Release Notes - Sentry - Version 1.8.0

** New Feature
    * [SENTRY-711] - Implement grant user to role
    * [SENTRY-785] - Allow export of sentry for a specific auth object
    * [SENTRY-912] - Sentry integration with Apache Kafka
    * [SENTRY-1154] - Uber Jira for enabling Sentry with blob storage

** Improvement
    * [SENTRY-67] - Complete Hive Integration points
    * [SENTRY-480] - Create import tool that will load policy file about Solr into the DB store
    * [SENTRY-662] - SentryServiceIntegrationBase should use UGI based login
    * [SENTRY-807] - Grant on URI should prepend namenode prefix
    * [SENTRY-873] - [HMS HA] Have a HMS leader which would be responsible for sending path updates to Sentry
    * [SENTRY-990] - Improve load time for HMS paths + HDFS sync
    * [SENTRY-999] - Refactor the sentry to integrate with external components quickly
    * [SENTRY-1076] - Add SSL support, print version info on Sentry Service webpage
    * [SENTRY-1120] - Show role / privileges info in Sentry Service Webpage
    * [SENTRY-1168] - Fix some "major" issues identified by Sonarqube
    * [SENTRY-1205] - Refactor the code for sentry-provider-db and create sentry-service module
    * [SENTRY-1206] - Add document for how to integrate with Sentry
    * [SENTRY-1220] - Improve the import/export to support user scope
    * [SENTRY-1229] - Add caching to SentryGenericProviderBackend
    * [SENTRY-1233] - Logging improvements to SentryConfigToolSolr
    * [SENTRY-1235] - Some pom changes
    * [SENTRY-1251] - Move PolicyFileConstants to sentry-core-common
    * [SENTRY-1254] - Upgrading SQL script for implement grant user to role
    * [SENTRY-1268] - Add solr privilege convertor by default to solr binding
    * [SENTRY-1269] - Converter vs Convertor is inconsistent
    * [SENTRY-1290] - Performance improvement for ResourceAuthorizationProvider
    * [SENTRY-1297] - wget is not a default command on mac
    * [SENTRY-1404] - Use the new INodeAttributesProvider API in sentry-hdfs
    * [SENTRY-1406] - Refactor: move AuthorizationProvider out of sentry-provider-common
    * [SENTRY-1436] - Move PolicyFiles from sentry-provider-file to sentry-core-common
    * [SENTRY-1450] - Have privilege converter set by Kafka binding
    * [SENTRY-1470] - Apply Checkstyle changes to the core
    * [SENTRY-1501] - SentryStore shouldn't synchronize openTransaction() and commitUpdateTransaction()
    * [SENTRY-1505] - CommitContext isn't used by anything and should be removed
    * [SENTRY-1507] - Sentry should use Datanucleus version of javax.jdo
    * [SENTRY-1512] - Refactor the database transaction management
    * [SENTRY-1516] - Add gpg configuration to the root pom to enable deployment to Maven Central
    * [SENTRY-1517] - SentryStore should actually use function getMSentryRole to get roles
    * [SENTRY-1518] - Add metrics for SentryStore transactions
    * [SENTRY-1525] - Provide script to run Sentry directly from the repo
    * [SENTRY-1533] - Sentry console metrics reporting interval should be configurable
    * [SENTRY-1556] - Simplify privilege cleaning
    * [SENTRY-1557] - getRolesForGroups() does too many trips to the the DB
    * [SENTRY-1564] - Improve error detection and reporting in MetastoreCacheInitializer.java
    * [SENTRY-1577] - Support "create function using jar" for hive when Sentry is enabled
    * [SENTRY-1581] - Provide Log4J metrics reporter
    * [SENTRY-1582] - Comments to clarify the intent of string manipulation methods in SentryStore.java
    * [SENTRY-1594] - TransactionBlock should become generic
    * [SENTRY-1599] - CloseablePersistenceManager is no longer needed
    * [SENTRY-1615] - SentryStore should not allocate empty objects that are immediately returned
    * [SENTRY-1625] - PrivilegeOperatePersistence can use QueryParamBuilder
    * [SENTRY-1633] - Disable mvn failIfNotTest flag
    * [SENTRY-1636] - Remove thrift dependency on fb303
    * [SENTRY-1642] - Integrate Sentry build with Error Prone
    * [SENTRY-1730] - Remove FileInputStream/FileOutputStream
    * [SENTRY-1742] - Upgrade to Maven surefire plugin v2.2
    * [SENTRY-1744] - Simplify creation of DelegateSentryStore
    * [SENTRY-1811] - Optimize data structures used in HDFS sync
    * [SENTRY-1823] - Fix the sentryShell script to support other types
    * [SENTRY-1827] - Minimize TPathsDump thrift message used in HDFS sync
    * [SENTRY-1836] - Add sentry web service config in service template
    * [SENTRY-1846] - Use a consistent configuration variable for the sentry provider property

** Bug
    * [SENTRY-320] - show role grant group groupname should not throw an exception if group doesnt exist in db
    * [SENTRY-418] - org.mortbay.log package accidentally picked up in a few test classes
    * [SENTRY-522] - [Unit Test] TestExportImportPrivileges failed due to error "Couldn't access new HiveServer: "
    * [SENTRY-722] - Grant on URI should validate the required resource string format
    * [SENTRY-887] - Sentry Hive binding fails with NPE when authorizing permanent Hive UDFs
    * [SENTRY-933] - Some UTs in TestPrivilegesAtFunctionScope should have two arguments for “org.apache.hadoop.hive.ql.udf.generic.GenericUDFPrintf”
    * [SENTRY-947] - Improve error message in HDFS NN Plugin when unable to connect to Sentry
    * [SENTRY-951] - move hive warehouse dir to /hive, the dir doesn't have hive:hive as owner.
    * [SENTRY-961] - Remove fb303.thrift reference from thrift definitions
    * [SENTRY-1001] - Improve usability of URIs and URI privileges
    * [SENTRY-1020] - Action ALL is not recognized in the generic API
    * [SENTRY-1069] - [Unit Test Failure] Fix TestAuditLogForSentryGenericService
    * [SENTRY-1094] - SentryMetastorePostEventListener.onAlterTable should check for null dereference
    * [SENTRY-1101] - When edit log for HDFS sync in Sentry Server is full, the next Path update is not correctly setup
    * [SENTRY-1184] - Clean up HMSPaths.renameAuthzObject
    * [SENTRY-1190] - IMPORT TABLE silently fails if Sentry is enabled
    * [SENTRY-1193] - Add SQL upgrade script for 1.8.0
    * [SENTRY-1201] - Sentry ignores database prefix for MSCK statement
    * [SENTRY-1209] - Sentry does not block Hive's cross-schema table renames
    * [SENTRY-1212] - Small authorization and compatibility checking bugs in Sentry conversion tool
    * [SENTRY-1213] - Remove unnecessary file
    * [SENTRY-1215] - Sentry's db provider makes privileges case insensitive.
    * [SENTRY-1216] - [unit test failure] disable sentry ha tests for now; add time out for each test class/method; fix trainsient junit time out issue
    * [SENTRY-1218] - [unit test failure] testFuncPrivileges1 takes more than 180s to finish so keep failing the test suites
    * [SENTRY-1228] - SimpleFileProviderBackend error message missing spaces
    * [SENTRY-1230] - Add basic testing workflow to test Sentry with Hive storage on S3
    * [SENTRY-1236] - Bump thrift version to 0.9.3
    * [SENTRY-1250] - Document kafka integration with sentry
    * [SENTRY-1252] - grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified
    * [SENTRY-1253] - SentryShellKafka is incorrectly setting component as "KAFKA"
    * [SENTRY-1260] - Improve error handling - ArrayIndexOutOfBoundsException in PathsUpdate.parsePath can cause MetastoreCacheInitializer intialization to fail
    * [SENTRY-1265] - Sentry service should not require a TGT as it is not talking to other kerberos services as a client
    * [SENTRY-1270] - Improve error handling - Database with malformed URI causes NPE in HMS plugin during DDL
    * [SENTRY-1294] - Fix the management problem for dependency's version
    * [SENTRY-1302] - Update Hive V2 after moving Exception to sentry-core-common module
    * [SENTRY-1311] - Improve usability of URI privileges by supporting mixed use of URIs with and without scheme
    * [SENTRY-1312] - HDFS_PERMISSION_DEFAULT does not parse correctly
    * [SENTRY-1313] - Database prefix is not honoured when executing grant statement
    * [SENTRY-1320] - truncate table db_name.table_name fails
    * [SENTRY-1334] - [column level privileges] test and add test for CTAS and Create View AS SELECT (cross databases cases)
    * [SENTRY-1345] - ACLS on table folder disappear after insert for unpartitioned tables
    * [SENTRY-1346] - add a test case into hdfs acl e2e suite to test a db.tbl without partition, can take more than certain number groups
    * [SENTRY-1354] - add column level test cases for select ... group by, order by and where in V2
    * [SENTRY-1357] - SentryMetastorePostEventListenerBase.onAlterTable should check for null dereference
    * [SENTRY-1376] - Fix alter property case correctly - Deletes ACLS on the table
    * [SENTRY-1401] - In V2, show role grant group groupname should not throw an exception if group doesnt exist in db.
    * [SENTRY-1405] - Add test for "show grant role on all " command in V2
    * [SENTRY-1410] - Enable sentry ha, validate is able to read active sentry server
    * [SENTRY-1438] - Move PolicyFiles from sentry-provider-file to sentry-core-common in V2
    * [SENTRY-1447] - When s3 is configured as HDFS defaultFS and Hive Warehouse Dir, need to fix some e2e test failures. For example, TestDbHdfsMaxGroups.java.
    * [SENTRY-1459] - Alter view with HMS Client fails with "java.lang.IllegalArgumentException: Can not create a Path from a null string"
    * [SENTRY-1464] - Sentry e2e test failure in org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions.testAlterPartitionLocationPrivileges
    * [SENTRY-1471] - TestHDFSIntegrationBase.java implements HDFS ACL checking and query verification incorrectly
    * [SENTRY-1476] - SentryStore is subject to JDQL injection
    * [SENTRY-1479] - Apply Checkstyle to sentry-policy module
    * [SENTRY-1486] - Sentry should use repeatable-read consistency level
    * [SENTRY-1491] - Sentry transactions are not rolled back immediately when commit fails
    * [SENTRY-1504] - NPE in log4j.properties parsing
    * [SENTRY-1508] - MetastorePlugin.java does not handle properly initialization failure
    * [SENTRY-1515] - Cleanup exception handling in SentryStore
    * [SENTRY-1524] - sentry-dist is missing dependency on sentry-hdfs-dist
    * [SENTRY-1526] - Sentry processed stays alive after being killed
    * [SENTRY-1532] - Sentry Web UI isn't working
    * [SENTRY-1534] - Oracle supports serializable instead of repeatable-read
    * [SENTRY-1546] - Generic Policy provides bad error messages for Sentry exceptions
    * [SENTRY-1548] - Setting GrantOption to UNSET upsets Sentry
    * [SENTRY-1586] - [unit test] Race condition between metastore server/client could cause connection refused errors
    * [SENTRY-1605] - SENTRY-1508 need to be fixed because of Kerberos initialization issue
    * [SENTRY-1609] - DelegateSentryStore is subject to JDQL injection
    * [SENTRY-1624] - DefaultSentryValidator doesn't correctly construct SentryOnFailureHookContextImpl
    * [SENTRY-1644] - Partition ACLs disappear after renaming Hive table with partitions
    * [SENTRY-1646] - Unable to truncate table <database>.<tablename>; from "default" databases
    * [SENTRY-1658] - Null pointer dereference in SentryShellHive
    * [SENTRY-1663] - UpdateableAuthzPermissions has mutable static fields
    * [SENTRY-1665] - cross-site scripting vulnerability in ConfServlet
    * [SENTRY-1683] - MetastoreCacheInitializer has a race condition in handling results list
    * [SENTRY-1727] - HMSPathsDumper.cloneToEntry should set authzObjToEntries properly
    * [SENTRY-1759] - UpdatableCache leaks connections
    * [SENTRY-1783] - alterSentryRoleGrantPrivilegeCore does more persistence work than required
    * [SENTRY-1785] - Fix TestKrbConnectionTimeout test
    * [SENTRY-1788] - Sentry Store may use JDO object after the associated data is removed in DB
    * [SENTRY-1801] - Sentry Namenode Plugin should handle unknown permissions
    * [SENTRY-1844] - When setting web authentication type to none, sentry fails to start
    * [SENTRY-1845] - LOAD + OVERWRITE not supported in Hive v2. plugin

** Task
    * [SENTRY-950] - add column level test cases for select ... group by, order by and where
    * [SENTRY-1131] - Add document for Generate audit trail for Sentry generic model in wiki
    * [SENTRY-1171] - Please delete old releases from mirroring system
    * [SENTRY-1255] - Pull out client dependencies from sentry-provider-db
    * [SENTRY-1276] - Bump hadoop version to 2.6.1
    * [SENTRY-1315] - Add an interface in WebUI to request for a Sentry full update
    * [SENTRY-1431] - Sentry HA test HMSFollower during failover
    * [SENTRY-1456] - SENTRY-1454 follow up: Commit message and rat check failure
    * [SENTRY-1520] - Provide mechanism for triggering HMS full snapshot

** Sub-task
    * [SENTRY-726] - Update thrift API for grant user to role
    * [SENTRY-727] - Update jdo model for grant user to role
    * [SENTRY-728] - Update audit log for grant user to role
    * [SENTRY-729] - Update binding-hive for grant user to role
    * [SENTRY-730] - Update policy engine for grant user to role
    * [SENTRY-731] - Update provider-backend for grant user to role
    * [SENTRY-733] - Update notification handler for grant user to role
    * [SENTRY-734] - Update SentryPolicyStoreProcessor for grant user to role
    * [SENTRY-735] - Update AuthorizationProvider and e2e test for grant user to role
    * [SENTRY-840] - Do not allow async initial updater of MetaStore cache
    * [SENTRY-875] - Make update log size configurable in UpdateForwarder
    * [SENTRY-1004] - Create CommonPrivilege for external component
    * [SENTRY-1024] - Document for Sentry Kafka integration
    * [SENTRY-1026] - Fix PMD tag for unused field.
    * [SENTRY-1042] - Create CommonPolicy for external component
    * [SENTRY-1070] - Rename kafka.superusers -> super.users based on kafka docs
    * [SENTRY-1074] - Refactor ResourceAuthorizationProvider with CommonPrivilege and CommonPolicy
    * [SENTRY-1086] - Add permission check and test case for alter db set owner
    * [SENTRY-1089] - Move validator from sentry-policy-xxx to sentry-core-model-xxx
    * [SENTRY-1090] - Improvement for CommonPrivilege
    * [SENTRY-1091] - Create Model for specific components
    * [SENTRY-1092] - Move Class KeyValue and PolicyConstants to sentry-core-common
    * [SENTRY-1093] - Refactor the constructor of PolicyEngine
    * [SENTRY-1103] - Authorizable names' case sensitivity must be decided by plugins
    * [SENTRY-1104] - Add method in Privilege model to create privilege validators
    * [SENTRY-1115] - Add caching to avoid huge performance hit
    * [SENTRY-1123] - Add test cases for Hive, Solr, Index, Sqoop with the CommonPrivilege
    * [SENTRY-1127] - Move test cases from sentry-policy-xxx to sentry-binding-xxx
    * [SENTRY-1153] - Ensure AccessURI work with S3
    * [SENTRY-1158] - Remove unnecessary sentry-policy-xxx
    * [SENTRY-1160] - Enable dist for kafka-binding
    * [SENTRY-1166] - Update default value for sentry.hive.server in Sentry wiki
    * [SENTRY-1175] - Improve usability of URI privileges when granting URIs
    * [SENTRY-1176] - Update thrift API for export with specific auth object
    * [SENTRY-1177] - Update SentryStore for export with specific auth object
    * [SENTRY-1178] - Update Sentry Policy Service for export with specific auth object
    * [SENTRY-1179] - Update Sentry config tool for export with specific auth object
    * [SENTRY-1199] - Update wiki page for export with specific auth object
    * [SENTRY-1203] - Rebase the code
    * [SENTRY-1208] - Make HOST implied in privileges if not specified explicitly.
    * [SENTRY-1214] - Make Kafka resources/ Kafka Model case sensitive
    * [SENTRY-1221] - Improve the SentryStore and thrift api for import/export with user scope
    * [SENTRY-1222] - Improve SentryIniPolicyFileFormatter to support user section in .ini file
    * [SENTRY-1225] - Improve SentryPolicyServiceClientDefaultImpl to support user section with import/export
    * [SENTRY-1258] - Mysql upgrade SQL script for implement grant user to role
    * [SENTRY-1261] - Derby upgrade SQL script for implement grant user to role
    * [SENTRY-1262] - Oracle upgrade SQL script for implement grant user to role
    * [SENTRY-1263] - Postgres upgrade SQL script for implement grant user to role
    * [SENTRY-1272] - Enable ALTERVIEW_RENAME and ALTERVIEW_AS  operation in hive binding
    * [SENTRY-1278] - DB2 upgrade SQL script for implement grant user to role
    * [SENTRY-1283] - Enable alter table operation without outputs in hive binding
    * [SENTRY-1286] - Create sentry-service-common module
    * [SENTRY-1287] - Create sentry-service-server module
    * [SENTRY-1288] - Create sentry-service-client module
    * [SENTRY-1289] - Move exception to sentry-core-common module
    * [SENTRY-1291] - SimpleCacheProviderBackend.getPrivileges should return the permission based on authorizationhierarchy
    * [SENTRY-1292] - Reorder DBModelAction EnumSet
    * [SENTRY-1293] - Avoid converting string permission to Privilege object
    * [SENTRY-1304] - Enable CREATEMACRO and DROPMACRO  operations in hive binding
    * [SENTRY-1319] - Add metrics for isActive and isHA
    * [SENTRY-1327] - Enable "show grant role roleName on all" command
    * [SENTRY-1337] - Move GroupMappingService from sentry-provider-common to sentry-core-common
    * [SENTRY-1344] - Move AuthorizationComponent from sentry-provider-common to sentry-core-common
    * [SENTRY-1348] - Move HA related class from sentry-provider-db to sentry-service-common
    * [SENTRY-1349] - Add permission check and test case for alter db set owner in V2
    * [SENTRY-1351] - Enable alter table operation without outputs  in V2
    * [SENTRY-1352] - Enable CREATEMACRO and DROPMACRO operations in V2
    * [SENTRY-1358] - Implement Grant role_name To User user_name in V2
    * [SENTRY-1359] - Implement SHOW ROLE GRANT USER user_name in V2
    * [SENTRY-1360] - Refactor grantPrivilege of Sentry Client
    * [SENTRY-1361] - Refactor revokePrivilege of Sentry Client
    * [SENTRY-1363] - Clean all pom.xml
    * [SENTRY-1369] - Fix compile error for sentry-binding-hive-v2
    * [SENTRY-1377] - improve handling of failures, both in tests and after-test cleanup, in TestHDFSIntegration.java
    * [SENTRY-1394] - Fix compile error for sentry-test-hive-v2
    * [SENTRY-1454] - Fix intermittent time out issue for TestHDFSIntegration
    * [SENTRY-1651] - Port SENTRY-1404 to sentry-ha-redesign
    * [SENTRY-1652] - Port SENTRY-1464 to sentry-ha-redesign
    * [SENTRY-1655] - Port SENTRY-1471 to sentry-ha-redesign
    * [SENTRY-1656] - Port Sentry-1459 to sentry-ha-redesign
    * [SENTRY-1857] - Create new branch (branch-1.8) based on master

** Test
    * [SENTRY-583] - Add boundary condition test coverage to HDFS synchronization test suite around max #of groups
    * [SENTRY-858] - Add a test case for - Database prefix is not honoured when executing grant statement 
    * [SENTRY-1108] - Improve surefire execution to run tests concurrently
    * [SENTRY-1134] - Add user defined udf test case
    * [SENTRY-1266] - Add ConfigTool tests to skipSlowAndNotThreadSafeTests blacklist
    * [SENTRY-1299] - Add a test case to verify SentryStore#verifySentryStoreSchema works
    * [SENTRY-1390] - Add test cases to ensure usability of URI privileges for HMS binding
    * [SENTRY-1391] - Add more test cases for perm and temp UDF
    * [SENTRY-1402] - Add TestGrantUserToRole to V2
    * [SENTRY-1489] - Categorize e2e tests into slow and regular tests, so that can adapt the timeout and etc.
    * [SENTRY-1497] - create a sentry scale test tool to add various objects and privileges into Sentry and HMS
    * [SENTRY-1503] - Remove all sequence ID checks from TestSentryStore
    * [SENTRY-1809] - Use Apache Curator in the Kafka tests
