[jira] [Commented] (SENTRY-947) Improve error message in HDFS NN Plugin when unable to connect to Sentry

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313080#comment-15313080
 ] 

Sravya Tirukkovalur commented on SENTRY-947:


Thanks for your contribution [~vramasamy]! 
+1. LGTM. Pending precommit run.

> Improve error message in HDFS NN Plugin when unable to connect to Sentry
> 
>
> Key: SENTRY-947
> URL: https://issues.apache.org/jira/browse/SENTRY-947
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Affects Versions: 1.6.0
>Reporter: Lenni Kuff
>Assignee: Venkatesh Ramasamy
> Attachments: SENTRY-947.patch
>
>
> The error we currently get is:
> {code}
> ERROR org.apache.sentry.hdfs.SentryUpdater: Error connecting to Sentry 
> ['null'] !!
> {code}
> This isn't very useful and we should include more information in the error or 
> drop the 'null' part. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-918) Upgrade hive version 1.1.0 to the recent ones to include hive side fixes.

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313051#comment-15313051
 ] 

Sravya Tirukkovalur commented on SENTRY-918:


We already on 1.1.0, can we close this jira?

> Upgrade hive version 1.1.0 to the recent ones to include hive side fixes.
> -
>
> Key: SENTRY-918
> URL: https://issues.apache.org/jira/browse/SENTRY-918
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.5.1, 1.6.0
>Reporter: Anne Yu
>
> We recently found some sentry bugs because of older Hive version. For 
> example, SENTRY-745, we could bump up Hive version to include the most recent 
> fixes, for example, HIVE-10875.
> [~lskuff], [~sravya], [~guoquan], [~colin_mjj], file a jira here to track 
> this issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-975) [Unit test failure] Investigate failure and re-enable TestConnectionWithTicketTimeout.testConnectionAfterTicketTimeout

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-975?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-975.

Resolution: Cannot Reproduce
  Assignee: Sravya Tirukkovalur

It was disabled in the test runs as it sleeps for 5 minutes to be able to check 
ticket expiration. Let me know if you all think 5 mins is fine and would prefer 
enabling the test. I just ran this test locally as I was working on a kerberos 
related item and test passes.

> [Unit test failure] Investigate failure and re-enable 
> TestConnectionWithTicketTimeout.testConnectionAfterTicketTimeout
> --
>
> Key: SENTRY-975
> URL: https://issues.apache.org/jira/browse/SENTRY-975
> Project: Sentry
>  Issue Type: Bug
>  Components: Test
>Affects Versions: 1.7.0
>Reporter: Lenni Kuff
>Assignee: Sravya Tirukkovalur
>
> In SENTRY-515 
> TestConnectionWithTicketTimeout.testConnectionAfterTicketTimeout was disabled 
> because it was causing test failures. We should investigate this further to 
> understand the root cause and fix the problem.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-947) Improve error message in HDFS NN Plugin when unable to connect to Sentry

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-947:
---
Status: Patch Available  (was: Open)

> Improve error message in HDFS NN Plugin when unable to connect to Sentry
> 
>
> Key: SENTRY-947
> URL: https://issues.apache.org/jira/browse/SENTRY-947
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Affects Versions: 1.6.0
>Reporter: Lenni Kuff
>Assignee: Venkatesh Ramasamy
> Attachments: SENTRY-947.patch
>
>
> The error we currently get is:
> {code}
> ERROR org.apache.sentry.hdfs.SentryUpdater: Error connecting to Sentry 
> ['null'] !!
> {code}
> This isn't very useful and we should include more information in the error or 
> drop the 'null' part. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-853) Handle show grant on failure correctly

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-853:
---
Issue Type: Improvement  (was: Bug)

> Handle show grant on  failure correctly
> -
>
> Key: SENTRY-853
> URL: https://issues.apache.org/jira/browse/SENTRY-853
> Project: Sentry
>  Issue Type: Improvement
>Reporter: Sravya Tirukkovalur
>
> {noformat}
> 0: jdbc:hive2://a2110.halxg.cloudera.com:1000> show grant on table pageviews;
> Error: Error while compiling statement: FAILED: SemanticException Sentry does 
> not allow privileges to be granted/revoked to/from: USER 
> (state=42000,code=4)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-351) Hive bindings should use the Database entity to extract database name

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313092#comment-15313092
 ] 

Sravya Tirukkovalur commented on SENTRY-351:


[~vspector] will you be interested in picking this up?

> Hive bindings should use the Database entity to extract database name
> -
>
> Key: SENTRY-351
> URL: https://issues.apache.org/jira/browse/SENTRY-351
> Project: Sentry
>  Issue Type: Improvement
>Affects Versions: 1.4.0
>Reporter: Prasad Mujumdar
> Attachments: SENTRY-351.001.patch
>
>
> Hive bindings with Hive 0.13 should use the Database entity to extract 
> database name instead of extracting the database from compiler structure. 
> This will simplify the binding code that's currently tied to Hive compiler 
> internals.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-947) Improve error message in HDFS NN Plugin when unable to connect to Sentry

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-947:
---
Assignee: Venkatesh Ramasamy

> Improve error message in HDFS NN Plugin when unable to connect to Sentry
> 
>
> Key: SENTRY-947
> URL: https://issues.apache.org/jira/browse/SENTRY-947
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Affects Versions: 1.6.0
>Reporter: Lenni Kuff
>Assignee: Venkatesh Ramasamy
> Attachments: SENTRY-947.patch
>
>
> The error we currently get is:
> {code}
> ERROR org.apache.sentry.hdfs.SentryUpdater: Error connecting to Sentry 
> ['null'] !!
> {code}
> This isn't very useful and we should include more information in the error or 
> drop the 'null' part. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-462) Unable to get exception when sentry service down after initialize HadoopGroupResourceAuthorization

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-462:
---
Issue Type: Improvement  (was: Bug)

> Unable to get exception when sentry service down after initialize 
> HadoopGroupResourceAuthorization
> --
>
> Key: SENTRY-462
> URL: https://issues.apache.org/jira/browse/SENTRY-462
> Project: Sentry
>  Issue Type: Improvement
>Affects Versions: 1.4.0
>Reporter: Johnson Lin
>
> Our project is integrating sentry and we find a problem when we stop sentry 
> service(or make the sentry service crashed) after initialize 
> HadoopGroupResourceAuthorizationProvider. That is to say 
> SimpleDBProviderBackend can't throw exception and only return an ImmutableSet 
> which size is 0 when sentry service down. We found that the method 
> getPrivileges in SimpleDBProviderBackend catch the exception and just print 
> the message like "Unable to obtain privileges from server: ". Is that make 
> sense. The problem is the module which use sentry cannot get clearly reason 
> that  sentry service crash or use has not permission to some hive table.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1232) Evaluate SKEWED_COL_VALUE_LOC_MAP for Sentry HDFS sync

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1232:

Issue Type: Task  (was: Improvement)

> Evaluate SKEWED_COL_VALUE_LOC_MAP for Sentry HDFS sync
> --
>
> Key: SENTRY-1232
> URL: https://issues.apache.org/jira/browse/SENTRY-1232
> Project: Sentry
>  Issue Type: Task
>Reporter: Sravya Tirukkovalur
>
> Permissions for all locations that map to a Hive Object are synced by the 
> hdfs sentry plugin. Seems like we may need to evaluate and confirm we are 
> handling the locations in SKEWED_COL_VALUE_LOC_MAP table in HMS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-947) Improve error message in HDFS NN Plugin when unable to connect to Sentry

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15313084#comment-15313084
 ] 

Sravya Tirukkovalur commented on SENTRY-947:


Can you change the status to "patch available" so that precommit build will be 
triggered? Although this is a comment only change, we usually only commit 
changes after regression tests pass.

> Improve error message in HDFS NN Plugin when unable to connect to Sentry
> 
>
> Key: SENTRY-947
> URL: https://issues.apache.org/jira/browse/SENTRY-947
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Affects Versions: 1.6.0
>Reporter: Lenni Kuff
>Assignee: Venkatesh Ramasamy
> Attachments: SENTRY-947.patch
>
>
> The error we currently get is:
> {code}
> ERROR org.apache.sentry.hdfs.SentryUpdater: Error connecting to Sentry 
> ['null'] !!
> {code}
> This isn't very useful and we should include more information in the error or 
> drop the 'null' part. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-947) Improve error message in HDFS NN Plugin when unable to connect to Sentry

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-947:
---
   Resolution: Fixed
Fix Version/s: 1.8.0
   Status: Resolved  (was: Patch Available)

Committed to master. Thank you for your first contribution [~vramasamy]!

> Improve error message in HDFS NN Plugin when unable to connect to Sentry
> 
>
> Key: SENTRY-947
> URL: https://issues.apache.org/jira/browse/SENTRY-947
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Affects Versions: 1.6.0
>Reporter: Lenni Kuff
>Assignee: Venkatesh Ramasamy
> Fix For: 1.8.0
>
> Attachments: SENTRY-947.patch
>
>
> The error we currently get is:
> {code}
> ERROR org.apache.sentry.hdfs.SentryUpdater: Error connecting to Sentry 
> ['null'] !!
> {code}
> This isn't very useful and we should include more information in the error or 
> drop the 'null' part. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1295) Investigate malformed paths in HMS db

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15319239#comment-15319239
 ] 

Sravya Tirukkovalur commented on SENTRY-1295:
-

Another data point:
null location for partition.

> Investigate malformed paths in HMS db
> -
>
> Key: SENTRY-1295
> URL: https://issues.apache.org/jira/browse/SENTRY-1295
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>
> Paths in HMS are expected to be in one of these forms:
> * hdfs://hostname:port/path
> * hdfs:///path
> * /path, in which case, scheme will be constructed from 
> FileSystem.getDefaultURI
> * URIs with non hdfs scheme will just be ignored
> I came across atleast 2 sentry users where HMS did have paths which do not 
> comply with above rules and hence HMS plugin initialization for pathupdates 
> failed. See sentry-1260 and sentry-1270 for details on how these errors 
> surface. 
> With 1260 and 1270 we should have more information on what these malformed 
> paths were. But we should continue to investigate and fix the root cause, It 
> would most likely be in HMS code base. Until then, here is how you can 
> diagnose and fix it manually:
> *Look for malformed paths in HMS* : Look in DBS as well as SDS tables.
> {code}
> SELECT "NAME", "DB_LOCATION_URI" FROM "DBS" WHERE NOT "DB_LOCATION_URI" LIKE 
> 'hdfs://%/%';
> NAME | DB_LOCATION_URI 
> ---+
> db_name | hdfs://nameservice1
> (1 row)
> {code}
> *Fix it manually updating the HMS location*
> {code}
> UPDATE DBS
> SET DB_LOCATION_URI='hdfs://nameservice1/user/hive/warehouse/db_name.db'
> WHERE DB_ID=12345;
> {code}
> Lets track occurrences of these malformed paths here:
> * hdfs://nameservice1 : Not sure why would any one create a db/table in root 
> directory? Should we accept this in Sentry?
> What does SKEWED_COL_VALUE_LOC_MAP.location in HMS correspond to? Double 
> check if there are any malformed paths here?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1316) Implement Sentry leadership election

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1316:
---

 Summary: Implement Sentry leadership election
 Key: SENTRY-1316
 URL: https://issues.apache.org/jira/browse/SENTRY-1316
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1315) Add an interface in WebUI to request for a Sentry full update

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1315:

Component/s: (was: Hdfs Plugin)

> Add an interface in WebUI to request for a Sentry full update
> -
>
> Key: SENTRY-1315
> URL: https://issues.apache.org/jira/browse/SENTRY-1315
> Project: Sentry
>  Issue Type: Task
>Reporter: Hao Hao
>Assignee: Hao Hao
>
> It would be benefit for debuggability and supportability to have a use 
> interface for requesting a full Sentry update for HDFS sync feature.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1318) Persist HMS DDL changes to NotificationLog

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1318:
---

 Summary: Persist HMS DDL changes to NotificationLog
 Key: SENTRY-1318
 URL: https://issues.apache.org/jira/browse/SENTRY-1318
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1318) Persist HMS DDL changes to NotificationLog and use HMS API to get recent notifications

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1318:

Summary: Persist HMS DDL changes to NotificationLog and use HMS API to get 
recent notifications  (was: Persist HMS DDL changes to NotificationLog)

> Persist HMS DDL changes to NotificationLog and use HMS API to get recent 
> notifications
> --
>
> Key: SENTRY-1318
> URL: https://issues.apache.org/jira/browse/SENTRY-1318
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-709) Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-709:
---
Priority: Critical  (was: Major)

> Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider
> 
>
> Key: SENTRY-709
> URL: https://issues.apache.org/jira/browse/SENTRY-709
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Reporter: Arun Suresh
>Assignee: Sravya Tirukkovalur
>Priority: Critical
>  Labels: integration, roadmap
> Attachments: SENTRY-709.1.patch, SENTRY-709.2.patch, 
> SENTRY-709.2.patch
>
>
> Sentry HDFS namenode plugin uses a pre-committed version of the HDFS 
> AuthorizationProvider interface. HADOOP 2.7.0 will ship with the new 
> INodeAttributesProvider interface.
> The Namenode plugin has to be refactored to use this new interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-709) Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-709:
---
Component/s: Hdfs Plugin

> Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider
> 
>
> Key: SENTRY-709
> URL: https://issues.apache.org/jira/browse/SENTRY-709
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Reporter: Arun Suresh
>Assignee: Sravya Tirukkovalur
>  Labels: integration, roadmap
> Attachments: SENTRY-709.1.patch, SENTRY-709.2.patch, 
> SENTRY-709.2.patch
>
>
> Sentry HDFS namenode plugin uses a pre-committed version of the HDFS 
> AuthorizationProvider interface. HADOOP 2.7.0 will ship with the new 
> INodeAttributesProvider interface.
> The Namenode plugin has to be refactored to use this new interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1317) Implement fencing required for active/passive

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1317:
---

 Summary: Implement fencing required for active/passive
 Key: SENTRY-1317
 URL: https://issues.apache.org/jira/browse/SENTRY-1317
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1316) Implement Sentry leadership election

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1316:

Component/s: (was: Hdfs Plugin)

> Implement Sentry leadership election
> 
>
> Key: SENTRY-1316
> URL: https://issues.apache.org/jira/browse/SENTRY-1316
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1317) Implement fencing required for active/passive

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1317:

Component/s: (was: Hdfs Plugin)

> Implement fencing required for active/passive
> -
>
> Key: SENTRY-1317
> URL: https://issues.apache.org/jira/browse/SENTRY-1317
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-876) Handle path updates when Sentry HA + HDFS sync - Send updates to all sentry instances

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-876:
---
Resolution: Invalid
Status: Resolved  (was: Patch Available)

Closing the old Sentry HA items, as we are redesigning it. Feel free to reopen 
if needed.

> Handle path updates when Sentry HA + HDFS sync - Send updates to all sentry 
> instances
> -
>
> Key: SENTRY-876
> URL: https://issues.apache.org/jira/browse/SENTRY-876
> Project: Sentry
>  Issue Type: New Feature
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Attachments: SENTRY-876.0.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-877) Recreate the metastore cache if ZK connection is lost.

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-877.

Resolution: Invalid

Closing the old Sentry HA items, as we are redesigning it. Feel free to reopen 
if needed.

> Recreate the metastore cache if ZK connection is lost.
> --
>
> Key: SENTRY-877
> URL: https://issues.apache.org/jira/browse/SENTRY-877
> Project: Sentry
>  Issue Type: Task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>Priority: Minor
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-879) Add metrics for HDFS Sync when Sentry HA and HMS HA

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-879:
---
Issue Type: Sub-task  (was: New Feature)
Parent: SENTRY-872

> Add metrics for HDFS Sync when Sentry HA and HMS HA
> ---
>
> Key: SENTRY-879
> URL: https://issues.apache.org/jira/browse/SENTRY-879
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-795) HDFS permissions do not sync when Sentry restarts in HA mode.

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-795.

Resolution: Invalid

Closing the old Sentry HA items, as we are redesigning it.

> HDFS permissions do not sync when Sentry restarts in HA mode.
> -
>
> Key: SENTRY-795
> URL: https://issues.apache.org/jira/browse/SENTRY-795
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-871) Refactor HA components based on Sentry-852

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-871:
---
Summary: Refactor HA components based on Sentry-852  (was: Refactor HA 
components based on Sentry-870)

> Refactor HA components based on Sentry-852
> --
>
> Key: SENTRY-871
> URL: https://issues.apache.org/jira/browse/SENTRY-871
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-873) [HMS HA] Have a HMS leader which would be responsible for sending path updates to Sentry

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-873.

Resolution: Invalid

> [HMS HA] Have a HMS leader which would be responsible for sending path 
> updates to Sentry
> 
>
> Key: SENTRY-873
> URL: https://issues.apache.org/jira/browse/SENTRY-873
> Project: Sentry
>  Issue Type: Improvement
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-873) [HMS HA] Have a HMS leader which would be responsible for sending path updates to Sentry

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15319496#comment-15319496
 ] 

Sravya Tirukkovalur commented on SENTRY-873:


Closing the old Sentry HA items, as we are redesigning it. Feel free to reopen 
it if you disagree.

> [HMS HA] Have a HMS leader which would be responsible for sending path 
> updates to Sentry
> 
>
> Key: SENTRY-873
> URL: https://issues.apache.org/jira/browse/SENTRY-873
> Project: Sentry
>  Issue Type: Improvement
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (SENTRY-662) SentryServiceIntegrationBase should use UGI based login

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur reassigned SENTRY-662:
--

Assignee: Sravya Tirukkovalur  (was: Prasad Mujumdar)

> SentryServiceIntegrationBase should use UGI based login
> ---
>
> Key: SENTRY-662
> URL: https://issues.apache.org/jira/browse/SENTRY-662
> Project: Sentry
>  Issue Type: Improvement
>Affects Versions: 1.5.1
>Reporter: Prasad Mujumdar
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-662.1.patch
>
>
> With Sentry HA the service client makes the service connection on the first 
> client api. This is done in order to propagate the exception cleanly to the 
> caller.
> The SentryServiceIntegrationBase currently performs direct Jaas login and 
> passes the subject to transport open only. Now that any API can open the 
> connection, this is not sufficient.
> We should use the UGI login for the tests as well which handles passing the 
> right subject to transport level open.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-882) HMS leader should handle out of order updates when HA

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-882.

Resolution: Invalid

Closing the old Sentry HA items, as we are redesigning it. Feel free to reopen 
if needed.

> HMS leader should handle out of order updates when HA
> -
>
> Key: SENTRY-882
> URL: https://issues.apache.org/jira/browse/SENTRY-882
> Project: Sentry
>  Issue Type: Task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-872) Uber jira for HMS HA + Sentry HA redesign

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-872:
---
Summary: Uber jira for HMS HA + Sentry HA redesign  (was: Uber jira for HMS 
HA + Sentry HA with HDFS plugin improvements)

> Uber jira for HMS HA + Sentry HA redesign
> -
>
> Key: SENTRY-872
> URL: https://issues.apache.org/jira/browse/SENTRY-872
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-872.0.patch, SENTRY-872.pdf, SENTRY-872_design.pdf
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-840) Do not allow async initial updater of MetaStore cache

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-840:
---
Issue Type: Sub-task  (was: Improvement)
Parent: SENTRY-1314

> Do not allow async initial updater of MetaStore cache
> -
>
> Key: SENTRY-840
> URL: https://issues.apache.org/jira/browse/SENTRY-840
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>
> Allowing metastore cache to be initialized asynchronously can be very fragile 
> and should be recommended against. We should either 
> 1. Make it strictly synchronous
> 2. Or add more testing around async path if there is enough request.
> If we take route 1, we can get rid of the updateQueue and syncsent in 
> MetaStorePlugin.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-874) Handle HMS updates correctly while full update is being built

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-874:
---
Issue Type: Sub-task  (was: Improvement)
Parent: SENTRY-1314

> Handle HMS updates correctly while full update is being built
> -
>
> Key: SENTRY-874
> URL: https://issues.apache.org/jira/browse/SENTRY-874
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>
> We have two options here:
> 1. Have a lock for path update + notify sentry. So that a partial update 
> would just block until the full update completes building and notifying 
> Sentry.
> 2. Make sure path update duplicates are handled well in HMSPaths and 
> SentryPlugin



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-872) Uber jira for HMS HA + Sentry HA redesign

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15319571#comment-15319571
 ] 

Sravya Tirukkovalur commented on SENTRY-872:


Moving the HDFS Sync implementation improvements jiras to 
https://issues.apache.org/jira/browse/SENTRY-1314, so that we can continue 
focusing on HA redesign here. 

> Uber jira for HMS HA + Sentry HA redesign
> -
>
> Key: SENTRY-872
> URL: https://issues.apache.org/jira/browse/SENTRY-872
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-872.0.patch, SENTRY-872.pdf, SENTRY-872_design.pdf
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-879) Add metrics for HDFS Sync when Sentry HA and HMS HA

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15319581#comment-15319581
 ] 

Sravya Tirukkovalur commented on SENTRY-879:


Need to update this list of metrics based on the new design.

> Add metrics for HDFS Sync when Sentry HA and HMS HA
> ---
>
> Key: SENTRY-879
> URL: https://issues.apache.org/jira/browse/SENTRY-879
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-851) UpdateForwarder does not have to implement Updateable

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-851:
---
Component/s: Hdfs Plugin

> UpdateForwarder does not have to implement Updateable
> -
>
> Key: SENTRY-851
> URL: https://issues.apache.org/jira/browse/SENTRY-851
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Affects Versions: 1.4.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>
> I see no reason why UpdateForwarder is implementing Updateable. I think we 
> should clean up this code.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-852) Create PathUpdateForwarder and PermUpdateForwarder

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-852:
---
Component/s: Hdfs Plugin

> Create PathUpdateForwarder and PermUpdateForwarder
> --
>
> Key: SENTRY-852
> URL: https://issues.apache.org/jira/browse/SENTRY-852
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Affects Versions: 1.4.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>
> Updateforwarder is used for maintaining updatelog for both path updates and 
> perm updates today. This is resulting in code being hard to follow as there 
> are many perm specific and path specific stuff. Lots of if else caused by 
> over generalization. I think we should split it up for better code 
> maintainability.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-880) Delete the path cache children as soon as it is processed.

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-880.

Resolution: Invalid

> Delete the path cache children as soon as it is processed.
> --
>
> Key: SENTRY-880
> URL: https://issues.apache.org/jira/browse/SENTRY-880
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-880) Delete the path cache children as soon as it is processed.

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15319505#comment-15319505
 ] 

Sravya Tirukkovalur commented on SENTRY-880:


Closing the old Sentry HA items, as we are redesigning it. Feel free to reopen 
if needed.

> Delete the path cache children as soon as it is processed.
> --
>
> Key: SENTRY-880
> URL: https://issues.apache.org/jira/browse/SENTRY-880
> Project: Sentry
>  Issue Type: Bug
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-875) Make update log size configurable in UpdateForwarder

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-875:
---
Issue Type: Sub-task  (was: Bug)
Parent: SENTRY-1314

> Make update log size configurable in UpdateForwarder
> 
>
> Key: SENTRY-875
> URL: https://issues.apache.org/jira/browse/SENTRY-875
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>
> It is currently 100, making this configurable might be useful to tune 
> performance versus size requirements. It will also be helpful for end to end 
> testing corner cases where we can set this to a smaller number.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-858) Add a test case for - Database prefix is not honoured when executing grant statement

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15316766#comment-15316766
 ] 

Sravya Tirukkovalur commented on SENTRY-858:


Creating to SENTRY-1313 to actually fix this bug.

> Add a test case for - Database prefix is not honoured when executing grant 
> statement 
> -
>
> Key: SENTRY-858
> URL: https://issues.apache.org/jira/browse/SENTRY-858
> Project: Sentry
>  Issue Type: Bug
>  Components: Hive Plugin, Sentry
>Affects Versions: 1.4.0
>Reporter: Subroto Sanyal
>Assignee: Rahul Sharma
>Priority: Critical
> Attachments: SENTRY-858.patch
>
>
> h5. Steps to reproduce
> # Sentry enabled secured hive environment
> # Create a database _newdb_ and a table _smallairport_ in it (expecting 
> _default_ db to be available)
> # Create a role _grp2_role_ and grant _select_ privilege to the same role for 
> table  _smallairport_ in _newdb_.
> # Check the granted role on console and log. The role is granted to a table 
> _smallairport_ in *default* database
> {noformat}beeline> !connect 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL
> Connecting to 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL
> Enter username for 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL:
>  
> Enter password for 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL:
>  
> Connected to: Apache Hive (version 1.1.0-cdh5.4.0)
> Driver: Hive JDBC (version 1.1.0-cdh5.4.0)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> GRANT SELECT ON TABLE 
> `newdb.smallairport` TO ROLE grp2_role;
> Getting log thread is interrupted, since query is done!
> No rows affected (0.074 seconds)
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> GRANT INSERT ON TABLE 
> `newdb.smallairport` TO ROLE grp2_role;
> Getting log thread is interrupted, since query is done!
> No rows affected (0.067 seconds)
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> show grant role grp2_role;
> Getting log thread is interrupted, since query is done!
> +---+---++-+-+-++---+---+--+--+
> | database  | table | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |grant_time | grantor  |
> +---+---++-+-+-++---+---+--+--+
> | default   | smallairport  || | grp2_role   | ROLE   
>  | select | false | 144016784913  | --   |
> | default   | smallairport  || | grp2_role   | ROLE   
>  | insert | false | 1440168392394000  | --   |
> +---+---++-+-+-++---+---+--+--+
> 2 rows selected (0.085 seconds)
> {noformat}
> h6. Logs on Sentry side:
> {noformat}15/08/25 08:47:40 INFO ddl.logger: 
> {"serviceName":"Sentry-Service","userName":"hive","impersonator":"hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL","ipAddress":"/10.87.39.41","operation":"GRANT_PRIVILEGE","eventTime":"1440506860675","operationText":"GRANT
>  SELECT ON TABLE smallairport TO ROLE 
> grp2_role","allowed":"true","databaseName":"default","tableName":"smallairport","resourcePath":"","objectType":"PRINCIPAL"}{noformat}
> h6. Logs on Hive side:
> {noformat}2015-08-25 08:47:40,428 WARN  [pool-6-thread-1]: 
> hdfs.MetastorePlugin (MetastorePlugin.java:run(74)) -  Synced Sentry with 
> update [5]
> 2015-08-25 08:47:40,613 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> transport.TSaslTransport (TSaslTransport.java:readFrame(459)) - SERVER: 
> reading data length: 167
> 2015-08-25 08:47:40,613 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> parse.VariableSubstitution (VariableSubstitution.java:substitute(53)) - 
> Substitution is on: GRANT SELECT ON TABLE `newdb.smallairport` TO ROLE 
> grp2_role
> 2015-08-25 08:47:40,614 INFO  [HiveServer2-Handler-Pool: Thread-1038]: 
> log.PerfLogger (PerfLogger.java:PerfLogBegin(121)) -  from=org.apache.hadoop.hive.ql.Driver>
> 2015-08-25 08:47:40,614 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> parse.VariableSubstitution (VariableSubstitution.java:substitute(53)) - 
> Substitution 

[jira] [Updated] (SENTRY-858) Add a test case for - Database prefix is not honoured when executing grant statement

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-858:
---
Issue Type: Test  (was: Bug)

> Add a test case for - Database prefix is not honoured when executing grant 
> statement 
> -
>
> Key: SENTRY-858
> URL: https://issues.apache.org/jira/browse/SENTRY-858
> Project: Sentry
>  Issue Type: Test
>  Components: Hive Plugin, Sentry
>Affects Versions: 1.4.0
>Reporter: Subroto Sanyal
>Assignee: Rahul Sharma
>Priority: Critical
> Attachments: SENTRY-858.patch
>
>
> h5. Steps to reproduce
> # Sentry enabled secured hive environment
> # Create a database _newdb_ and a table _smallairport_ in it (expecting 
> _default_ db to be available)
> # Create a role _grp2_role_ and grant _select_ privilege to the same role for 
> table  _smallairport_ in _newdb_.
> # Check the granted role on console and log. The role is granted to a table 
> _smallairport_ in *default* database
> {noformat}beeline> !connect 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL
> Connecting to 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL
> Enter username for 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL:
>  
> Enter password for 
> jdbc:hive2://ip-10-87-39-41.eu-west-1.compute.internal:10004/;principal=hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL:
>  
> Connected to: Apache Hive (version 1.1.0-cdh5.4.0)
> Driver: Hive JDBC (version 1.1.0-cdh5.4.0)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> GRANT SELECT ON TABLE 
> `newdb.smallairport` TO ROLE grp2_role;
> Getting log thread is interrupted, since query is done!
> No rows affected (0.074 seconds)
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> GRANT INSERT ON TABLE 
> `newdb.smallairport` TO ROLE grp2_role;
> Getting log thread is interrupted, since query is done!
> No rows affected (0.067 seconds)
> 0: jdbc:hive2://ip-10-87-39-41.eu-west-1.comp> show grant role grp2_role;
> Getting log thread is interrupted, since query is done!
> +---+---++-+-+-++---+---+--+--+
> | database  | table | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |grant_time | grantor  |
> +---+---++-+-+-++---+---+--+--+
> | default   | smallairport  || | grp2_role   | ROLE   
>  | select | false | 144016784913  | --   |
> | default   | smallairport  || | grp2_role   | ROLE   
>  | insert | false | 1440168392394000  | --   |
> +---+---++-+-+-++---+---+--+--+
> 2 rows selected (0.085 seconds)
> {noformat}
> h6. Logs on Sentry side:
> {noformat}15/08/25 08:47:40 INFO ddl.logger: 
> {"serviceName":"Sentry-Service","userName":"hive","impersonator":"hive/ip-10-87-39-41.eu-west-1.compute.internal@EC2.INTERNAL","ipAddress":"/10.87.39.41","operation":"GRANT_PRIVILEGE","eventTime":"1440506860675","operationText":"GRANT
>  SELECT ON TABLE smallairport TO ROLE 
> grp2_role","allowed":"true","databaseName":"default","tableName":"smallairport","resourcePath":"","objectType":"PRINCIPAL"}{noformat}
> h6. Logs on Hive side:
> {noformat}2015-08-25 08:47:40,428 WARN  [pool-6-thread-1]: 
> hdfs.MetastorePlugin (MetastorePlugin.java:run(74)) -  Synced Sentry with 
> update [5]
> 2015-08-25 08:47:40,613 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> transport.TSaslTransport (TSaslTransport.java:readFrame(459)) - SERVER: 
> reading data length: 167
> 2015-08-25 08:47:40,613 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> parse.VariableSubstitution (VariableSubstitution.java:substitute(53)) - 
> Substitution is on: GRANT SELECT ON TABLE `newdb.smallairport` TO ROLE 
> grp2_role
> 2015-08-25 08:47:40,614 INFO  [HiveServer2-Handler-Pool: Thread-1038]: 
> log.PerfLogger (PerfLogger.java:PerfLogBegin(121)) -  from=org.apache.hadoop.hive.ql.Driver>
> 2015-08-25 08:47:40,614 DEBUG [HiveServer2-Handler-Pool: Thread-1038]: 
> parse.VariableSubstitution (VariableSubstitution.java:substitute(53)) - 
> Substitution is on: GRANT SELECT ON TABLE `newdb.smallairport` TO 

[jira] [Updated] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1323:

Fix Version/s: (was: 1.8.0)
   sentry-ha-redesign

> Bump the hive version to 1.2.0
> --
>
> Key: SENTRY-1323
> URL: https://issues.apache.org/jira/browse/SENTRY-1323
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
>
> Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
> deserializer.getAlterTableMessage fails with JsonMappingException
> After some debugging, I confirmed that it is due to the fact that 
> JSONAlterTableMessage does not have a default constructor.
> Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
> move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1324:
---

 Summary: Add sentry specific test cases to use NotificationLog
 Key: SENTRY-1324
 URL: https://issues.apache.org/jira/browse/SENTRY-1324
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur
Assignee: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1324:

Attachment: SENTRY-1324.patch

Adding tests to make sure NotificationLog is capturing the information 
correctly for the commands which change  mapping. This exercise 
is mainly to understand if NotificationLog works for us. I did hit some bugs, 
but seems like some of them are fixed in Hive 1.2.0. Will bump up Hive in jira 
SENTRY-1323 as I see there are more changes we need to make as part of hive 
dependency change.

> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1324:

Attachment: SENTRY-1324.0.patch

> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.0.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1323:

Status: Patch Available  (was: Open)

> Bump the hive version to 1.2.0
> --
>
> Key: SENTRY-1323
> URL: https://issues.apache.org/jira/browse/SENTRY-1323
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1323.0.patch
>
>
> Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
> deserializer.getAlterTableMessage fails with JsonMappingException
> After some debugging, I confirmed that it is due to the fact that 
> JSONAlterTableMessage does not have a default constructor.
> Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
> move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1324:

Status: Patch Available  (was: Open)

> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.0.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15325562#comment-15325562
 ] 

Sravya Tirukkovalur commented on SENTRY-1323:
-

getPartition() api seems to have been changed in 1.2.0

> Bump the hive version to 1.2.0
> --
>
> Key: SENTRY-1323
> URL: https://issues.apache.org/jira/browse/SENTRY-1323
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1323.0.patch
>
>
> Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
> deserializer.getAlterTableMessage fails with JsonMappingException
> After some debugging, I confirmed that it is due to the fact that 
> JSONAlterTableMessage does not have a default constructor.
> Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
> move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1323:

Attachment: SENTRY-1323.0.patch

> Bump the hive version to 1.2.0
> --
>
> Key: SENTRY-1323
> URL: https://issues.apache.org/jira/browse/SENTRY-1323
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1323.0.patch
>
>
> Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
> deserializer.getAlterTableMessage fails with JsonMappingException
> After some debugging, I confirmed that it is due to the fact that 
> JSONAlterTableMessage does not have a default constructor.
> Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
> move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1321) Use DbNotificationListener and poll the notifications from Sentry service

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1321:
---

 Summary: Use DbNotificationListener and poll the notifications 
from Sentry service
 Key: SENTRY-1321
 URL: https://issues.apache.org/jira/browse/SENTRY-1321
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur
Assignee: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1321) Use DbNotificationListener and poll the HMS notifications from Sentry service

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1321:

Summary: Use DbNotificationListener and poll the HMS notifications from 
Sentry service  (was: Use DbNotificationListener and poll the notifications 
from Sentry service)

> Use DbNotificationListener and poll the HMS notifications from Sentry service
> -
>
> Key: SENTRY-1321
> URL: https://issues.apache.org/jira/browse/SENTRY-1321
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1320) truncate table db_name.table_name fails

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15323431#comment-15323431
 ] 

Sravya Tirukkovalur commented on SENTRY-1320:
-

+1, pending QA run. Thanks for the patch [~vihangk1]! 

> truncate table db_name.table_name fails
> ---
>
> Key: SENTRY-1320
> URL: https://issues.apache.org/jira/browse/SENTRY-1320
> Project: Sentry
>  Issue Type: Bug
>Reporter: Vihang Karajgaonkar
>Assignee: Vihang Karajgaonkar
>Priority: Minor
> Attachments: SENTRY-1320.01.patch
>
>
> On a cluster with Sentry enabled using Kerberos (MIT)
> Steps to reproduce:
> create database temp;
> use temp;
> create table a(b int);
> use default;
> truncate table temp.a;
> Error: Error while compiling statement: FAILED: IllegalArgumentException null 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1323:
---

 Summary: Bump the hive version to 1.2.0
 Key: SENTRY-1323
 URL: https://issues.apache.org/jira/browse/SENTRY-1323
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur
Assignee: Sravya Tirukkovalur


Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
deserializer.getAlterTableMessage fails with JsonMappingException
After some debugging, I confirmed that it is due to the fact that 
JSONAlterTableMessage does not have a default constructor.

Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1295) Investigate malformed paths in HMS db

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15300510#comment-15300510
 ] 

Sravya Tirukkovalur commented on SENTRY-1295:
-

Another data point, this time default db location was on root: 
SELECT "NAME", "DB_LOCATION_URI" FROM "DBS" WHERE NOT "DB_LOCATION_URI" LIKE 
'hdfs://%/%';
default hdfs://namespace

> Investigate malformed paths in HMS db
> -
>
> Key: SENTRY-1295
> URL: https://issues.apache.org/jira/browse/SENTRY-1295
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>
> Paths in HMS are expected to be in one of these forms:
> * hdfs://hostname:port/path
> * hdfs:///path
> * /path, in which case, scheme will be constructed from 
> FileSystem.getDefaultURI
> * URIs with non hdfs scheme will just be ignored
> I came across atleast 2 sentry users where HMS did have paths which do not 
> comply with above rules and hence HMS plugin initialization for pathupdates 
> failed. See sentry-1260 and sentry-1270 for details on how these errors 
> surface. 
> With 1260 and 1270 we should have more information on what these malformed 
> paths were. But we should continue to investigate and fix the root cause, It 
> would most likely be in HMS code base. Until then, here is how you can 
> diagnose and fix it manually:
> *Look for malformed paths in HMS* : Look in DBS as well as SDS tables.
> {code}
> SELECT "NAME", "DB_LOCATION_URI" FROM "DBS" WHERE NOT "DB_LOCATION_URI" LIKE 
> 'hdfs://%/%';
> NAME | DB_LOCATION_URI 
> ---+
> db_name | hdfs://nameservice1
> (1 row)
> {code}
> *Fix it manually updating the HMS location*
> {code}
> UPDATE DBS
> SET DB_LOCATION_URI='hdfs://nameservice1/user/hive/warehouse/db_name.db'
> WHERE DB_ID=12345;
> {code}
> Lets track occurrences of these malformed paths here:
> * hdfs://nameservice1 : Not sure why would any one create a db/table in root 
> directory? Should we accept this in Sentry?
> What does SKEWED_COL_VALUE_LOC_MAP.location in HMS correspond to? Double 
> check if there are any malformed paths here?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1323) Bump the hive version to 1.2.0

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15328310#comment-15328310
 ] 

Sravya Tirukkovalur commented on SENTRY-1323:
-

Looking into the test failures. I see some test failures around "show 
tables"/"show databases". Seems like it is due to the Hive fix: 
https://issues.apache.org/jira/browse/HIVE-9350 . Taking a closer look at 
Hive-9350 to see how to make Sentry compatible with Hive 1.2.0. 


> Bump the hive version to 1.2.0
> --
>
> Key: SENTRY-1323
> URL: https://issues.apache.org/jira/browse/SENTRY-1323
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1323.0.patch
>
>
> Deserializer as part of Hive-7973 work has some bugs in 1.1.0. For example:
> deserializer.getAlterTableMessage fails with JsonMappingException
> After some debugging, I confirmed that it is due to the fact that 
> JSONAlterTableMessage does not have a default constructor.
> Seems like this is fixed as part of HIVE-10227 (1.2.0). So would be best to 
> move to hive 1.2.0.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-872) Uber jira for HMS HA + Sentry HA with HDFS plugin improvements

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15308437#comment-15308437
 ] 

Sravya Tirukkovalur commented on SENTRY-872:


Thanks for uploading the updated deisgn doc [~cmccabe]! Some comments:
1. In Section "HIVE­7973: Hive Replication Support ", seems like there is some 
text missing at the end.
2. In Section "Future work", "The HDFS Plugin Should Use Update Log IDs". In 
current design, we apply deltas in the NN plugin. I do not believe we 
necessarily buffer deltas in NN, as there is no reason. So we may want to 
remove this section.
3. We might want to add a section about "Sentry passive" which follows active 
versus "Sentry standby" which warms up only when it acquires leadership? I 
think we are inclining towards a passive which can serve requests with minimal 
downtime, that is acquiring leadership should not take too long. But might be 
better if we state it explicitly, so that we evaluate the alternatives 
thoroughly?
4. There are some slight alternatives we might want to consider in the path of 
propagating HMS updates to Sentry and NN. In the proposed design, we will need 
to replicate HMS  information as well as delta changes of 
it(add/delete ) in Sentry db for the passive to follow. Other option 
is for passive to directly talk to HMS to get these deltas. If the only 
motivation for replicating this in sentry db is bringing passive upto speed, I 
think the later approach is preferable as there is no real need to replicate 
both info and deltas? But, other parameter to consider is around full update. 
That is, when Sentry restarts in the later approach, we will have to trigger a 
full update from HMS. But without a proper snapshot solution in HMS, this would 
mean we will have to lock HMS writes for this period, which means HMS is not 
available for writes for this period.
5. Would be useful to have a detailed protocol description especially around 
what happens when different services restart, and what in memory state does 
each service rely on. 

Let me know what you think and we can update the doc accordingly. Thanks!

> Uber jira for HMS HA + Sentry HA with HDFS plugin improvements
> --
>
> Key: SENTRY-872
> URL: https://issues.apache.org/jira/browse/SENTRY-872
> Project: Sentry
>  Issue Type: Improvement
>  Components: Hdfs Plugin
>Affects Versions: 1.5.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-872.0.patch, SENTRY-872.pdf, SENTRY-872_design.pdf
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1298) Create index location should require URI

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1298:
---

 Summary: Create index location should require URI
 Key: SENTRY-1298
 URL: https://issues.apache.org/jira/browse/SENTRY-1298
 Project: Sentry
  Issue Type: Bug
Reporter: Sravya Tirukkovalur
Priority: Blocker






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1231) Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1231:

Priority: Blocker  (was: Major)

> Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION 
> ''/uri"
> 
>
> Key: SENTRY-1231
> URL: https://issues.apache.org/jira/browse/SENTRY-1231
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>Priority: Blocker
>
> Sentry doesn't check the uri privilege of command, CREATE INDEX LOCATION 
> '/path'. For example,
> {code}
> [root@ay-s3-1 ~]# sudo -u hdfs hdfs dfs -getfacl -R /data/testindex
> # file: /data/testindex
> # owner: hdfs
> # group: hive
> user::rwx
> group::r-x
> other::r-x
> use systest> CREATE INDEX my_hdfs_table_index ON TABLE my_hdfs_table 
> (viewtime) AS 'compact' WITH DEFERRED REBUILD LOCATION '/data/testindex';
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SENTRY-1298) Create index location should require URI

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur resolved SENTRY-1298.
-
Resolution: Duplicate

> Create index location should require URI
> 
>
> Key: SENTRY-1298
> URL: https://issues.apache.org/jira/browse/SENTRY-1298
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>Priority: Blocker
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1231) Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1231:

Attachment: SENTRY-1231.1.patch

> Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION 
> ''/uri"
> 
>
> Key: SENTRY-1231
> URL: https://issues.apache.org/jira/browse/SENTRY-1231
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>Assignee: Sravya Tirukkovalur
>Priority: Blocker
> Attachments: SENTRY-1231.0.patch, SENTRY-1231.1.patch
>
>
> Sentry doesn't check the uri privilege of command, CREATE INDEX LOCATION 
> '/path'. For example,
> {code}
> [root@ay-s3-1 ~]# sudo -u hdfs hdfs dfs -getfacl -R /data/testindex
> # file: /data/testindex
> # owner: hdfs
> # group: hive
> user::rwx
> group::r-x
> other::r-x
> use systest> CREATE INDEX my_hdfs_table_index ON TABLE my_hdfs_table 
> (viewtime) AS 'compact' WITH DEFERRED REBUILD LOCATION '/data/testindex';
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (SENTRY-1231) Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur reassigned SENTRY-1231:
---

Assignee: Sravya Tirukkovalur

> Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION 
> ''/uri"
> 
>
> Key: SENTRY-1231
> URL: https://issues.apache.org/jira/browse/SENTRY-1231
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>Assignee: Sravya Tirukkovalur
>Priority: Blocker
>
> Sentry doesn't check the uri privilege of command, CREATE INDEX LOCATION 
> '/path'. For example,
> {code}
> [root@ay-s3-1 ~]# sudo -u hdfs hdfs dfs -getfacl -R /data/testindex
> # file: /data/testindex
> # owner: hdfs
> # group: hive
> user::rwx
> group::r-x
> other::r-x
> use systest> CREATE INDEX my_hdfs_table_index ON TABLE my_hdfs_table 
> (viewtime) AS 'compact' WITH DEFERRED REBUILD LOCATION '/data/testindex';
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1231) Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15302845#comment-15302845
 ] 

Sravya Tirukkovalur commented on SENTRY-1231:
-

Here is the current ast:
TOK_CREATEINDEX
   table01_index
   'COMPACT'
   TOK_TABNAME
  tb1
   TOK_TABCOLNAME
  a
   TOK_DEFERRED_REBUILDINDEX


> Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION 
> ''/uri"
> 
>
> Key: SENTRY-1231
> URL: https://issues.apache.org/jira/browse/SENTRY-1231
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>Assignee: Sravya Tirukkovalur
>Priority: Blocker
> Attachments: SENTRY-1231.0.patch
>
>
> Sentry doesn't check the uri privilege of command, CREATE INDEX LOCATION 
> '/path'. For example,
> {code}
> [root@ay-s3-1 ~]# sudo -u hdfs hdfs dfs -getfacl -R /data/testindex
> # file: /data/testindex
> # owner: hdfs
> # group: hive
> user::rwx
> group::r-x
> other::r-x
> use systest> CREATE INDEX my_hdfs_table_index ON TABLE my_hdfs_table 
> (viewtime) AS 'compact' WITH DEFERRED REBUILD LOCATION '/data/testindex';
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-666) Grant assumes Table object when not passed both an object and a name

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15303147#comment-15303147
 ] 

Sravya Tirukkovalur commented on SENTRY-666:


This seems to be just for convenience. [~anneyu], can you add this to our 
documentation and close the ticket?

> Grant assumes Table object when not passed both an object and a name
> 
>
> Key: SENTRY-666
> URL: https://issues.apache.org/jira/browse/SENTRY-666
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.4.0
>Reporter: Ryan P
>Priority: Minor
>  Labels: Docs
>
> If you pass only one argument to the grant statement it assumes you are 
> setting privileges for the table object.
> 0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> grant all on server1 to role 
> test;
> No rows affected (0.198 seconds)
> 0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> show grant role test;
> +---+++-+-+-++---+---+--+--+
> | database  |   table| partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |grant_time | grantor  |
> +---+++-+-+-++---+---+--+--+
> | default   | test   || | test| ROLE  
>   | *  | false | 1425774500157000  | --   |
> | /tmp  ||| | test| ROLE  
>   | *  | false | 1425775719259000  | --   |
> | default   | ta || | test| ROLE  
>   | *  | false | 142521565000  | --   |
> | default   | server1|| | test| ROLE  
>   | *  | false | 1421854212609000  | --   |
> | default   | testpatch  || | test| ROLE  
>   | select | false | 1425774558034000  | --   |
> +---+++-+-+-++---+---+--+--+
> 5 rows selected (0.217 seconds)
> I understand this was probably done for convenience but it can cause 
> confusion for first-time users. At a quick glance it would appear as if I am 
> granting all on server server1 to role test. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1209) Sentry does not block Hive's cross-schema table renames

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15303158#comment-15303158
 ] 

Sravya Tirukkovalur commented on SENTRY-1209:
-

Would be good to fix this. [~colinma] will you be interested in picking this up?

> Sentry does not block Hive's cross-schema table renames
> ---
>
> Key: SENTRY-1209
> URL: https://issues.apache.org/jira/browse/SENTRY-1209
> Project: Sentry
>  Issue Type: Bug
>  Components: Core, Hive Binding, Hive Plugin, Sentry
>Affects Versions: 1.5.1
> Environment: CDH 5.5.2
>Reporter: Ruslan Dautkhanov
>Priority: Critical
>  Labels: security
>
> User Pete 
> has read-write access to schema A
> has read-only access to schema B
> User Pete nevertheless was able to rename/move Hive table 
> from schema A to schema B (where he has read-only access):
> {quote}
> use A;
> alter table table_a rename to B.table_a;
> {quote}
> Hive allows to use rename table syntax to move tables across schemas, not 
> just rename.
> Sentry does not check security boundaries in this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1275) if drop external partition fails at the step of move external dir to the trash, but partition gets dropped successfully, sentry acls are still applied to the dir

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15303151#comment-15303151
 ] 

Sravya Tirukkovalur commented on SENTRY-1275:
-

Interesting. [~anneyu] do you know if we can reproduce this in junit? (That is 
cause the move dir to trash to fail?)

> if drop external partition fails at the step of move external dir to the 
> trash, but partition gets dropped successfully, sentry acls are still applied 
> to the dir
> -
>
> Key: SENTRY-1275
> URL: https://issues.apache.org/jira/browse/SENTRY-1275
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>
> Found out there is an issue when drop external partition fails at the last 
> step of move dir to trash, partition gets successfully dropped, but sentry 
> acls still applied to the dir.
> {code}
> alter table 1008_tbl add partition (i=3) location '/data/test1/1008_par1';
> alter table 1008_tbl drop partition (i=3);
> Error: Error while processing statement: FAILED: Execution Error, return code 
> 1 from org.apache.hadoop.hive.ql.exec.SentryFilterDDLTask. Got exception: 
> java.io.IOException Failed to move to trash: 
> hdfs://nameservice1/data/test1/1008_par1 (state=08S01,code=1)
> show partitions 1008_tbl; (i=3 not shown)
> sudo -u hdfs hdfs dfs -getfacl -R /data/test1/1008_par1
> # file: /data/test1/1008_par1
> # owner: hive
> # group: hive
> user::rwx
> user:hive:rwx
> group:hbase:rwx (sentry applied extended acls)
> group::---
> group:hive:rwx
> mask::rwx
> other::--x
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-666) Grant assumes Table object when not passed both an object and a name

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-666:
---
Labels: Docs  (was: )

> Grant assumes Table object when not passed both an object and a name
> 
>
> Key: SENTRY-666
> URL: https://issues.apache.org/jira/browse/SENTRY-666
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.4.0
>Reporter: Ryan P
>Priority: Minor
>  Labels: Docs
>
> If you pass only one argument to the grant statement it assumes you are 
> setting privileges for the table object.
> 0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> grant all on server1 to role 
> test;
> No rows affected (0.198 seconds)
> 0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> show grant role test;
> +---+++-+-+-++---+---+--+--+
> | database  |   table| partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |grant_time | grantor  |
> +---+++-+-+-++---+---+--+--+
> | default   | test   || | test| ROLE  
>   | *  | false | 1425774500157000  | --   |
> | /tmp  ||| | test| ROLE  
>   | *  | false | 1425775719259000  | --   |
> | default   | ta || | test| ROLE  
>   | *  | false | 142521565000  | --   |
> | default   | server1|| | test| ROLE  
>   | *  | false | 1421854212609000  | --   |
> | default   | testpatch  || | test| ROLE  
>   | select | false | 1425774558034000  | --   |
> +---+++-+-+-++---+---+--+--+
> 5 rows selected (0.217 seconds)
> I understand this was probably done for convenience but it can cause 
> confusion for first-time users. At a quick glance it would appear as if I am 
> granting all on server server1 to role test. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1171) Please delete old releases from mirroring system

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1171:

Issue Type: Task  (was: Bug)

> Please delete old releases from mirroring system
> 
>
> Key: SENTRY-1171
> URL: https://issues.apache.org/jira/browse/SENTRY-1171
> Project: Sentry
>  Issue Type: Task
>Reporter: Sebb
>
> To reduce the load on the ASF mirrors, projects are required to delete old 
> releases [1]
> Please can you remove all non-current releases?
> i.e. all but 1.6.0-incubating/
> Thanks!
> [1] http://www.apache.org/dev/release.html#when-to-archive



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1182) [Failure recovery] NN should prompt a full Path update from sentry if X number of retries fail

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1182:

Issue Type: New Feature  (was: Bug)

> [Failure recovery] NN should prompt a full Path update from sentry if X 
> number of retries fail
> --
>
> Key: SENTRY-1182
> URL: https://issues.apache.org/jira/browse/SENTRY-1182
> Project: Sentry
>  Issue Type: New Feature
>Reporter: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1165) add clover plugin to maven to get code coverage report

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1165:

Issue Type: Test  (was: Bug)

> add clover plugin to maven to get code coverage report
> --
>
> Key: SENTRY-1165
> URL: https://issues.apache.org/jira/browse/SENTRY-1165
> Project: Sentry
>  Issue Type: Test
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>
> https://issues.apache.org/jira/browse/SOLR-479?jql=summary%20~%20%27code%20coverage%27



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1236) Bump thrift version to 0.9.3

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15311228#comment-15311228
 ] 

Sravya Tirukkovalur commented on SENTRY-1236:
-

I just committed this to the master [~hahao], thanks for the reminder!

> Bump thrift version to 0.9.3
> 
>
> Key: SENTRY-1236
> URL: https://issues.apache.org/jira/browse/SENTRY-1236
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>Priority: Minor
> Fix For: 1.8.0
>
> Attachments: SENTRY-1236.1.patch, SENTRY-1236.2.patch, 
> SENTRY-1236.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1236) Bump thrift version to 0.9.3

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1236:

   Resolution: Fixed
Fix Version/s: (was: 1.7.0)
   1.8.0
   Status: Resolved  (was: Patch Available)

> Bump thrift version to 0.9.3
> 
>
> Key: SENTRY-1236
> URL: https://issues.apache.org/jira/browse/SENTRY-1236
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>Priority: Minor
> Fix For: 1.8.0
>
> Attachments: SENTRY-1236.1.patch, SENTRY-1236.2.patch, 
> SENTRY-1236.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1356) Evaluate the current approach of updates from HMS

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1356:
---

 Summary: Evaluate the current approach of updates from HMS
 Key: SENTRY-1356
 URL: https://issues.apache.org/jira/browse/SENTRY-1356
 Project: Sentry
  Issue Type: Bug
Reporter: Sravya Tirukkovalur


Would be good to reevaluate the current approach of HMS updates. Currently, 
update contains a list of addPaths and delPaths. Some concerns we need to 
evaluate:
1. Hard to capture order in this model.
2. In UpdateatableAuthzPaths.applyPartialUpdate we seem to be adding the 
newPaths first and removing the delPaths. One caveat here is: if the newPath 
and oldPath are same, we end up deleting the path. See SENTRY-1346 for one such 
example.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1345) ACLS on table folder disappear after insert for unpartitioned tables

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1345:

Description: 
This seems to be due to the fact that onAlterTableEvent is being trigged for 
this operation of "INSERT on a unpartitioned table" in Hive. And sentry- hive 
plugin thinks this is an alter table location command, and we add the new path 
and delete the old path for this Hive object. As add happens first and then the 
delete on the same path in this case, the path is lost resulting in no acls on 
this path. 
Workaround: This gets corrected at the next HMS restart. 

We can fix on Sentry side to not do add/delete if oldPath == newPath. But we 
also need to understand the Hive behavior.
Not exactly sure when this regressed as we dont seem to have coverage for it. 
Also adding a test case as part of the patch which can be used against older 
versions.

> ACLS on table folder disappear after insert for unpartitioned tables
> 
>
> Key: SENTRY-1345
> URL: https://issues.apache.org/jira/browse/SENTRY-1345
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.7.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-1345.patch
>
>
> This seems to be due to the fact that onAlterTableEvent is being trigged for 
> this operation of "INSERT on a unpartitioned table" in Hive. And sentry- hive 
> plugin thinks this is an alter table location command, and we add the new 
> path and delete the old path for this Hive object. As add happens first and 
> then the delete on the same path in this case, the path is lost resulting in 
> no acls on this path. 
> Workaround: This gets corrected at the next HMS restart. 
> We can fix on Sentry side to not do add/delete if oldPath == newPath. But we 
> also need to understand the Hive behavior.
> Not exactly sure when this regressed as we dont seem to have coverage for it. 
> Also adding a test case as part of the patch which can be used against older 
> versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1356) Evaluate the current approach of updates from HMS

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1356:

Issue Type: Sub-task  (was: Bug)
Parent: SENTRY-1314

> Evaluate the current approach of updates from HMS
> -
>
> Key: SENTRY-1356
> URL: https://issues.apache.org/jira/browse/SENTRY-1356
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>
> Would be good to reevaluate the current approach of HMS updates. Currently, 
> update contains a list of addPaths and delPaths. Some concerns we need to 
> evaluate:
> 1. Hard to capture order in this model.
> 2. In UpdateatableAuthzPaths.applyPartialUpdate we seem to be adding the 
> newPaths first and removing the delPaths. One caveat here is: if the newPath 
> and oldPath are same, we end up deleting the path. See SENTRY-1346 for one 
> such example.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1345) ACLS on table folder disappear after insert for unpartitioned tables

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15341539#comment-15341539
 ] 

Sravya Tirukkovalur commented on SENTRY-1345:
-

[~hahao] Good point, added more details on the problem to the jira. Regarding 
opening a new connection in the test, I do not think it is necessary as all 
hive commands in the test are being run as the same user.

> ACLS on table folder disappear after insert for unpartitioned tables
> 
>
> Key: SENTRY-1345
> URL: https://issues.apache.org/jira/browse/SENTRY-1345
> Project: Sentry
>  Issue Type: Bug
>Affects Versions: 1.7.0
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
> Attachments: SENTRY-1345.patch
>
>
> This seems to be due to the fact that onAlterTableEvent is being trigged for 
> this operation of "INSERT on a unpartitioned table" in Hive. And sentry- hive 
> plugin thinks this is an alter table location command, and we add the new 
> path and delete the old path for this Hive object. As add happens first and 
> then the delete on the same path in this case, the path is lost resulting in 
> no acls on this path. 
> Workaround: This gets corrected at the next HMS restart. 
> We can fix on Sentry side to not do add/delete if oldPath == newPath. But we 
> also need to understand the Hive behavior.
> Not exactly sure when this regressed as we dont seem to have coverage for it. 
> Also adding a test case as part of the patch which can be used against older 
> versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1209) Sentry does not block Hive's cross-schema table renames

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15341556#comment-15341556
 ] 

Sravya Tirukkovalur commented on SENTRY-1209:
-

Reposting my comment from RB

Thanks for the change! The more I think about it, I feel we should be double 
careful when making auth model change. 

I am trying to think what the user behavior change would be for:

Alter table rename db1.tb1 to db1.tb2: We are essentially dropping db1.tb1 and 
creating db1.tb2. So at minimum create and drop on db1 are required. Would 
requiring all cause any inflexibility?
Alter table rename db1.tb1 to db2.tb2: At a minimum, user needs drop on db1 and 
create on db2. Would requiring all cause any inflexibility?

And also what should our upgrade recommendation be?


> Sentry does not block Hive's cross-schema table renames
> ---
>
> Key: SENTRY-1209
> URL: https://issues.apache.org/jira/browse/SENTRY-1209
> Project: Sentry
>  Issue Type: Bug
>  Components: Core, Hive Binding, Hive Plugin, Sentry
>Affects Versions: 1.5.1
> Environment: CDH 5.5.2
>Reporter: Ruslan Dautkhanov
>Assignee: Colin Ma
>Priority: Critical
>  Labels: security
> Attachments: SENTRY-1209.001.patch, SENTRY-1209.002.patch, 
> SENTRY-1209.003.patch, SENTRY-1209.004.patch, SENTRY-1209.005.patch
>
>
> User Pete 
> has read-write access to schema A
> has read-only access to schema B
> User Pete nevertheless was able to rename/move Hive table 
> from schema A to schema B (where he has read-only access):
> {quote}
> use A;
> alter table table_a rename to B.table_a;
> {quote}
> Hive allows to use rename table syntax to move tables across schemas, not 
> just rename.
> Sentry does not check security boundaries in this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1330) Notify Sentry about HMS new notifications if low delay is desired

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1330:

Summary: Notify Sentry about HMS new notifications if low delay is desired  
(was: Notify Sentry about new notifications if low delay is desired)

> Notify Sentry about HMS new notifications if low delay is desired
> -
>
> Key: SENTRY-1330
> URL: https://issues.apache.org/jira/browse/SENTRY-1330
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
>
> Filing this to track this idea, we can close if it is not required.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1317) Implement fencing required for active/passive

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1317:

Fix Version/s: (was: 1.8.0)
   sentry-ha-redesign

> Implement fencing required for active/passive
> -
>
> Key: SENTRY-1317
> URL: https://issues.apache.org/jira/browse/SENTRY-1317
> Project: Sentry
>  Issue Type: Sub-task
>Reporter: Sravya Tirukkovalur
>Assignee: Colin Patrick McCabe
> Fix For: sentry-ha-redesign
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1319) Add metrics for isActive and isHA

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15332320#comment-15332320
 ] 

Sravya Tirukkovalur commented on SENTRY-1319:
-

+1. 

Reposting it from RB:
As a follow on - Would be good to add a kerberos end to end test to access 
metrics, as sentry's clients (kerberos clients) would be accessing it now. See 
TestSentryServiceWithKerberos.java for a trivial example.

> Add metrics for isActive and isHA
> -
>
> Key: SENTRY-1319
> URL: https://issues.apache.org/jira/browse/SENTRY-1319
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Colin Patrick McCabe
>Assignee: Rahul Sharma
> Fix For: 1.8.0
>
> Attachments: SENTRY-1319.1.patch, SENTRY-1319.2.patch
>
>
> Add metrics for isActive and isHA, so that admins and monitoring systems can 
> know which sentry daemon is active, and whether HA is enabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1324:

Attachment: SENTRY-1324.2.patch

Fixing PMD failures.

> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.0.patch, SENTRY-1324.1.patch, 
> SENTRY-1324.2.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1316) Implement Sentry leadership election

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15332266#comment-15332266
 ] 

Sravya Tirukkovalur commented on SENTRY-1316:
-

Thanks for your patch [~colinmccabe]! Overall looks good to me. Can you add a 
RB link when the patch is ready for review?

> Implement Sentry leadership election
> 
>
> Key: SENTRY-1316
> URL: https://issues.apache.org/jira/browse/SENTRY-1316
> Project: Sentry
>  Issue Type: Sub-task
>Affects Versions: 1.8.0
>Reporter: Sravya Tirukkovalur
>Assignee: Colin Patrick McCabe
> Fix For: 1.8.0
>
> Attachments: SENTRY-1316.001.patch, SENTRY-1316.002.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1329) Add additional information in the NotificationLog entry

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1329:
---

 Summary: Add additional information in the NotificationLog entry
 Key: SENTRY-1329
 URL: https://issues.apache.org/jira/browse/SENTRY-1329
 Project: Sentry
  Issue Type: Sub-task
Reporter: Sravya Tirukkovalur
Assignee: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15330859#comment-15330859
 ] 

Sravya Tirukkovalur commented on SENTRY-1324:
-

We should be able to commit this without having to move hive dependency to >= 
1.2.0. 

Also, as you can see in the tests, there is some information missing in the 
notification event log. Some of these can be obtained by doing another 
getTable()/getDatabase() call to HMS. But some of these are permanently lost if 
we do not capture them during the event. For example, for the command "Alter 
table location", we need the old location in Sentry to make sure we revoke the 
table related grants on this old location. We cannot jut delete all paths 
corresponding to this table in Sentry, as there might be some partitions which 
point to this table and hence  is a many-many in Sentry. Also, 
capturing the location would allow to see have the entire context in 
notification log entry without having to do another HMS RPC to get missing 
information. Hence, I propose adding additional info in the notification log 
entry. Thoughts?



> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.0.patch, SENTRY-1324.1.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1329) Add additional information in the NotificationLog entry

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1329:

Description: 
After some preliminary testing of HMS NotificationLog in Sentry (SENTRY-1324), 
we see that NotificationLog does not capture some information today. See this 
[comment| 
https://issues.apache.org/jira/browse/SENTRY-1324?focusedCommentId=15330859=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15330859]
 for more information. 

So with respect to capturing this information, the minimally invasive approach 
is to just implement a custom MessageFactory 
(hcatalog.message.factory.impl.json), which takes care of the serialization and 
deseriazation of the message. We can just add additional information without 
causing disruption to other clients.

As I was implementing this, I encountered the problem that there is a small 
bug(in Hive trunk) which makes the MessageFactory not truly pluggable 
(HIVE-14011 - Attached a fix). But it would be a while before Hive can make a 
release with this fix and Sentry can move to this fixed version. 

So in the interim, we can implement the Listener in Sentry and use custom 
MessageFactory as well. I have done some testing on my side to make sure it 
does not break other clients.

  was:
After some preliminary testing of HMS NotificationLog in Sentry (SENTRY-1324), 
we see that NotificationLog does not capture some information today. See this 
[comment| ] for more information. 

Some of these, we might get by doing another getTable() call, but some of these 
are lost - For example in "alter table location", the only way to capture old 
location information is at the notification log. And we need this in Sentry to 
be able to properly revoke privileges on the old location. We might be able to 
relax this requirement if we make some architectural changes on how we store 
this HMS info in Sentry, but for now we need this information. Also, having 
this information will avoid the round trip.

So with respect to capturing this information, the minimally invasive approach 
is to just implement a custom MessageFactory 
(hcatalog.message.factory.impl.json), which takes care of the serialization and 
deseriazation of the message. We can just add additional information without 
causing disruption to other clients(BDR)

As I was implementing this, I encountered the problem that there is a small 
bug(in Hive trunk) which makes the MessageFactory not truly pluggable 
(HIVE-14011 - Attached a fix). But it would be while before Hive can make a 
release and Sentry can move to this fixed version. We need a backup plan.

So the next back plan is to implement the Listener in Sentry and use custom 
MessageFactory as well. I have done some testing on my side to make sure it 
does not break BDR- you should still be able to access the notification log and 
fields in the original message as is. But would be great if you (BDR folks) can 
give it a shot as well.



> Add additional information in the NotificationLog entry
> ---
>
> Key: SENTRY-1329
> URL: https://issues.apache.org/jira/browse/SENTRY-1329
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1329.0.patch
>
>
> After some preliminary testing of HMS NotificationLog in Sentry 
> (SENTRY-1324), we see that NotificationLog does not capture some information 
> today. See this [comment| 
> https://issues.apache.org/jira/browse/SENTRY-1324?focusedCommentId=15330859=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15330859]
>  for more information. 
> So with respect to capturing this information, the minimally invasive 
> approach is to just implement a custom MessageFactory 
> (hcatalog.message.factory.impl.json), which takes care of the serialization 
> and deseriazation of the message. We can just add additional information 
> without causing disruption to other clients.
> As I was implementing this, I encountered the problem that there is a small 
> bug(in Hive trunk) which makes the MessageFactory not truly pluggable 
> (HIVE-14011 - Attached a fix). But it would be a while before Hive can make a 
> release with this fix and Sentry can move to this fixed version. 
> So in the interim, we can implement the Listener in Sentry and use custom 
> MessageFactory as well. I have done some testing on my side to make sure it 
> does not break other clients.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1324) Add sentry specific test cases to use NotificationLog

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1324:

Attachment: SENTRY-1324.1.patch

Thanks for the review [~cmccabe]! Made the following changes:
1. Added more tests and comments.
2. Disabled tests which need hive >= 1.2.0
3. Renamed the class to be more descriptive.
4. Added tests to make sure id is monotonically increasing.

> Add sentry specific test cases to use NotificationLog
> -
>
> Key: SENTRY-1324
> URL: https://issues.apache.org/jira/browse/SENTRY-1324
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1324.0.patch, SENTRY-1324.1.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1295) Investigate malformed paths in HMS db

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1295:

Priority: Critical  (was: Major)

> Investigate malformed paths in HMS db
> -
>
> Key: SENTRY-1295
> URL: https://issues.apache.org/jira/browse/SENTRY-1295
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>Priority: Critical
>
> Paths in HMS are expected to be in one of these forms:
> * hdfs://hostname:port/path
> * hdfs:///path
> * /path, in which case, scheme will be constructed from 
> FileSystem.getDefaultURI
> * URIs with non hdfs scheme will just be ignored
> I came across atleast 2 sentry users where HMS did have paths which do not 
> comply with above rules and hence HMS plugin initialization for pathupdates 
> failed. See sentry-1260 and sentry-1270 for details on how these errors 
> surface. 
> With 1260 and 1270 we should have more information on what these malformed 
> paths were. But we should continue to investigate and fix the root cause, It 
> would most likely be in HMS code base. Until then, here is how you can 
> diagnose and fix it manually:
> *Look for malformed paths in HMS* : Look in DBS as well as SDS tables.
> {code}
> SELECT "NAME", "DB_LOCATION_URI" FROM "DBS" WHERE NOT "DB_LOCATION_URI" LIKE 
> 'hdfs://%/%';
> NAME | DB_LOCATION_URI 
> ---+
> db_name | hdfs://nameservice1
> (1 row)
> {code}
> *Fix it manually updating the HMS location*
> {code}
> UPDATE DBS
> SET DB_LOCATION_URI='hdfs://nameservice1/user/hive/warehouse/db_name.db'
> WHERE DB_ID=12345;
> {code}
> Lets track occurrences of these malformed paths here:
> * hdfs://nameservice1 : Not sure why would any one create a db/table in root 
> directory? Should we accept this in Sentry?
> What does SKEWED_COL_VALUE_LOC_MAP.location in HMS correspond to? Double 
> check if there are any malformed paths here?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-961) Remove fb303.thrift reference from thrift definitions

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-961?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-961:
---
Labels: newbie  (was: )

> Remove fb303.thrift reference from thrift definitions
> -
>
> Key: SENTRY-961
> URL: https://issues.apache.org/jira/browse/SENTRY-961
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
>  Labels: newbie
>
> Looks like we do not require fb303.thrift but include it in our thrift 
> definitions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1316) Implement Sentry leadership election

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15345150#comment-15345150
 ] 

Sravya Tirukkovalur commented on SENTRY-1316:
-

+1 pending QA. Seems like TestPluginCacheSync should also be removed as it is 
related to old design.

> Implement Sentry leadership election
> 
>
> Key: SENTRY-1316
> URL: https://issues.apache.org/jira/browse/SENTRY-1316
> Project: Sentry
>  Issue Type: Sub-task
>Affects Versions: 1.8.0
>Reporter: Sravya Tirukkovalur
>Assignee: Colin Patrick McCabe
> Fix For: 1.8.0
>
> Attachments: SENTRY-1316.001.patch, SENTRY-1316.002.patch, 
> SENTRY-1316.003.patch, SENTRY-1316.004-sentry-ha-redesign.patch, 
> SENTRY-1316.005-sentry-ha-redesign.patch, 
> SENTRY-1316.006-sentry-ha-redesign.patch, 
> SENTRY-1316.007-sentry-ha-redesign.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1321) Use DbNotificationListener and poll the HMS notifications from Sentry service

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15345200#comment-15345200
 ] 

Sravya Tirukkovalur commented on SENTRY-1321:
-

This is creating a maven circular dependency between sentry-provider-db and 
sentry-binding-hive. Any ideas on what is the preferable way to resolve this?

> Use DbNotificationListener and poll the HMS notifications from Sentry service
> -
>
> Key: SENTRY-1321
> URL: https://issues.apache.org/jira/browse/SENTRY-1321
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1321) Use DbNotificationListener and poll the HMS notifications from Sentry service

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15345206#comment-15345206
 ] 

Sravya Tirukkovalur commented on SENTRY-1321:
-

I am thinking of creating a separate module sentry-binding-hive-follower and 
let sentry-provider-db use this. Any thoughts?

> Use DbNotificationListener and poll the HMS notifications from Sentry service
> -
>
> Key: SENTRY-1321
> URL: https://issues.apache.org/jira/browse/SENTRY-1321
> Project: Sentry
>  Issue Type: Sub-task
>  Components: Hdfs Plugin
>Reporter: Sravya Tirukkovalur
>Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1316) Implement Sentry leadership election

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1316:

   Resolution: Fixed
Fix Version/s: (was: 1.8.0)
   sentry-ha-redesign
   Status: Resolved  (was: Patch Available)

[~haohao] comitted this to the feature branch, thanks for the nice work 
[~cmccabe]!

> Implement Sentry leadership election
> 
>
> Key: SENTRY-1316
> URL: https://issues.apache.org/jira/browse/SENTRY-1316
> Project: Sentry
>  Issue Type: Sub-task
>Affects Versions: 1.8.0
>Reporter: Sravya Tirukkovalur
>Assignee: Colin Patrick McCabe
> Fix For: sentry-ha-redesign
>
> Attachments: SENTRY-1316.001.patch, SENTRY-1316.002.patch, 
> SENTRY-1316.003.patch, SENTRY-1316.004-sentry-ha-redesign.patch, 
> SENTRY-1316.005-sentry-ha-redesign.patch, 
> SENTRY-1316.006-sentry-ha-redesign.patch, 
> SENTRY-1316.007-sentry-ha-redesign.patch, 
> SENTRY-1316.008-sentry-ha-redesign.patch, 
> SENTRY-1316.008-sentry-ha-redesign.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1364) Add tests for "Alter table" which do not change location

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1364:
---

 Summary: Add tests for "Alter table" which do not change location
 Key: SENTRY-1364
 URL: https://issues.apache.org/jira/browse/SENTRY-1364
 Project: Sentry
  Issue Type: Test
Reporter: Sravya Tirukkovalur
 Attachments: SENTRY-1364.patch





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1364) Add tests for "Alter table" which do not change location

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1364:

Attachment: SENTRY-1364.patch

> Add tests for "Alter table" which do not change location
> 
>
> Key: SENTRY-1364
> URL: https://issues.apache.org/jira/browse/SENTRY-1364
> Project: Sentry
>  Issue Type: Test
>Reporter: Sravya Tirukkovalur
> Attachments: SENTRY-1364.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1231) Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION ''/uri"

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15347365#comment-15347365
 ] 

Sravya Tirukkovalur commented on SENTRY-1231:
-

Seems like newer Hive captures in AST, We can resolve this once we move to a 
newer Hive version.

> Sentry doesn't secure index location uri, when do "CREATE INDEX LOCATION 
> ''/uri"
> 
>
> Key: SENTRY-1231
> URL: https://issues.apache.org/jira/browse/SENTRY-1231
> Project: Sentry
>  Issue Type: Bug
>  Components: Sentry
>Affects Versions: 1.8.0
>Reporter: Anne Yu
>Assignee: Sravya Tirukkovalur
>Priority: Blocker
> Attachments: SENTRY-1231.0.patch, SENTRY-1231.1.patch
>
>
> Sentry doesn't check the uri privilege of command, CREATE INDEX LOCATION 
> '/path'. For example,
> {code}
> [root@ay-s3-1 ~]# sudo -u hdfs hdfs dfs -getfacl -R /data/testindex
> # file: /data/testindex
> # owner: hdfs
> # group: hive
> user::rwx
> group::r-x
> other::r-x
> use systest> CREATE INDEX my_hdfs_table_index ON TABLE my_hdfs_table 
> (viewtime) AS 'compact' WITH DEFERRED REBUILD LOCATION '/data/testindex';
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1373) Alter table location on a managed/unmanaged partitioned table, ACLS on oldTable location remain

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1373:

Summary: Alter table location on a managed/unmanaged partitioned table, 
ACLS on oldTable location remain  (was: Alter table location on a managed 
partitioned table, ACLS on oldTable location remain)

> Alter table location on a managed/unmanaged partitioned table, ACLS on 
> oldTable location remain
> ---
>
> Key: SENTRY-1373
> URL: https://issues.apache.org/jira/browse/SENTRY-1373
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (SENTRY-1374) Add alter table test cases for HDFS sync for managed/unmanaged table, with/without partitions

[Sravya Tirukkovalur (JIRA)]

 [ 
https://issues.apache.org/jira/browse/SENTRY-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sravya Tirukkovalur updated SENTRY-1374:

Summary: Add alter table test cases for HDFS sync for managed/unmanaged 
table, with/without partitions  (was: Add alter table test cases for HDFS sync)

> Add alter table test cases for HDFS sync for managed/unmanaged table, 
> with/without partitions
> -
>
> Key: SENTRY-1374
> URL: https://issues.apache.org/jira/browse/SENTRY-1374
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1374) Add alter table test cases for HDFS sync

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1374:
---

 Summary: Add alter table test cases for HDFS sync
 Key: SENTRY-1374
 URL: https://issues.apache.org/jira/browse/SENTRY-1374
 Project: Sentry
  Issue Type: Bug
Reporter: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1372) set location of managed table -> drop table does not remove ACLS on tableLocation

[Sravya Tirukkovalur (JIRA)]

Sravya Tirukkovalur created SENTRY-1372:
---

 Summary: set location of managed table -> drop table does not 
remove ACLS on tableLocation
 Key: SENTRY-1372
 URL: https://issues.apache.org/jira/browse/SENTRY-1372
 Project: Sentry
  Issue Type: Bug
Reporter: Sravya Tirukkovalur






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SENTRY-1372) set location of managed table -> drop table does not remove ACLS on tableLocation

[Sravya Tirukkovalur (JIRA)]

[ 
https://issues.apache.org/jira/browse/SENTRY-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15352174#comment-15352174
 ] 

Sravya Tirukkovalur commented on SENTRY-1372:
-

Resolving as it was a test issue.

> set location of managed table -> drop table does not remove ACLS on 
> tableLocation
> -
>
> Key: SENTRY-1372
> URL: https://issues.apache.org/jira/browse/SENTRY-1372
> Project: Sentry
>  Issue Type: Bug
>Reporter: Sravya Tirukkovalur
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)