Nop. The plan is to ship authz2 but only when grant/revoke tasks are executed and HMS filters are used. The current HiveAuthzBinding class will still be used when a command is executed and Hive requests authorization to Sentry (this is part of the authz1 profile). Btw, the HMS server side checks still use MetastoreAuthzBinding.java in both authz1 and authz2.
The plans for Solr is to support the latest Solr 6.x which added support for authorization modules. Hrishikesh is a Solr contributor and is helping us integrate it on SENTRY-1475 <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was just released last month, but he said he already has the code for Solr 6, but he will try to see if Solr 7 is easy to do, but the initial expectations were to have Solr 6. What do you think about the plans? Any comments regarding about them? Would you like to see something else or different? Sergio. On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > Hi Sergio, > > Is the plan to ship both the authz1 and authz2 bindings for Sentry 2.0.0? > If so, which is recommended for use? Also, what are the plans to get a more > recent version of Solr supported? > > Colm. > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <lina...@cloudera.com> wrote: > > > Kalyan, > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as well. > > > > Lina > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda < > > kkal...@cloudera.com> wrote: > > > > > Sasha, > > > > > > See my response in-line below > > > > > > -Kalyan > > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov < > ak...@cloudera.com> > > > wrote: > > > > > > > Kalyan, > > > > > > > > Thank you for pushing forward 2.0 release! > > > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda < > > > > kkal...@cloudera.com> wrote: > > > > > > > > > > Hello all, > > > > > > > > > > We need to release sentry HA functionality so that community can > > start > > > > > using it. In this regard I proposed to have a sentry 1.9.0 release > as > > > > there > > > > > were some outstanding issues integrating with Hive. Community was > not > > > > > positive on this proposal for various reasons. > > > > > > > > It would be great if you can summarize these reasons here for future > > > > reference. > > > > One major concern was that sentry 1.9.0 should still be backward > > > > compatible and work with Hive1.1. > > > > > > > > > > > > > > > > > > > With recent findings we think we don't have to wait for Hive fixes. > > > With > > > > > the changes that are planned for below listed Jira's sentry would > > use a > > > > > combination of Semantic Hooks and AuthV2 interface to integrate > with > > > HIVE > > > > > 2.0. > > > > > > > > In your earlier email regarding 1.9 release you also mention issues > > with > > > > moving up to Java 8 and some issues with Solr-7 integration. Does > this > > > mean > > > > that you have a better idea of how to deal with these issues now? > > > > Yes, Changes for java version bumup are under review and the code > > changes > > > > for Solr-6 integration will be co > > > > > > > > > > > > > > 1. SENTRY-1978 <https://issues.apache.org/ > jira/browse/SENTRY-1978> > > > > -Move > > > > > the hive-authz2 grant/revoke implementation into the > > > > sentry-binding-hive > > > > > module > > > > > > > > This looks like “refactoring change” so it doesn’t actually change > any > > > > existing functionality - right? > > > > > > > This is not just refactoring. With this change Sentry would use the > > > Schematic Hook implemented as part of Authv-2 support. Sentry still > would > > > still continue using the older implementation for PreAnalyze and > > > PostAnalyze schematic hooks. > > > > > > > > > > > > > > > > > > > > > > 1. SENTRY-1980 <https://issues.apache.org/ > jira/browse/SENTRY-1980 > > >- > > > > Move > > > > > the hive-authz2 HMS client filtering implementation into the > > > > > sentry-binding-hive module. > > > > > > > > Same here - this seems to be a refactoring change which doesn’t > affect > > > any > > > > existing functionality. > > > > This is not just refactoring. With this change Sentry would use the > > > > Schematic Hook implemented as part of Authv-2 support. Sentry still > > would > > > > still continue using the older implementation for PreAnalyze and > > > > PostAnalyze schematic hooks. > > > > I think you are referring to some planned follow-up work to actually > > > solve > > > > the authorization problem for Hive 2 - right? Yes. > > > > > > > > > > > > > > > > > > > > > > > > I have created a umbrella jira for releasing Sentry 2.0 . > > > > > > > > > > 1. SENTRY-1982 <https://issues.apache.org/ > jira/browse/SENTRY-1982> > > > > -Release > > > > > sentry 2.0.0 upstream > > > > > > > > > > > > > > > I have linked issues that are blocking the release. If you see any > > > issue > > > > > that is blocking please attach it to this jira. That way we can fix > > > them > > > > > and clear all the road blocks for releasing SENTYR 2.0.0 > > > > > > > > What is your impression once you looked at these issues - do you > think > > > > that you should be able to fix majority of these or do you think that > > > these > > > > ca nbe simply moved out of the release? > > > > > > > Issues blocking SENTRY-1982 should be fixed before sentry 2.0.0 is > > > released. > > > > > > > > > > > > > > > > > > > > > > > > > -Kalyan > > > > > > > > - Alex > > > > > > > > > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
