Re: Proposal to release Sentry 2.0.0

[Kalyan Kumar Kalvagadda <kk...@cloudera.com>]

I have started the release process. As initial step I have moved all the
unresolved jira's to 2.1.0 release except for SENTRY-2062 and SENTRY-1812.
Please let me know if you want your changes to be part of sentry 2.0.0. I
will be cutting branch for sentry 2.0.0 later today.


-Kalyan

On Mon, Oct 16, 2017 at 9:49 AM, Kalyan Kumar Kalvagadda <
kkalyan@cloudera.com> wrote:

> I feel, we should stop using the terms authz1 and authz2 now on as it can
> create confusion.. With the new approach we have taken there is no authz1. Sentry
> binding that will be enabled by default uses functionality of both older
> bindings.
>
> -Kalyan
>
> On Mon, Oct 16, 2017 at 9:42 AM, Sergio Pena <se...@cloudera.com>
> wrote:
>
>> I won't be necessary to have both binding jars. But we will keep the code
>> around for one more release and remove it later just as backup for us in
>> case we forgot to refactor something.
>>
>> On Mon, Oct 16, 2017 at 8:54 AM, Colm O hEigeartaigh <coheigea@apache.org
>> >
>> wrote:
>>
>> > Sounds good thanks. Just one other query - will we still have two
>> separate
>> > binding jars for authz1 and authz2?
>> >
>> > Colm.
>> >
>> > On Mon, Oct 16, 2017 at 2:31 PM, Sergio Pena <se...@cloudera.com>
>> > wrote:
>> >
>> > > Nop. The plan is to ship authz2 but only when grant/revoke tasks are
>> > > executed and HMS filters are used. The current HiveAuthzBinding class
>> > will
>> > > still be used when a command is executed and Hive requests
>> authorization
>> > to
>> > > Sentry (this is part of the authz1 profile). Btw, the HMS server side
>> > > checks still use MetastoreAuthzBinding.java in both authz1 and authz2.
>> > >
>> > > The plans for Solr is to support the latest Solr 6.x which added
>> support
>> > > for authorization modules. Hrishikesh is a Solr contributor and is
>> > helping
>> > > us integrate it on SENTRY-1475
>> > > <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was just
>> > > released last month, but he said he already has the code for Solr 6,
>> but
>> > he
>> > > will try to see if Solr 7 is easy to do, but the initial expectations
>> > were
>> > > to have Solr 6.
>> > >
>> > > What do you think about the plans? Any comments regarding about them?
>> > Would
>> > > you like to see something else or different?
>> > >
>> > > Sergio.
>> > >
>> > > On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh <
>> > coheigea@apache.org>
>> > > wrote:
>> > >
>> > > > Hi Sergio,
>> > > >
>> > > > Is the plan to ship both the authz1 and authz2 bindings for Sentry
>> > 2.0.0?
>> > > > If so, which is recommended for use? Also, what are the plans to
>> get a
>> > > more
>> > > > recent version of Solr supported?
>> > > >
>> > > > Colm.
>> > > >
>> > > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <li...@cloudera.com>
>> wrote:
>> > > >
>> > > > > Kalyan,
>> > > > >
>> > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as well.
>> > > > >
>> > > > > Lina
>> > > > >
>> > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda <
>> > > > > kkalyan@cloudera.com> wrote:
>> > > > >
>> > > > > > Sasha,
>> > > > > >
>> > > > > > See my response in-line below
>> > > > > >
>> > > > > > -Kalyan
>> > > > > >
>> > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov <
>> > > > akolb@cloudera.com>
>> > > > > > wrote:
>> > > > > >
>> > > > > > > Kalyan,
>> > > > > > >
>> > > > > > > Thank you for pushing forward 2.0 release!
>> > > > > > >
>> > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda <
>> > > > > > > kkalyan@cloudera.com> wrote:
>> > > > > > > >
>> > > > > > > > Hello all,
>> > > > > > > >
>> > > > > > > > We need to release sentry HA functionality so that community
>> > can
>> > > > > start
>> > > > > > > > using it. In this regard I proposed to have a sentry 1.9.0
>> > > release
>> > > > as
>> > > > > > > there
>> > > > > > > > were some outstanding issues integrating with Hive.
>> Community
>> > was
>> > > > not
>> > > > > > > > positive on this proposal for various reasons.
>> > > > > > >
>> > > > > > > It would be great if you can summarize these reasons here for
>> > > future
>> > > > > > > reference.
>> > > > > > > One major concern was that sentry 1.9.0 should still be
>> backward
>> > > > > > > compatible and work with Hive1.1.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > > >
>> > > > > > > > With recent findings we think we don't have to wait for Hive
>> > > fixes.
>> > > > > > With
>> > > > > > > > the changes that are planned for below listed Jira's sentry
>> > would
>> > > > > use a
>> > > > > > > > combination of Semantic Hooks and AuthV2 interface to
>> integrate
>> > > > with
>> > > > > > HIVE
>> > > > > > > > 2.0.
>> > > > > > >
>> > > > > > > In your earlier email regarding 1.9 release you also mention
>> > issues
>> > > > > with
>> > > > > > > moving up to Java 8 and some issues with Solr-7 integration.
>> Does
>> > > > this
>> > > > > > mean
>> > > > > > > that you have a better idea of how to deal with these issues
>> now?
>> > > > > > > Yes, Changes for java version bumup are under review and the
>> code
>> > > > > changes
>> > > > > > > for Solr-6 integration will be co
>> > > > > > >
>> > > > > > > >
>> > > > > > > >   1. SENTRY-1978 <https://issues.apache.org/
>> > > > jira/browse/SENTRY-1978>
>> > > > > > > -Move
>> > > > > > > >   the hive-authz2 grant/revoke implementation into the
>> > > > > > > sentry-binding-hive
>> > > > > > > >   module
>> > > > > > >
>> > > > > > > This looks like “refactoring change” so it doesn’t actually
>> > change
>> > > > any
>> > > > > > > existing functionality - right?
>> > > > > > >
>> > > > > > This is not just refactoring. With this change Sentry would use
>> the
>> > > > > > Schematic Hook implemented as part of Authv-2 support. Sentry
>> still
>> > > > would
>> > > > > > still continue using the older implementation for PreAnalyze and
>> > > > > > PostAnalyze schematic hooks.
>> > > > > >
>> > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >   1. SENTRY-1980 <https://issues.apache.org/
>> > > > jira/browse/SENTRY-1980
>> > > > > >-
>> > > > > > > Move
>> > > > > > > >   the hive-authz2 HMS client filtering implementation into
>> the
>> > > > > > > >   sentry-binding-hive module.
>> > > > > > >
>> > > > > > > Same here - this seems to be a refactoring change which
>> doesn’t
>> > > > affect
>> > > > > > any
>> > > > > > > existing functionality.
>> > > > > > > This is not just refactoring. With this change Sentry would
>> use
>> > the
>> > > > > > > Schematic Hook implemented as part of Authv-2 support. Sentry
>> > still
>> > > > > would
>> > > > > > > still continue using the older implementation for PreAnalyze
>> and
>> > > > > > > PostAnalyze schematic hooks.
>> > > > > > > I think you are referring to some planned follow-up work to
>> > > actually
>> > > > > > solve
>> > > > > > > the authorization problem for Hive 2 - right? Yes.
>> > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > I have created a umbrella jira for releasing Sentry 2.0 .
>> > > > > > > >
>> > > > > > > >   1. SENTRY-1982 <https://issues.apache.org/
>> > > > jira/browse/SENTRY-1982>
>> > > > > > > -Release
>> > > > > > > >   sentry 2.0.0 upstream
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > I have linked issues that are blocking the release. If you
>> see
>> > > any
>> > > > > > issue
>> > > > > > > > that is blocking please attach it to this jira. That way we
>> can
>> > > fix
>> > > > > > them
>> > > > > > > > and clear all the road blocks for releasing SENTYR 2.0.0
>> > > > > > >
>> > > > > > > What is your impression once you looked at these issues - do
>> you
>> > > > think
>> > > > > > > that you should be able to fix majority of these or do you
>> think
>> > > that
>> > > > > > these
>> > > > > > > ca nbe simply moved out of the release?
>> > > > > > >
>> > > > > > Issues blocking SENTRY-1982 should be fixed before sentry 2.0.0
>> is
>> > > > > > released.
>> > > > > >
>> > > > > >
>> > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > -Kalyan
>> > > > > > >
>> > > > > > > - Alex
>> > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Colm O hEigeartaigh
>> > > >
>> > > > Talend Community Coder
>> > > > http://coders.talend.com
>> > > >
>> > >
>> >
>> >
>> >
>> > --
>> > Colm O hEigeartaigh
>> >
>> > Talend Community Coder
>> > http://coders.talend.com
>> >
>>
>
>

Re: Proposal to release Sentry 2.0.0

[Kalyan Kumar Kalvagadda <kk...@cloudera.com>]

Sergio,

I will do it today.
Thanks for letting me know.

-Kalyan

On Wed, Nov 22, 2017 at 6:03 PM, Sergio Pena <se...@cloudera.com>
wrote:

> Thanks Kalyan.
>
> Those JIRAs are committed now and the 2.0 release is not blocked anymore.
> You may want to cut the branch now to freeze the 2.0 version.
>
>
> - Sergio
>
> On Wed, Nov 22, 2017 at 9:13 AM, Kalyan Kumar Kalvagadda <
> kkalyan@cloudera.com> wrote:
>
> > I have started the release process. As initial step I have moved all the
> > unresolved jira's to 2.1.0 release except for SENTRY-2062 and
> SENTRY-1812.
> > Please let me know if you want your changes to be part of sentry 2.0.0. I
> > will be cutting branch for sentry 2.0.0 later today.
> >
> >
> > -Kalyan
> >
> > On Mon, Oct 16, 2017 at 9:49 AM, Kalyan Kumar Kalvagadda <
> > kkalyan@cloudera.com> wrote:
> >
> > > I feel, we should stop using the terms authz1 and authz2 now on as it
> can
> > > create confusion.. With the new approach we have taken there is no
> > authz1. Sentry
> > > binding that will be enabled by default uses functionality of both
> older
> > > bindings.
> > >
> > > -Kalyan
> > >
> > > On Mon, Oct 16, 2017 at 9:42 AM, Sergio Pena <sergio.pena@cloudera.com
> >
> > > wrote:
> > >
> > >> I won't be necessary to have both binding jars. But we will keep the
> > code
> > >> around for one more release and remove it later just as backup for us
> in
> > >> case we forgot to refactor something.
> > >>
> > >> On Mon, Oct 16, 2017 at 8:54 AM, Colm O hEigeartaigh <
> > coheigea@apache.org
> > >> >
> > >> wrote:
> > >>
> > >> > Sounds good thanks. Just one other query - will we still have two
> > >> separate
> > >> > binding jars for authz1 and authz2?
> > >> >
> > >> > Colm.
> > >> >
> > >> > On Mon, Oct 16, 2017 at 2:31 PM, Sergio Pena <
> > sergio.pena@cloudera.com>
> > >> > wrote:
> > >> >
> > >> > > Nop. The plan is to ship authz2 but only when grant/revoke tasks
> are
> > >> > > executed and HMS filters are used. The current HiveAuthzBinding
> > class
> > >> > will
> > >> > > still be used when a command is executed and Hive requests
> > >> authorization
> > >> > to
> > >> > > Sentry (this is part of the authz1 profile). Btw, the HMS server
> > side
> > >> > > checks still use MetastoreAuthzBinding.java in both authz1 and
> > authz2.
> > >> > >
> > >> > > The plans for Solr is to support the latest Solr 6.x which added
> > >> support
> > >> > > for authorization modules. Hrishikesh is a Solr contributor and is
> > >> > helping
> > >> > > us integrate it on SENTRY-1475
> > >> > > <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was
> > just
> > >> > > released last month, but he said he already has the code for Solr
> 6,
> > >> but
> > >> > he
> > >> > > will try to see if Solr 7 is easy to do, but the initial
> > expectations
> > >> > were
> > >> > > to have Solr 6.
> > >> > >
> > >> > > What do you think about the plans? Any comments regarding about
> > them?
> > >> > Would
> > >> > > you like to see something else or different?
> > >> > >
> > >> > > Sergio.
> > >> > >
> > >> > > On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh <
> > >> > coheigea@apache.org>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi Sergio,
> > >> > > >
> > >> > > > Is the plan to ship both the authz1 and authz2 bindings for
> Sentry
> > >> > 2.0.0?
> > >> > > > If so, which is recommended for use? Also, what are the plans to
> > >> get a
> > >> > > more
> > >> > > > recent version of Solr supported?
> > >> > > >
> > >> > > > Colm.
> > >> > > >
> > >> > > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <li...@cloudera.com>
> > >> wrote:
> > >> > > >
> > >> > > > > Kalyan,
> > >> > > > >
> > >> > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as
> > well.
> > >> > > > >
> > >> > > > > Lina
> > >> > > > >
> > >> > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda <
> > >> > > > > kkalyan@cloudera.com> wrote:
> > >> > > > >
> > >> > > > > > Sasha,
> > >> > > > > >
> > >> > > > > > See my response in-line below
> > >> > > > > >
> > >> > > > > > -Kalyan
> > >> > > > > >
> > >> > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov <
> > >> > > > akolb@cloudera.com>
> > >> > > > > > wrote:
> > >> > > > > >
> > >> > > > > > > Kalyan,
> > >> > > > > > >
> > >> > > > > > > Thank you for pushing forward 2.0 release!
> > >> > > > > > >
> > >> > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda <
> > >> > > > > > > kkalyan@cloudera.com> wrote:
> > >> > > > > > > >
> > >> > > > > > > > Hello all,
> > >> > > > > > > >
> > >> > > > > > > > We need to release sentry HA functionality so that
> > community
> > >> > can
> > >> > > > > start
> > >> > > > > > > > using it. In this regard I proposed to have a sentry
> 1.9.0
> > >> > > release
> > >> > > > as
> > >> > > > > > > there
> > >> > > > > > > > were some outstanding issues integrating with Hive.
> > >> Community
> > >> > was
> > >> > > > not
> > >> > > > > > > > positive on this proposal for various reasons.
> > >> > > > > > >
> > >> > > > > > > It would be great if you can summarize these reasons here
> > for
> > >> > > future
> > >> > > > > > > reference.
> > >> > > > > > > One major concern was that sentry 1.9.0 should still be
> > >> backward
> > >> > > > > > > compatible and work with Hive1.1.
> > >> > > > > >
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > > >
> > >> > > > > > > > With recent findings we think we don't have to wait for
> > Hive
> > >> > > fixes.
> > >> > > > > > With
> > >> > > > > > > > the changes that are planned for below listed Jira's
> > sentry
> > >> > would
> > >> > > > > use a
> > >> > > > > > > > combination of Semantic Hooks and AuthV2 interface to
> > >> integrate
> > >> > > > with
> > >> > > > > > HIVE
> > >> > > > > > > > 2.0.
> > >> > > > > > >
> > >> > > > > > > In your earlier email regarding 1.9 release you also
> mention
> > >> > issues
> > >> > > > > with
> > >> > > > > > > moving up to Java 8 and some issues with Solr-7
> integration.
> > >> Does
> > >> > > > this
> > >> > > > > > mean
> > >> > > > > > > that you have a better idea of how to deal with these
> issues
> > >> now?
> > >> > > > > > > Yes, Changes for java version bumup are under review and
> the
> > >> code
> > >> > > > > changes
> > >> > > > > > > for Solr-6 integration will be co
> > >> > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >   1. SENTRY-1978 <https://issues.apache.org/
> > >> > > > jira/browse/SENTRY-1978>
> > >> > > > > > > -Move
> > >> > > > > > > >   the hive-authz2 grant/revoke implementation into the
> > >> > > > > > > sentry-binding-hive
> > >> > > > > > > >   module
> > >> > > > > > >
> > >> > > > > > > This looks like “refactoring change” so it doesn’t
> actually
> > >> > change
> > >> > > > any
> > >> > > > > > > existing functionality - right?
> > >> > > > > > >
> > >> > > > > > This is not just refactoring. With this change Sentry would
> > use
> > >> the
> > >> > > > > > Schematic Hook implemented as part of Authv-2 support.
> Sentry
> > >> still
> > >> > > > would
> > >> > > > > > still continue using the older implementation for PreAnalyze
> > and
> > >> > > > > > PostAnalyze schematic hooks.
> > >> > > > > >
> > >> > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >   1. SENTRY-1980 <https://issues.apache.org/
> > >> > > > jira/browse/SENTRY-1980
> > >> > > > > >-
> > >> > > > > > > Move
> > >> > > > > > > >   the hive-authz2 HMS client filtering implementation
> into
> > >> the
> > >> > > > > > > >   sentry-binding-hive module.
> > >> > > > > > >
> > >> > > > > > > Same here - this seems to be a refactoring change which
> > >> doesn’t
> > >> > > > affect
> > >> > > > > > any
> > >> > > > > > > existing functionality.
> > >> > > > > > > This is not just refactoring. With this change Sentry
> would
> > >> use
> > >> > the
> > >> > > > > > > Schematic Hook implemented as part of Authv-2 support.
> > Sentry
> > >> > still
> > >> > > > > would
> > >> > > > > > > still continue using the older implementation for
> PreAnalyze
> > >> and
> > >> > > > > > > PostAnalyze schematic hooks.
> > >> > > > > > > I think you are referring to some planned follow-up work
> to
> > >> > > actually
> > >> > > > > > solve
> > >> > > > > > > the authorization problem for Hive 2 - right? Yes.
> > >> > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > > I have created a umbrella jira for releasing Sentry 2.0
> .
> > >> > > > > > > >
> > >> > > > > > > >   1. SENTRY-1982 <https://issues.apache.org/
> > >> > > > jira/browse/SENTRY-1982>
> > >> > > > > > > -Release
> > >> > > > > > > >   sentry 2.0.0 upstream
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > > I have linked issues that are blocking the release. If
> you
> > >> see
> > >> > > any
> > >> > > > > > issue
> > >> > > > > > > > that is blocking please attach it to this jira. That way
> > we
> > >> can
> > >> > > fix
> > >> > > > > > them
> > >> > > > > > > > and clear all the road blocks for releasing SENTYR 2.0.0
> > >> > > > > > >
> > >> > > > > > > What is your impression once you looked at these issues -
> do
> > >> you
> > >> > > > think
> > >> > > > > > > that you should be able to fix majority of these or do you
> > >> think
> > >> > > that
> > >> > > > > > these
> > >> > > > > > > ca nbe simply moved out of the release?
> > >> > > > > > >
> > >> > > > > > Issues blocking SENTRY-1982 should be fixed before sentry
> > 2.0.0
> > >> is
> > >> > > > > > released.
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > >
> > >> > > > > > > >
> > >> > > > > > > >
> > >> > > > > > > > -Kalyan
> > >> > > > > > >
> > >> > > > > > > - Alex
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > > >
> > >> > > >
> > >> > > > --
> > >> > > > Colm O hEigeartaigh
> > >> > > >
> > >> > > > Talend Community Coder
> > >> > > > http://coders.talend.com
> > >> > > >
> > >> > >
> > >> >
> > >> >
> > >> >
> > >> > --
> > >> > Colm O hEigeartaigh
> > >> >
> > >> > Talend Community Coder
> > >> > http://coders.talend.com
> > >> >
> > >>
> > >
> > >
> >
>

Re: Proposal to release Sentry 2.0.0

[Sergio Pena <se...@cloudera.com>]

Thanks Kalyan.

Those JIRAs are committed now and the 2.0 release is not blocked anymore.
You may want to cut the branch now to freeze the 2.0 version.


- Sergio

On Wed, Nov 22, 2017 at 9:13 AM, Kalyan Kumar Kalvagadda <
kkalyan@cloudera.com> wrote:

> I have started the release process. As initial step I have moved all the
> unresolved jira's to 2.1.0 release except for SENTRY-2062 and SENTRY-1812.
> Please let me know if you want your changes to be part of sentry 2.0.0. I
> will be cutting branch for sentry 2.0.0 later today.
>
>
> -Kalyan
>
> On Mon, Oct 16, 2017 at 9:49 AM, Kalyan Kumar Kalvagadda <
> kkalyan@cloudera.com> wrote:
>
> > I feel, we should stop using the terms authz1 and authz2 now on as it can
> > create confusion.. With the new approach we have taken there is no
> authz1. Sentry
> > binding that will be enabled by default uses functionality of both older
> > bindings.
> >
> > -Kalyan
> >
> > On Mon, Oct 16, 2017 at 9:42 AM, Sergio Pena <se...@cloudera.com>
> > wrote:
> >
> >> I won't be necessary to have both binding jars. But we will keep the
> code
> >> around for one more release and remove it later just as backup for us in
> >> case we forgot to refactor something.
> >>
> >> On Mon, Oct 16, 2017 at 8:54 AM, Colm O hEigeartaigh <
> coheigea@apache.org
> >> >
> >> wrote:
> >>
> >> > Sounds good thanks. Just one other query - will we still have two
> >> separate
> >> > binding jars for authz1 and authz2?
> >> >
> >> > Colm.
> >> >
> >> > On Mon, Oct 16, 2017 at 2:31 PM, Sergio Pena <
> sergio.pena@cloudera.com>
> >> > wrote:
> >> >
> >> > > Nop. The plan is to ship authz2 but only when grant/revoke tasks are
> >> > > executed and HMS filters are used. The current HiveAuthzBinding
> class
> >> > will
> >> > > still be used when a command is executed and Hive requests
> >> authorization
> >> > to
> >> > > Sentry (this is part of the authz1 profile). Btw, the HMS server
> side
> >> > > checks still use MetastoreAuthzBinding.java in both authz1 and
> authz2.
> >> > >
> >> > > The plans for Solr is to support the latest Solr 6.x which added
> >> support
> >> > > for authorization modules. Hrishikesh is a Solr contributor and is
> >> > helping
> >> > > us integrate it on SENTRY-1475
> >> > > <https://issues.apache.org/jira/browse/SENTRY-1475>. Solr 7 was
> just
> >> > > released last month, but he said he already has the code for Solr 6,
> >> but
> >> > he
> >> > > will try to see if Solr 7 is easy to do, but the initial
> expectations
> >> > were
> >> > > to have Solr 6.
> >> > >
> >> > > What do you think about the plans? Any comments regarding about
> them?
> >> > Would
> >> > > you like to see something else or different?
> >> > >
> >> > > Sergio.
> >> > >
> >> > > On Mon, Oct 16, 2017 at 4:52 AM, Colm O hEigeartaigh <
> >> > coheigea@apache.org>
> >> > > wrote:
> >> > >
> >> > > > Hi Sergio,
> >> > > >
> >> > > > Is the plan to ship both the authz1 and authz2 bindings for Sentry
> >> > 2.0.0?
> >> > > > If so, which is recommended for use? Also, what are the plans to
> >> get a
> >> > > more
> >> > > > recent version of Solr supported?
> >> > > >
> >> > > > Colm.
> >> > > >
> >> > > > On Sat, Oct 14, 2017 at 5:12 PM, Na Li <li...@cloudera.com>
> >> wrote:
> >> > > >
> >> > > > > Kalyan,
> >> > > > >
> >> > > > > Thanks for the update. I am up to releasing sentry 2.0.0 as
> well.
> >> > > > >
> >> > > > > Lina
> >> > > > >
> >> > > > > On Fri, Oct 13, 2017 at 6:18 PM, Kalyan Kumar Kalvagadda <
> >> > > > > kkalyan@cloudera.com> wrote:
> >> > > > >
> >> > > > > > Sasha,
> >> > > > > >
> >> > > > > > See my response in-line below
> >> > > > > >
> >> > > > > > -Kalyan
> >> > > > > >
> >> > > > > > On Fri, Oct 13, 2017 at 1:09 PM, Alexander Kolbasov <
> >> > > > akolb@cloudera.com>
> >> > > > > > wrote:
> >> > > > > >
> >> > > > > > > Kalyan,
> >> > > > > > >
> >> > > > > > > Thank you for pushing forward 2.0 release!
> >> > > > > > >
> >> > > > > > > > On Oct 13, 2017, at 7:20 AM, Kalyan Kumar Kalvagadda <
> >> > > > > > > kkalyan@cloudera.com> wrote:
> >> > > > > > > >
> >> > > > > > > > Hello all,
> >> > > > > > > >
> >> > > > > > > > We need to release sentry HA functionality so that
> community
> >> > can
> >> > > > > start
> >> > > > > > > > using it. In this regard I proposed to have a sentry 1.9.0
> >> > > release
> >> > > > as
> >> > > > > > > there
> >> > > > > > > > were some outstanding issues integrating with Hive.
> >> Community
> >> > was
> >> > > > not
> >> > > > > > > > positive on this proposal for various reasons.
> >> > > > > > >
> >> > > > > > > It would be great if you can summarize these reasons here
> for
> >> > > future
> >> > > > > > > reference.
> >> > > > > > > One major concern was that sentry 1.9.0 should still be
> >> backward
> >> > > > > > > compatible and work with Hive1.1.
> >> > > > > >
> >> > > > > >
> >> > > > > >
> >> > > > > > > >
> >> > > > > > > > With recent findings we think we don't have to wait for
> Hive
> >> > > fixes.
> >> > > > > > With
> >> > > > > > > > the changes that are planned for below listed Jira's
> sentry
> >> > would
> >> > > > > use a
> >> > > > > > > > combination of Semantic Hooks and AuthV2 interface to
> >> integrate
> >> > > > with
> >> > > > > > HIVE
> >> > > > > > > > 2.0.
> >> > > > > > >
> >> > > > > > > In your earlier email regarding 1.9 release you also mention
> >> > issues
> >> > > > > with
> >> > > > > > > moving up to Java 8 and some issues with Solr-7 integration.
> >> Does
> >> > > > this
> >> > > > > > mean
> >> > > > > > > that you have a better idea of how to deal with these issues
> >> now?
> >> > > > > > > Yes, Changes for java version bumup are under review and the
> >> code
> >> > > > > changes
> >> > > > > > > for Solr-6 integration will be co
> >> > > > > > >
> >> > > > > > > >
> >> > > > > > > >   1. SENTRY-1978 <https://issues.apache.org/
> >> > > > jira/browse/SENTRY-1978>
> >> > > > > > > -Move
> >> > > > > > > >   the hive-authz2 grant/revoke implementation into the
> >> > > > > > > sentry-binding-hive
> >> > > > > > > >   module
> >> > > > > > >
> >> > > > > > > This looks like “refactoring change” so it doesn’t actually
> >> > change
> >> > > > any
> >> > > > > > > existing functionality - right?
> >> > > > > > >
> >> > > > > > This is not just refactoring. With this change Sentry would
> use
> >> the
> >> > > > > > Schematic Hook implemented as part of Authv-2 support. Sentry
> >> still
> >> > > > would
> >> > > > > > still continue using the older implementation for PreAnalyze
> and
> >> > > > > > PostAnalyze schematic hooks.
> >> > > > > >
> >> > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > >   1. SENTRY-1980 <https://issues.apache.org/
> >> > > > jira/browse/SENTRY-1980
> >> > > > > >-
> >> > > > > > > Move
> >> > > > > > > >   the hive-authz2 HMS client filtering implementation into
> >> the
> >> > > > > > > >   sentry-binding-hive module.
> >> > > > > > >
> >> > > > > > > Same here - this seems to be a refactoring change which
> >> doesn’t
> >> > > > affect
> >> > > > > > any
> >> > > > > > > existing functionality.
> >> > > > > > > This is not just refactoring. With this change Sentry would
> >> use
> >> > the
> >> > > > > > > Schematic Hook implemented as part of Authv-2 support.
> Sentry
> >> > still
> >> > > > > would
> >> > > > > > > still continue using the older implementation for PreAnalyze
> >> and
> >> > > > > > > PostAnalyze schematic hooks.
> >> > > > > > > I think you are referring to some planned follow-up work to
> >> > > actually
> >> > > > > > solve
> >> > > > > > > the authorization problem for Hive 2 - right? Yes.
> >> > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > > I have created a umbrella jira for releasing Sentry 2.0 .
> >> > > > > > > >
> >> > > > > > > >   1. SENTRY-1982 <https://issues.apache.org/
> >> > > > jira/browse/SENTRY-1982>
> >> > > > > > > -Release
> >> > > > > > > >   sentry 2.0.0 upstream
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > > I have linked issues that are blocking the release. If you
> >> see
> >> > > any
> >> > > > > > issue
> >> > > > > > > > that is blocking please attach it to this jira. That way
> we
> >> can
> >> > > fix
> >> > > > > > them
> >> > > > > > > > and clear all the road blocks for releasing SENTYR 2.0.0
> >> > > > > > >
> >> > > > > > > What is your impression once you looked at these issues - do
> >> you
> >> > > > think
> >> > > > > > > that you should be able to fix majority of these or do you
> >> think
> >> > > that
> >> > > > > > these
> >> > > > > > > ca nbe simply moved out of the release?
> >> > > > > > >
> >> > > > > > Issues blocking SENTRY-1982 should be fixed before sentry
> 2.0.0
> >> is
> >> > > > > > released.
> >> > > > > >
> >> > > > > >
> >> > > > > > >
> >> > > > > > > >
> >> > > > > > > >
> >> > > > > > > > -Kalyan
> >> > > > > > >
> >> > > > > > > - Alex
> >> > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > > >
> >> > > >
> >> > > > --
> >> > > > Colm O hEigeartaigh
> >> > > >
> >> > > > Talend Community Coder
> >> > > > http://coders.talend.com
> >> > > >
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > Colm O hEigeartaigh
> >> >
> >> > Talend Community Coder
> >> > http://coders.talend.com
> >> >
> >>
> >
> >
>