[ https://issues.apache.org/jira/browse/SENTRY-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634627#comment-16634627 ]
Hadoop QA commented on SENTRY-2300: ----------------------------------- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12942029/SENTRY-2300.001.patch against master. {color:red}Overall:{color} -1 due to 11 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.binding.metastore.TestSentrySyncHMSNotificationsPostEventListener {color:red}ERROR:{color} Failed: org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration {color:red}ERROR:{color} Failed: org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4159/console This message is automatically generated. > Move Permission Update due to DDL to HMS Post Event Listener > ------------------------------------------------------------ > > Key: SENTRY-2300 > URL: https://issues.apache.org/jira/browse/SENTRY-2300 > Project: Sentry > Issue Type: Bug > Components: Sentry > Affects Versions: 2.1.0, 2.2.0 > Reporter: Na Li > Assignee: Na Li > Priority: Major > Attachments: SENTRY-2300.001.patch > > > There was a code in MetastorePlugin that modified Sentry privileges on table > Create/Drop and database Create/Drop. As part of Sentry HA work we moved all > this logic from Sentry plugin to be driven by notifications which required > the extra synchronization between HMS and Sentry. > It should be possible to do permission changes in the post event listener > itself to avoid blocking for Sentry. This requires some experiments though > because it may cause strange artifacts since at the time these DDL operations > are done Sentry may not be aware of the current state - for example you may > try to change permissions of a table that Sentry doesn’t know about, which > seems to be OK. > This update will have the following benefits: > {code} > * HMS waits on Sentry polling HMS update takes 0.5 to 1 second. This update > will remove this delay > * Sentry knows every DDL update, and therefore can update permission > correctly. In current approach using notification processing, Sentry could > miss updates if full snapshot is fetched from HMS, and permission is not > updated correctly. In the case of table rename, when mission DDL update event > because of full snapshot, sentry will not move the permissions associated > with old table to the new table. And the authorization on queries on the > renamed table will fail. > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)