENTRY-902] - SimpleDBProviderBackend should retry the authrization process properly
- [SENTRY-995] - Simple Solr Shell
- [SENTRY-904] - Set max message size for thrift messages
- [SENTRY-991] - Roles of Sentry Permission needs to be case insensitive
- [SENTRY-1003] - Support "reload" by updating the classpath of Sentry function aux jar path during runtime
- [SENTRY-777] - SentryServiceIntegrationBase#after() should be run under client subject
- [SENTRY-1018] - HiveServer is not properly shutdown cause BindException in TestServerConfiguration
- [SENTRY-678] - Sentry-Solr Binding may not load group mapping service correctly
- [SENTRY-994] - SentryAuthorizationInfoX should override isSentryManaged
- [SENTRY-988] - It's better to let SentryAuthorization setter path always fall through and update HDFS
- [SENTRY-944] - Setting HDFS rules on Sentry managed hdfs paths should not affect original hdfs rules
- [SENTRY-835] - Drop table leaves a connection open when using metastorelistener
- [SENTRY-953] - External Partitions which are referenced by more than one table can cause some unexpected behavior with Sentry HDFS sync
- [SENTRY-957] - Exceptions in MetastoreCacheInitializer should probably not prevent HMS from starting up
- [SENTRY-932] - TestColumnEndToEnd error check should non-case sensitive
- [SENTRY-960] - Blacklist reflect,java_method using hive.server2.builtin.udf.blacklist
- [SENTRY-936] - getGroup and getUser should always return orginal hdfs values for paths in prefix which are not sentry managed
- [SENTRY-769] - [Improve error handling] Make sure groups in list_sentry_privileges_for_provider is not empty
- [SENTRY-888] - Exceptions in Callable tasks in MetaStoreCacheInitializer are being dropped
- [SENTRY-900] - User could access sentry metric info by curl without authorization
- [SENTRY-296] - Sentry Service Client does not allow for connection pooling
- [SENTRY-893] - Synchronize calls in SentryClient and create sentry client once per request in SimpleDBProvider
- [SENTRY-892] - parsePath should handle empty paths well
- [SENTRY-885] - DB name should be case insensitive in HDFS sync plugin
- [SENTRY-886] - HDFSIntegration test testAccessToTableDirectory should wait for cache refresh before verification
- [SENTRY-881] - Allow some metadata operations with column-level privileges
- [SENTRY-884] - Give execute permission by default to paths managed by sentry
- [SENTRY-841] - Revoke on SERVER scope breaks Client API, allows any string to be passed in
- [SENTRY-746] - After revoke select from view, select fails with a confusing error message
- [SENTRY-847] - [column level privilege] if grant column level privilege to user, show columns in table shouldn't require extra table level privilege
- [SENTRY-739] - when user doesn't have admin privileges, show grant throw exception, better improve error message
- [SENTRY-839] - posexplode() missing from HIVE_UDF_WHITE_LIST
- [SENTRY-878] - collect_list missing from HIVE_UDF_WHITE_LIST
- [SENTRY-860] - Fix intermittent test failure for TestPrivilegesAtFunctionScope.testFuncPrivileges1
- [SENTRY-850] - Fix dbprovider test failures when run on a real cluster or setMetastoreListener = true, when db/tab gets recreated their associated privileges will be deleted.
- [SENTRY-836] - Refactor test TestDatabaseProvider.java: make each test case independent from other tests, not assume any external states/data
- [SENTRY-842] - Fix typos in pom.xml
- [SENTRY-834] - Fix hive e2e real cluster failures in TestDbConnections, TestDbExportImportPrivileges, TestDbJDBCInterface
- [SENTRY-698] - Uncaught OutOfMemoryError
- [SENTRY-780] - HDFS Plugin should not execute path callbacks for views
- [SENTRY-827] - Server Scope always grants ALL
- [SENTRY-829] - Fix all sentry hive test failure in TestDbCrossDbOps class: create database/table, grant select on table to role, but drop database then recreate it, privileges are removed.
- [SENTRY-810] - CTAS without location is not verified properly
- [SENTRY-825] - SecureAdminHandler no longer pulls collection name for create correctly
- [SENTRY-823] - Clean up roles properly in TestHDFSIntegration
- [SENTRY-684] - Upgrade to Apache Curator 2.7.1
- [SENTRY-808] - Change default protocol version to V2
- [SENTRY-790] - Remove MetaStoreClient interface
- [SENTRY-801] - Update README: Does not compile with JDK8
- [SENTRY-806] - Fix unit test failure: TestMetastoreEndToEnd.testPartionInsert, java.lang.RuntimeException: Cannot make directory: hdfs://localhost:60362/tmp/hive-jenkins/hive_2015-07-09_21-50-34_878_9035087593722312500-1
- [SENTRY-799] - Fix sentry unit test error: TestDbEndToEnd.testBasic: Table t1 already exists
- [SENTRY-796] - Fix log levels in SentryAuthorizationInfo
- [SENTRY-805] - Reclassify CoreAdminHandler Actions
- [SENTRY-778] - CredentialProvider for Sentry DB password
- [SENTRY-792] - Throw underlying exception if SentryService start fails
- [SENTRY-800] - Oracle: first run A1.Scope invalid identifier
- [SENTRY-797] - TestHDFSIntegration#testEndToEnd is flaky
- [SENTRY-794] - TestHDFSIntegrationWithHA#testEnd2End fails
- [SENTRY-791] - java.lang.AbstractMethodError when using HDFS sync
- [SENTRY-788] - Fix mysql and postgres scripts of generalized model
- [SENTRY-776] - Sentry client should support cache based kerberos ticket for secure zookeeper connection
- [SENTRY-721] - HDFS Cascading permissions not applied to child file ACLs if a direct grant exists
- [SENTRY-752] - Sentry service audit log file name format should be consistent
- [SENTRY-744] - DB provider client should support grantServerPrivilege() method without action for backward compatibility
- [SENTRY-695] - Sentry service should read the hadoop group mapping properties from core-site
- [SENTRY-227] - Fix for "Unsupported entity type DUMMYPARTITION"
- [SENTRY-717] - Fix the UDF whitelist format for functions row_number and unbase64
- [SENTRY-702] - Hive binding should support RELOAD command
- [SENTRY-699] - Memory leak when running Sentry w/ HiveServer2
- [SENTRY-703] - Calls to add_partition fail when passed a Partition object with a null location
- [SENTRY-696] - Improve Metastoreplugin Cache Initialization time
- [SENTRY-687] - Handle authorization for 'select <expr>' hive queries
Improvement
- [SENTRY-2183] - Increase default sentry-hdfs rpc timeout to 20 mins
- [SENTRY-2194] - Upgrade Sentry hadoop-version dependency to 2.7.5
- [SENTRY-2165] - NotificationProcesser process notification methods have logs wrongly flagged as ERROR
- [SENTRY-2019] - Improve logging in SentryPlugin
- [SENTRY-1951] - Old SentryStore.retrieveFullPathsImage() should be removed
- [SENTRY-2031] - Add trigger mechanism for Sentry to pull full path snapshot from HMS
- [SENTRY-1992] - Improve parameter handling for SentryGenericProviderBackend
- [SENTRY-1966] - Improve logging of HMS sync data (paths and permissions) flowing from Sentry to NameNode
- [SENTRY-1963] - Sentry JSON reporter should use regular implementation for local file system
- [SENTRY-934] - Update plugin versions
- [SENTRY-1937] - Optimize performance for listing sentry roles by group name
- [SENTRY-1938] - Sentry logs to provide more relevant information
- [SENTRY-1932] - Improve logging for HMSPath
- [SENTRY-1906] - Sentry clients to retry connections to server with delay to avoid failing fast
- [SENTRY-1909] - Improvements for memory usage when full path snapshot is sent from Sentry to NN
- [SENTRY-1903] - TransactionManager shows retried transactions starting from 0
- [SENTRY-1907] - Potential memory optimization when handling big full snapshots.
- [SENTRY-1895] - Sentry should handle the case of multiple notifications with the same ID
- [SENTRY-1822] - Allow multiple Sentry reporters.
- [SENTRY-1892] - Reduce memory consumption of HMSPath$Entry and TPathEntry
- [SENTRY-1879] - Sentry e2e tests are trying to test without notification log
- [SENTRY-1803] - HMSFollower should handle the case of multiple notifications with the same ID
- [SENTRY-1856] - Persisting HMS snapshot and the notification-id to database in same transaction
- [SENTRY-1827] - Minimize TPathsDump thrift message used in HDFS sync
- [SENTRY-1854] - HMSFollower should handle notifications even if HDFS sync is disabled.
- [SENTRY-1869] - Try to use pool with idle connections first
- [SENTRY-1755] - Add HMSFollower per-operation metrics
- [SENTRY-1825] - Dropping a Hive database/table doesn't cleanup the permissions associated with it
- [SENTRY-1798] - Provide names for HMSFollower and cleaner threads
- [SENTRY-1760] - HMSFollower should detect when a full snapshot from HMS is required
- [SENTRY-1762] - notification id's in SENTRY_HMS_NOTIFICATION_ID should be purged periodically
- [SENTRY-1487] - Renaming SQL script for HMSPaths persistence
- [SENTRY-1697] - Deprecate feature flag for enabling notification log
- [SENTRY-1696] - Expose time spent creating the initial snapshot as a metric
- [SENTRY-1833] - Expose current set of IDs as Sentry metrics
- [SENTRY-1630] - out of sequence error in HMSFollower
- [SENTRY-1817] - Deprecate SENTRY_HA_ENABLED and all tests that use it
- [SENTRY-1815] - Send new HMS snapshots to HDFS requesting an old generation ID
- [SENTRY-1824] - SentryStore may serialize transactions that rely on unique key
- [SENTRY-1820] - Add JSON file reporter for Sentry metrics
- [SENTRY-1821] - Transactions could fail to commit to the database under load
- [SENTRY-1814] - Provide unit test for LeaderStatusMonitor
- [SENTRY-1781] - Persist new HMS snapshots with a new generation ID.
- [SENTRY-1805] - Define a DB schema for HMS generation IDs
- [SENTRY-1811] - Optimize data structures used in HDFS sync
- [SENTRY-1806] - Improve memory handling for HDFS sync
- [SENTRY-1782] - Add an HMS image ID to the thrift schema definition for hdfs/sentry requests
- [SENTRY-1796] - Add better debug logging for retrieving the delta changes
- [SENTRY-1794] - HMSFollower not persisting last processed notifications when partition is altered
- [SENTRY-1791] - Sentry Clients failover not working with kerberos enabled
- [SENTRY-1737] - SentryTransportFactory may use incorrect kerberos principal
- [SENTRY-1780] - FullUpdateInitializer does not kill the threads whenever getFullHMSSnapshot throws an exception
- [SENTRY-1792] - Ensure DB to sort delta changes by CHANGE_ID
- [SENTRY-1744] - Simplify creation of DelegateSentryStore
- [SENTRY-1730] - Remove FileInputStream/FileOutputStream
- [SENTRY-1556] - Simplify privilege cleaning
- [SENTRY-1625] - PrivilegeOperatePersistence can use QueryParamBuilder
- [SENTRY-1636] - Remove thrift dependency on fb303
- [SENTRY-1615] - SentryStore should not allocate empty objects that are immediately returned
- [SENTRY-1594] - TransactionBlock should become generic
- [SENTRY-1517] - SentryStore should actually use function getMSentryRole to get roles
- [SENTRY-1599] - CloseablePersistenceManager is no longer needed
- [SENTRY-1518] - Add metrics for SentryStore transactions
- [SENTRY-1507] - Sentry should use Datanucleus version of javax.jdo
- [SENTRY-1505] - CommitContext isn't used by anything and should be removed
- [SENTRY-1422] - JDO deadlocks while processing grant while a background thread processes Notificationlogs
- [SENTRY-1581] - Provide Log4J metrics reporter
- [SENTRY-1533] - Sentry console metrics reporting interval should be configurable
- [SENTRY-1577] - Support "create function using jar" for hive when Sentry is enabled
- [SENTRY-1564] - Improve error detection and reporting in MetastoreCacheInitializer.java
- [SENTRY-1582] - Comments to clarify the intent of string manipulation methods in SentryStore.java
- [SENTRY-1557] - getRolesForGroups() does too many trips to the the DB
- [SENTRY-1453] - Enable passing sentry client cache configs from kafka conf
- [SENTRY-1450] - Have privilege converter set by Kafka binding
- [SENTRY-1076] - Add SSL support, print version info on Sentry Service webpage
- [SENTRY-1292] - Reorder DBModelAction EnumSet
- [SENTRY-1293] - Avoid converting string permission to Privilege object
- [SENTRY-1269] - Converter vs Convertor is inconsistent
- [SENTRY-1119] - Allow data engines to specify the ActionFactory from configuration
- [SENTRY-1229] - Add caching to SentryGenericProviderBackend
- [SENTRY-1266] - Add ConfigTool tests to skipSlowAndNotThreadSafeTests blacklist
- [SENTRY-1233] - Logging improvements to SentryConfigToolSolr
- [SENTRY-480] - Create import tool that will load policy file about Solr into the DB store
- [SENTRY-832] - Clean dependences of sentry-provider-db
- [SENTRY-1052] - Sentry shell should use kerberos requestor and give better error messages for kerberos failures
- [SENTRY-972] - Include sentry-tests-hive hadoop test script in maven project
- [SENTRY-1015] - Improve Sentry + Hive error message when user does not have sufficient privileges to perform an operation
- [SENTRY-740] - Move the class PolicyFileConstants and KeyValue to provider-common
- [SENTRY-749] - Create simple shell for sentry
- [SENTRY-812] - Generate audit trail for Sentry generic model when authorization metadata change
- [SENTRY-590] - Client factory for generic authorization model
- [SENTRY-821] - Add thrift protocol version check for generic model
- [SENTRY-774] - *.rej files should be added to rat ignore list
- [SENTRY-537] - Refactor AbstractTestWithHiveServer to cut down some test cases runtime
- [SENTRY-565] - Improve performance of filtering Hive SHOW commands
- [SENTRY-843] - Add the link of wiki page in README.md
- [SENTRY-530] - Add thrift protocol version check
- [SENTRY-723] - Clean unused methods in HiveAuthzBindingHook
- [SENTRY-720] - Patch related files should be excluded from version control
New Feature
- [SENTRY-2027] - Create mechanism of delivering commands via WebUI
- [SENTRY-1853] - Add the log level access mechanism
- [SENTRY-1881] - PrivilegeOperatePersistence throws wrong type of exceptions
- [SENTRY-1208] - Make HOST implied in privileges if not specified explicitly.
- [SENTRY-1214] - Make Kafka resources/ Kafka Model case sensitive
- [SENTRY-1070] - Rename kafka.superusers -> super.users based on kafka docs
- [SENTRY-1188] - Fixes to get kerberos auth work.
- [SENTRY-1162] - Add shell for Sentry Kafka integration
- [SENTRY-1153] - Ensure AccessURI work with S3
- [SENTRY-1014] - Add end-to-end tests for Kafka
- [SENTRY-1057] - Add implementations for acls' CRUD
- [SENTRY-1113] - Fix test failures due to missing files.
- [SENTRY-1030] - Restrict Kafka Cluster authorizable to only have "kafka-cluster" as authorizable's name.
- [SENTRY-1098] - Make Kafka dependency as provided
- [SENTRY-1056] - Get service name from Kafka's server properties.
- [SENTRY-1029] - Address review comments for Kafka model that came after patch got committed.
- [SENTRY-1011] - Add Kafka binding
- [SENTRY-1013] - Add policy engine for Kafka
- [SENTRY-1012] - Add core model for Kafka
- [SENTRY-906] - Add concurrency sentry client tests
- [SENTRY-828] - Cleanup the unnecessary ProviderBackend
- [SENTRY-755] - HDFS access of data files should be disabled for user with privileges only on some columns
- [SENTRY-804] - Add Audit Log Support for Solr Sentry Handlers
Task
- [SENTRY-2226] - Support Hive operation ALTER TABLE EXCHANGE
- [SENTRY-950] - add column level test cases for select ... group by, order by and where
- [SENTRY-1520] - Provide mechanism for triggering HMS full snapshot
- [SENTRY-1047] - Use existing validators in SentryShellSolr
- [SENTRY-1032] - Implement group/role commands in solr shell
- [SENTRY-1038] - More strict checking of SOLR actions in shell
- [SENTRY-510] - Metrics collection for Sentry HDFS plugin
- [SENTRY-742] - Add describe, show/compute stats tests for column level privileges
- [SENTRY-758] - Add test cases for partition columns with column level privileges
Test
- [SENTRY-1390] - Add test cases to ensure usability of URI privileges for HMS binding
- [SENTRY-1489] - Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.
- [SENTRY-858] - Add a test case for - Database prefix is not honoured when executing grant statement
- [SENTRY-1497] - create a sentry scale test tool to add various objects and privileges into Sentry and HMS
- [SENTRY-1454] - Fix intermittent time out issue for TestHDFSIntegration
- [SENTRY-1299] - Add a test case to verify SentryStore#verifySentryStoreSchema works
- [SENTRY-583] - Add boundary condition test coverage to HDFS synchronization test suite around max #of groups
- [SENTRY-1108] - Improve surefire execution to run tests concurrently
- [SENTRY-955] - Add more meta data operation tests for column level privilege
- [SENTRY-748] - Improve test coverage of Sentry + Hive using complex views
- [SENTRY-824] - Enable column level privileges e2e tests on real cluster runs
- [SENTRY-485] - Add test coverage for auditing in E2E, secure environment
- [SENTRY-741] - Add a test case for hive query which creates dummy partition
Hive
Bug
- [HIVE-10895] - ObjectStore does not close Query objects in some calls, causing a potential leak in some metastore db resources