Sergio, I will do it today. Thanks for letting me know.
-Kalyan On Wed, Nov 22, 2017 at 6:03 PM, Sergio Pena <sergio.p...@cloudera.com> wrote: > Thanks Kalyan. > > Those JIRAs are committed now and the 2.0 release is not blocked anymore. > You may want to cut the branch now to freeze the 2.0 version. > > > - Sergio > > On Wed, Nov 22, 2017 at 9:13 AM, Kalyan Kumar Kalvagadda < > kkal...@cloudera.com> wrote: > > > I have started the release process. As initial step I have moved all the > > unresolved jira's to 2.1.0 release except for SENTRY-2062 and > SENTRY-1812. > > Please let me know if you want your changes to be part of sentry 2.0.0. I > > will be cutting branch for sentry 2.0.0 later today. > > > > > > -Kalyan > > > > On Mon, Oct 16, 2017 at 9:49 AM, Kalyan Kumar Kalvagadda < > > kkal...@cloudera.com> wrote: > > > > > I feel, we should stop using the terms authz1 and authz2 now on as it > can > > > create confusion.. With the new approach we have taken there is no > > authz1. Sentry > > > binding that will be enabled by default uses functionality of both > older > > > bindings. > > > > > > -Kalyan > > > > > > On Mon, Oct 16, 2017 at 9:42 AM, Sergio Pena <sergio.p...@cloudera.com > > > > > wrote: > > > > > >> I won't be necessary to have both binding jars. But we will keep the > > code > > >> around for one more release and remove it later just as backup for us > in > > >> case we forgot to refactor something. > > >> > > >> On Mon, Oct 16, 2017 at 8:54 AM, Colm O hEigeartaigh < > > cohei...@apache.org > > >> > > > >> wrote: > > >> > > >> > Sounds good thanks. Just one other query - will we still have two > > >> separate > > >> > binding jars for authz1 and authz2? > > >> > > > >> > Colm. > > >> > > > >> > On Mon, Oct 16, 2017 at 2:31 PM, Sergio Pena < > > sergio.p...@cloudera.com> > > >> > wrote: > > >> > > > >> > > Nop. The plan is to ship authz2 but only when grant/revoke tasks > are > > >> > > executed and HMS filters are used. The current HiveAuthzBinding > > class > > >> > will > > >> > > still be used when a command is executed and Hive requests > > >> authorization > > >> > to > > >> > > Sentry (this is part of the authz1 profile). Btw, the HMS server > > side > > >> > > checks still use MetastoreAuthzBinding.java in both authz1 and > > authz2. > > >> > > > > >> > > The plans for Solr is to support the latest Solr 6.x which added > > >> support > > >> > > for authorization modules. Hrishikesh is a Solr contributor and is > > >> > helping > > >> > > us integrate it on SENTRY-1475 > > >> > > <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was > > just > > >> > > released last month, but he said he already has the code for Solr > 6, > > >> but > > >> > he > > >> > > will try to see if Solr 7 is easy to do, but the initial > > expectations > > >> > were > > >> > > to have Solr 6. > > >> > > > > >> > > What do you think about the plans? Any comments regarding about > > them? > > >> > Would > > >> > > you like to see something else or different? > > >> > > > > >> > > Sergio. > > >> > > > > >> > > On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh < > > >> > cohei...@apache.org> > > >> > > wrote: > > >> > > > > >> > > > Hi Sergio, > > >> > > > > > >> > > > Is the plan to ship both the authz1 and authz2 bindings for > Sentry > > >> > 2.0.0? > > >> > > > If so, which is recommended for use? Also, what are the plans to > > >> get a > > >> > > more > > >> > > > recent version of Solr supported? > > >> > > > > > >> > > > Colm. > > >> > > > > > >> > > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <lina...@cloudera.com> > > >> wrote: > > >> > > > > > >> > > > > Kalyan, > > >> > > > > > > >> > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as > > well. > > >> > > > > > > >> > > > > Lina > > >> > > > > > > >> > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda < > > >> > > > > kkal...@cloudera.com> wrote: > > >> > > > > > > >> > > > > > Sasha, > > >> > > > > > > > >> > > > > > See my response in-line below > > >> > > > > > > > >> > > > > > -Kalyan > > >> > > > > > > > >> > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov < > > >> > > > ak...@cloudera.com> > > >> > > > > > wrote: > > >> > > > > > > > >> > > > > > > Kalyan, > > >> > > > > > > > > >> > > > > > > Thank you for pushing forward 2.0 release! > > >> > > > > > > > > >> > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda < > > >> > > > > > > kkal...@cloudera.com> wrote: > > >> > > > > > > > > > >> > > > > > > > Hello all, > > >> > > > > > > > > > >> > > > > > > > We need to release sentry HA functionality so that > > community > > >> > can > > >> > > > > start > > >> > > > > > > > using it. In this regard I proposed to have a sentry > 1.9.0 > > >> > > release > > >> > > > as > > >> > > > > > > there > > >> > > > > > > > were some outstanding issues integrating with Hive. > > >> Community > > >> > was > > >> > > > not > > >> > > > > > > > positive on this proposal for various reasons. > > >> > > > > > > > > >> > > > > > > It would be great if you can summarize these reasons here > > for > > >> > > future > > >> > > > > > > reference. > > >> > > > > > > One major concern was that sentry 1.9.0 should still be > > >> backward > > >> > > > > > > compatible and work with Hive1.1. > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > > > >> > > > > > > > With recent findings we think we don't have to wait for > > Hive > > >> > > fixes. > > >> > > > > > With > > >> > > > > > > > the changes that are planned for below listed Jira's > > sentry > > >> > would > > >> > > > > use a > > >> > > > > > > > combination of Semantic Hooks and AuthV2 interface to > > >> integrate > > >> > > > with > > >> > > > > > HIVE > > >> > > > > > > > 2.0. > > >> > > > > > > > > >> > > > > > > In your earlier email regarding 1.9 release you also > mention > > >> > issues > > >> > > > > with > > >> > > > > > > moving up to Java 8 and some issues with Solr-7 > integration. > > >> Does > > >> > > > this > > >> > > > > > mean > > >> > > > > > > that you have a better idea of how to deal with these > issues > > >> now? > > >> > > > > > > Yes, Changes for java version bumup are under review and > the > > >> code > > >> > > > > changes > > >> > > > > > > for Solr-6 integration will be co > > >> > > > > > > > > >> > > > > > > > > > >> > > > > > > > 1. SENTRY-1978 <https://issues.apache.org/ > > >> > > > jira/browse/SENTRY-1978> > > >> > > > > > > -Move > > >> > > > > > > > the hive-authz2 grant/revoke implementation into the > > >> > > > > > > sentry-binding-hive > > >> > > > > > > > module > > >> > > > > > > > > >> > > > > > > This looks like “refactoring change” so it doesn’t > actually > > >> > change > > >> > > > any > > >> > > > > > > existing functionality - right? > > >> > > > > > > > > >> > > > > > This is not just refactoring. With this change Sentry would > > use > > >> the > > >> > > > > > Schematic Hook implemented as part of Authv-2 support. > Sentry > > >> still > > >> > > > would > > >> > > > > > still continue using the older implementation for PreAnalyze > > and > > >> > > > > > PostAnalyze schematic hooks. > > >> > > > > > > > >> > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > 1. SENTRY-1980 <https://issues.apache.org/ > > >> > > > jira/browse/SENTRY-1980 > > >> > > > > >- > > >> > > > > > > Move > > >> > > > > > > > the hive-authz2 HMS client filtering implementation > into > > >> the > > >> > > > > > > > sentry-binding-hive module. > > >> > > > > > > > > >> > > > > > > Same here - this seems to be a refactoring change which > > >> doesn’t > > >> > > > affect > > >> > > > > > any > > >> > > > > > > existing functionality. > > >> > > > > > > This is not just refactoring. With this change Sentry > would > > >> use > > >> > the > > >> > > > > > > Schematic Hook implemented as part of Authv-2 support. > > Sentry > > >> > still > > >> > > > > would > > >> > > > > > > still continue using the older implementation for > PreAnalyze > > >> and > > >> > > > > > > PostAnalyze schematic hooks. > > >> > > > > > > I think you are referring to some planned follow-up work > to > > >> > > actually > > >> > > > > > solve > > >> > > > > > > the authorization problem for Hive 2 - right? Yes. > > >> > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > I have created a umbrella jira for releasing Sentry 2.0 > . > > >> > > > > > > > > > >> > > > > > > > 1. SENTRY-1982 <https://issues.apache.org/ > > >> > > > jira/browse/SENTRY-1982> > > >> > > > > > > -Release > > >> > > > > > > > sentry 2.0.0 upstream > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > I have linked issues that are blocking the release. If > you > > >> see > > >> > > any > > >> > > > > > issue > > >> > > > > > > > that is blocking please attach it to this jira. That way > > we > > >> can > > >> > > fix > > >> > > > > > them > > >> > > > > > > > and clear all the road blocks for releasing SENTYR 2.0.0 > > >> > > > > > > > > >> > > > > > > What is your impression once you looked at these issues - > do > > >> you > > >> > > > think > > >> > > > > > > that you should be able to fix majority of these or do you > > >> think > > >> > > that > > >> > > > > > these > > >> > > > > > > ca nbe simply moved out of the release? > > >> > > > > > > > > >> > > > > > Issues blocking SENTRY-1982 should be fixed before sentry > > 2.0.0 > > >> is > > >> > > > > > released. > > >> > > > > > > > >> > > > > > > > >> > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > -Kalyan > > >> > > > > > > > > >> > > > > > > - Alex > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > -- > > >> > > > Colm O hEigeartaigh > > >> > > > > > >> > > > Talend Community Coder > > >> > > > http://coders.talend.com > > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > -- > > >> > Colm O hEigeartaigh > > >> > > > >> > Talend Community Coder > > >> > http://coders.talend.com > > >> > > > >> > > > > > > > > >
