Thanks Kalyan. Those JIRAs are committed now and the 2.0 release is not blocked anymore. You may want to cut the branch now to freeze the 2.0 version.
- Sergio On Wed, Nov 22, 2017 at 9:13 AM, Kalyan Kumar Kalvagadda < [email protected]> wrote: > I have started the release process. As initial step I have moved all the > unresolved jira's to 2.1.0 release except for SENTRY-2062 and SENTRY-1812. > Please let me know if you want your changes to be part of sentry 2.0.0. I > will be cutting branch for sentry 2.0.0 later today. > > > -Kalyan > > On Mon, Oct 16, 2017 at 9:49 AM, Kalyan Kumar Kalvagadda < > [email protected]> wrote: > > > I feel, we should stop using the terms authz1 and authz2 now on as it can > > create confusion.. With the new approach we have taken there is no > authz1. Sentry > > binding that will be enabled by default uses functionality of both older > > bindings. > > > > -Kalyan > > > > On Mon, Oct 16, 2017 at 9:42 AM, Sergio Pena <[email protected]> > > wrote: > > > >> I won't be necessary to have both binding jars. But we will keep the > code > >> around for one more release and remove it later just as backup for us in > >> case we forgot to refactor something. > >> > >> On Mon, Oct 16, 2017 at 8:54 AM, Colm O hEigeartaigh < > [email protected] > >> > > >> wrote: > >> > >> > Sounds good thanks. Just one other query - will we still have two > >> separate > >> > binding jars for authz1 and authz2? > >> > > >> > Colm. > >> > > >> > On Mon, Oct 16, 2017 at 2:31 PM, Sergio Pena < > [email protected]> > >> > wrote: > >> > > >> > > Nop. The plan is to ship authz2 but only when grant/revoke tasks are > >> > > executed and HMS filters are used. The current HiveAuthzBinding > class > >> > will > >> > > still be used when a command is executed and Hive requests > >> authorization > >> > to > >> > > Sentry (this is part of the authz1 profile). Btw, the HMS server > side > >> > > checks still use MetastoreAuthzBinding.java in both authz1 and > authz2. > >> > > > >> > > The plans for Solr is to support the latest Solr 6.x which added > >> support > >> > > for authorization modules. Hrishikesh is a Solr contributor and is > >> > helping > >> > > us integrate it on SENTRY-1475 > >> > > <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was > just > >> > > released last month, but he said he already has the code for Solr 6, > >> but > >> > he > >> > > will try to see if Solr 7 is easy to do, but the initial > expectations > >> > were > >> > > to have Solr 6. > >> > > > >> > > What do you think about the plans? Any comments regarding about > them? > >> > Would > >> > > you like to see something else or different? > >> > > > >> > > Sergio. > >> > > > >> > > On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh < > >> > [email protected]> > >> > > wrote: > >> > > > >> > > > Hi Sergio, > >> > > > > >> > > > Is the plan to ship both the authz1 and authz2 bindings for Sentry > >> > 2.0.0? > >> > > > If so, which is recommended for use? Also, what are the plans to > >> get a > >> > > more > >> > > > recent version of Solr supported? > >> > > > > >> > > > Colm. > >> > > > > >> > > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <[email protected]> > >> wrote: > >> > > > > >> > > > > Kalyan, > >> > > > > > >> > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as > well. > >> > > > > > >> > > > > Lina > >> > > > > > >> > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda < > >> > > > > [email protected]> wrote: > >> > > > > > >> > > > > > Sasha, > >> > > > > > > >> > > > > > See my response in-line below > >> > > > > > > >> > > > > > -Kalyan > >> > > > > > > >> > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov < > >> > > > [email protected]> > >> > > > > > wrote: > >> > > > > > > >> > > > > > > Kalyan, > >> > > > > > > > >> > > > > > > Thank you for pushing forward 2.0 release! > >> > > > > > > > >> > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda < > >> > > > > > > [email protected]> wrote: > >> > > > > > > > > >> > > > > > > > Hello all, > >> > > > > > > > > >> > > > > > > > We need to release sentry HA functionality so that > community > >> > can > >> > > > > start > >> > > > > > > > using it. In this regard I proposed to have a sentry 1.9.0 > >> > > release > >> > > > as > >> > > > > > > there > >> > > > > > > > were some outstanding issues integrating with Hive. > >> Community > >> > was > >> > > > not > >> > > > > > > > positive on this proposal for various reasons. > >> > > > > > > > >> > > > > > > It would be great if you can summarize these reasons here > for > >> > > future > >> > > > > > > reference. > >> > > > > > > One major concern was that sentry 1.9.0 should still be > >> backward > >> > > > > > > compatible and work with Hive1.1. > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > > > >> > > > > > > > With recent findings we think we don't have to wait for > Hive > >> > > fixes. > >> > > > > > With > >> > > > > > > > the changes that are planned for below listed Jira's > sentry > >> > would > >> > > > > use a > >> > > > > > > > combination of Semantic Hooks and AuthV2 interface to > >> integrate > >> > > > with > >> > > > > > HIVE > >> > > > > > > > 2.0. > >> > > > > > > > >> > > > > > > In your earlier email regarding 1.9 release you also mention > >> > issues > >> > > > > with > >> > > > > > > moving up to Java 8 and some issues with Solr-7 integration. > >> Does > >> > > > this > >> > > > > > mean > >> > > > > > > that you have a better idea of how to deal with these issues > >> now? > >> > > > > > > Yes, Changes for java version bumup are under review and the > >> code > >> > > > > changes > >> > > > > > > for Solr-6 integration will be co > >> > > > > > > > >> > > > > > > > > >> > > > > > > > 1. SENTRY-1978 <https://issues.apache.org/ > >> > > > jira/browse/SENTRY-1978> > >> > > > > > > -Move > >> > > > > > > > the hive-authz2 grant/revoke implementation into the > >> > > > > > > sentry-binding-hive > >> > > > > > > > module > >> > > > > > > > >> > > > > > > This looks like “refactoring change” so it doesn’t actually > >> > change > >> > > > any > >> > > > > > > existing functionality - right? > >> > > > > > > > >> > > > > > This is not just refactoring. With this change Sentry would > use > >> the > >> > > > > > Schematic Hook implemented as part of Authv-2 support. Sentry > >> still > >> > > > would > >> > > > > > still continue using the older implementation for PreAnalyze > and > >> > > > > > PostAnalyze schematic hooks. > >> > > > > > > >> > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > 1. SENTRY-1980 <https://issues.apache.org/ > >> > > > jira/browse/SENTRY-1980 > >> > > > > >- > >> > > > > > > Move > >> > > > > > > > the hive-authz2 HMS client filtering implementation into > >> the > >> > > > > > > > sentry-binding-hive module. > >> > > > > > > > >> > > > > > > Same here - this seems to be a refactoring change which > >> doesn’t > >> > > > affect > >> > > > > > any > >> > > > > > > existing functionality. > >> > > > > > > This is not just refactoring. With this change Sentry would > >> use > >> > the > >> > > > > > > Schematic Hook implemented as part of Authv-2 support. > Sentry > >> > still > >> > > > > would > >> > > > > > > still continue using the older implementation for PreAnalyze > >> and > >> > > > > > > PostAnalyze schematic hooks. > >> > > > > > > I think you are referring to some planned follow-up work to > >> > > actually > >> > > > > > solve > >> > > > > > > the authorization problem for Hive 2 - right? Yes. > >> > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > I have created a umbrella jira for releasing Sentry 2.0 . > >> > > > > > > > > >> > > > > > > > 1. SENTRY-1982 <https://issues.apache.org/ > >> > > > jira/browse/SENTRY-1982> > >> > > > > > > -Release > >> > > > > > > > sentry 2.0.0 upstream > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > I have linked issues that are blocking the release. If you > >> see > >> > > any > >> > > > > > issue > >> > > > > > > > that is blocking please attach it to this jira. That way > we > >> can > >> > > fix > >> > > > > > them > >> > > > > > > > and clear all the road blocks for releasing SENTYR 2.0.0 > >> > > > > > > > >> > > > > > > What is your impression once you looked at these issues - do > >> you > >> > > > think > >> > > > > > > that you should be able to fix majority of these or do you > >> think > >> > > that > >> > > > > > these > >> > > > > > > ca nbe simply moved out of the release? > >> > > > > > > > >> > > > > > Issues blocking SENTRY-1982 should be fixed before sentry > 2.0.0 > >> is > >> > > > > > released. > >> > > > > > > >> > > > > > > >> > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > -Kalyan > >> > > > > > > > >> > > > > > > - Alex > >> > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > -- > >> > > > Colm O hEigeartaigh > >> > > > > >> > > > Talend Community Coder > >> > > > http://coders.talend.com > >> > > > > >> > > > >> > > >> > > >> > > >> > -- > >> > Colm O hEigeartaigh > >> > > >> > Talend Community Coder > >> > http://coders.talend.com > >> > > >> > > > > >
