Release Notes - Sentry - Version 1.4.0

** Sub-task
    * [SENTRY-97] - Create service configuration properties
    * [SENTRY-129] - Implement Hive Sentry Authz DDL Task Factory
    * [SENTRY-134] - Use BoneCP, add unique constraint to GROUP_NAME, and expose jdo/datanucleus properties
    * [SENTRY-137] - Validate privilege scope in sentry service
    * [SENTRY-138] - Use server timestamp for createTime for role, privilege and group
    * [SENTRY-142] - Create database backed ProviderBackend
    * [SENTRY-143] - Merge db_policy_store branch into master
    * [SENTRY-153] - Add Hive e2e test with grant/revoke statements
    * [SENTRY-156] - Support local privilege validation APIs
    * [SENTRY-160] - Class to table mapping in package.jdo is incorrect
    * [SENTRY-364] - Bump up hive and hadoop versions from SNAPSHOT to released bits
    * [SENTRY-365] - Create release branch for 1.4.0
    * [SENTRY-369] - Update changelog.txt, notice.txt, etc... for 1.4.0 release



** Bug
    * [SENTRY-118] - cast udf should be added to sentry udf whitelist for hive
    * [SENTRY-131] - bin/sentry script doesn't find config-tool.sh under some circumstances
    * [SENTRY-133] - Alter table create partition if not exists - results in error
    * [SENTRY-161] - Sentry master branch is trying to download Hadoop tarball from nonexisting URL
    * [SENTRY-162] - Cleanup DB store privilege metadata on Hive DDL statements
    * [SENTRY-166] - Sentry does not accept URIs with an equals sign (=) in path. Fails with llegalArgumentException: Invalid key value
    * [SENTRY-169] - JAAS login options not compatible with IBM JDK  
    * [SENTRY-172] - config-tool.sh is missing from master branch
    * [SENTRY-174] - Sentry should not package hadoop, hive and other jars
    * [SENTRY-175] - sentry script throws error for the dbstore service invocation
    * [SENTRY-176] - Not able to read policy files on HDFS (Regression)
    * [SENTRY-177] - Sentry Policy Service does not treat role names as case insensitive
    * [SENTRY-178] - Poor performance for Sentry Policy Service as #of privileges is scaled up
    * [SENTRY-181] - Add a test case for duplicate privileges
    * [SENTRY-182] - Granting ALL privileges to table does not seem to do the right thing when using the SimpleDbPolicyProvider
    * [SENTRY-183] - Sentry Policy Service goes into an unusable state when granting privileges. Subsequent access fail with a DataNucleusException: "Iteration request failed: SELECT ..."
    * [SENTRY-186] - e2e tests for solr document-level security
    * [SENTRY-187] - Use invariants rather than default for specification of update index level authorization
    * [SENTRY-188] - Reduce the logging level during per-db policy loading
    * [SENTRY-190] - Support for getting set of roles from ProviderBackend
    * [SENTRY-191] - Sentry Policy Service should not require passing the RPC requestor's user/group information
    * [SENTRY-192] - Convert solr doc-level e2e test to be based on roles rather than groups
    * [SENTRY-194] - Sentry script should note use Hive script by default for service and tool execution
    * [SENTRY-195] - Sentry schema tool can't process comments inside statement
    * [SENTRY-200] - Remove sentry-provider dependencies on hive 
    * [SENTRY-201] - TestDatabaseProvider tests fail after Sentry schema tool was added.
    * [SENTRY-202] - Sentry end to end tests which use ClusterDFS will need to explicitly add the policy file to HDFS
    * [SENTRY-203] - Column name mismatch causes DataNucleus to throw exceptions
    * [SENTRY-204] - Test cases extending SentryServiceIntegrationBase are failing
    * [SENTRY-205] - Sentry throws Exception when trying to revoke Table level privileges
    * [SENTRY-206] - Sentry distribution should include a template config file for the service
    * [SENTRY-207] - Sentry script should return non-zero exist status in error conditions
    * [SENTRY-209] - Empty list returned when calling listPrivilegesByRoleName
    * [SENTRY-210] - Exception Thrown When Trying to grantRoleToGroup
    * [SENTRY-212] - Restrict access to hive config property hive.sentry.active.role.set which is set by Sentry Hive binding
    * [SENTRY-213] - Sentry schema tool doesn't handle sentry.javax.jdo.* properties
    * [SENTRY-214] - Sentry Service does not allow the same Privilege to be associated to multiple Roles
    * [SENTRY-217] - Add Insert and URI tests for Sentry DB provider
    * [SENTRY-218] - Use defaults for user, password and driver in SchemaTool 
    * [SENTRY-219] - Sentry Cache Backend Provider initialization does not work as expected
    * [SENTRY-220] - Trivial fix to SentrySchemaTool to set default driver
    * [SENTRY-221] - Privilege scope is case sensitive
    * [SENTRY-222] - Privileges are sometimes granted to the wrong roles
    * [SENTRY-224] - Provider resource should not be required for DB provider backend
    * [SENTRY-229] - SentrySchemaTool initSchema does not work with postgres 8.1and oracle
    * [SENTRY-231] - Fix JDK 6 build
    * [SENTRY-235] - Change tests in TestSentryServerWithoutKerberos to use new Sentry service APIs
    * [SENTRY-236] - Sentry PolicyFile provider incorrectly logs error messages when reading policy file
    * [SENTRY-237] - Support log4j configuration for Sentry service
    * [SENTRY-238] - Denied Show roles and show role grant throw thrift exception
    * [SENTRY-239] - Setup in TestDatabaseProvider is flaky
    * [SENTRY-241] - Sentry GrantRevokeTask should fire the sentry failure look
    * [SENTRY-243] - The operation type needs to be set in the grant/revoke task context for the failure hook
    * [SENTRY-244] - Sentry deprecated properties do not work
    * [SENTRY-245] - Fix failing db provider tests
    * [SENTRY-246] - Load command does not seem to work with filter push down
    * [SENTRY-247] - Go back to using filter push down once the bugs are fixed
    * [SENTRY-248] - The sentry-provider-cache dependency is not correctly set
    * [SENTRY-249] - "Use default" should be allowed for all the users even when using filter push down
    * [SENTRY-250] - Create external table fails with filter push down
    * [SENTRY-251] - PolicyProviderForTest.addPrivilege breaks in some cases
    * [SENTRY-252] - Per db policy files based tests should be updated for dbprovider usage
    * [SENTRY-253] - Creating external table seems to be failing when using provider db.
    * [SENTRY-254] - Privilege name in provider db has a limit of length 128 which might be very low for long uris.
    * [SENTRY-255] - Revoke on Server privilege fails
    * [SENTRY-256] - Fix TestDbEndToEnd.testEndToEnd1
    * [SENTRY-257] - Upgrade master to use version 1.4.0-mapr-1509-SNAPSHOT
    * [SENTRY-259] - Implement Hive metastore plugin
    * [SENTRY-260] - Add support to use DB2  as database for sentry metastore
    * [SENTRY-262] - Updating patch for SENTRY-178
    * [SENTRY-263] - Remove usage of getHostString() from AbstractTestWithStaticConfiguration
    * [SENTRY-266] - Implement _HOST substitution in principal
    * [SENTRY-268] - Allow only granted roles to be set in "SET ROLE <roleName>"
    * [SENTRY-269] - Add a test case for Denied Alter table, should fire SentryOnFailureHook
    * [SENTRY-271] - Test TestSentryServiceIntegration is flaky
    * [SENTRY-272] - Test TestSentryStoreToAuthorizable.testUri is failing on comparing URI string
    * [SENTRY-273] - org.apache.sentry.tests.e2e.dbprovider.TestDbUriPermissions is failing
    * [SENTRY-274] - MySQL init scripts contains invalid comments
    * [SENTRY-275] - Fix compilation error in SentryService
    * [SENTRY-276] - SentryService tests are currently timing out
    * [SENTRY-277] - Add Pig+HCat test for Metastore auth plugin
    * [SENTRY-278] -  TestSearchModelAuthorizables.testTooManyKV and  TestDBModelAuthorizables.testTooManyKV fail
    * [SENTRY-279] - Revert back using lowercase for uri label
    * [SENTRY-280] - Sentry-202 missing changes
    * [SENTRY-281] - Revoking a parent privilege should revoke all child privileges
    * [SENTRY-282] - Select on DB should give privileges to query tables within it.
    * [SENTRY-283] - Secure connection from HS2 to Sentry service fails
    * [SENTRY-284] - Create test for creating external partition
    * [SENTRY-285] - privilege->action=all is not same as privilege
    * [SENTRY-288] - Dissable MetastoreBinding for test cases that do not require it
    * [SENTRY-289] - Kerberos based connection from HS2 and Metastore to Sentry service fails
    * [SENTRY-290] - Handle null pointer in SentryPolicyProcessor
    * [SENTRY-294] - The Sentry service client should execute UGI privilege action by default
    * [SENTRY-297] - Increase privilege_name to 4000 in mysql to be consistent with other dbs
    * [SENTRY-299] - Partial Revoke Fails under certain conditions
    * [SENTRY-300] - HiveAuthzBinding checks for Hive server2 config which is not available when using Sentry with Hive meta store server
    * [SENTRY-301] - Sentry plugin fails access service from secure Hive Metastore 
    * [SENTRY-302] - Partial revoke on Table fails if both ALL and a SELECT/INSERT grant exists
    * [SENTRY-304] - Limit on index key in MYSQL (innoDB ) is 767 bytes
    * [SENTRY-305] - SHOW CURRENT ROLES shouldn't require admin privileges
    * [SENTRY-306] - Fix grant all on table in db based provider
    * [SENTRY-307] - Unqualified URIs should be reconstructed in a standard way
    * [SENTRY-309] - Metastore binding should use fully qualified URI for validating alter table operations
    * [SENTRY-310] - Make Hive operation to required privileges more granular
    * [SENTRY-311] - Metastore plugin needs to be changed to updated privilege model
    * [SENTRY-312] - Add 'decimal' and 'date' to default UDF whitelist
    * [SENTRY-313] - Fix some uri failing tests
    * [SENTRY-314] - Metastore plugin should verify the storage descriptor before referencing
    * [SENTRY-315] - SHOW CURRENT ROLE fails if the one of the groups doesn't have any roles granted
    * [SENTRY-317] - Fix TestDbOperations.testLoad test
    * [SENTRY-319] - group names should be case sensitive.
    * [SENTRY-321] - SentryMetastorePostEventListener should use sentry config to create SentryClient
    * [SENTRY-332] - A role may got empty privilege, although the role have some privileges
    * [SENTRY-336] - Fix test failures on real cluster
    * [SENTRY-337] - When the parameter sentry.metastore.service.users isn't set or set empty, starting metastore will throw java.lang.NullPointerException
    * [SENTRY-363] - CTAS from view is requiring select on underlying table




** Improvement
    * [SENTRY-106] - Make solr testing work against apache 4.7 version
    * [SENTRY-193] - Add schematool for creating Sentry store schema from the SQL scripts
    * [SENTRY-211] - Do the user: group lookup in the Sentry db policy server
    * [SENTRY-258] - Increase field PRIVILEGE_NAME to 4000 characters to enable long URIs
    * [SENTRY-293] - Create a new mvn cluster test profile for provider db tests
    * [SENTRY-303] - Allow users to grant/revoke SELECT/INSERT to ALL tables in a Database
    * [SENTRY-333] - Add conf directory to sentry distribution
    * [SENTRY-361] - Sentry server should use sentry-site.xml in conf directory by default

** New Feature
    * [SENTRY-3] - Create a diagnostics tool for configuration validation
    * [SENTRY-37] - Implement a DB backed policy store
    * [SENTRY-115] - Give bindings the ability to access the group mappings
    * [SENTRY-157] - Support filter pushdown in DB Store client to reduce data transfer from DB Store service
    * [SENTRY-158] - Hive bindings should enable MR level ACLs for session user
    * [SENTRY-165] - Implement createShowRolesTask() in SentryHiveAuthorizationTaskFactoryImpl
    * [SENTRY-184] - Add Sentry service APIs to query roles and privileges
    * [SENTRY-199] - Create tool that will convert policy file into into DB store
    * [SENTRY-215] - SHOW GRANT ROLE xxx ON [SERVER, DATABASE, TABLE, URI] xxx
    * [SENTRY-216] - Support SHOW CURRENT ROLES




** Task
    * [SENTRY-159] - Convert AbstractSolrSentryTestBase to use MiniSolrCloudCluster rather than Lucene test hierarchy
    * [SENTRY-164] - Missing implementation for  HiveAuthorizationTaskFactory: createShowRolesTask()
    * [SENTRY-230] - e2e test for doc level security to cover failure scenarios around Index level auth
    * [SENTRY-356] - Apache Sentry 1.4.0 Release


** Test
    * [SENTRY-223] - Add a test for updates with doc-level security
    * [SENTRY-233] - Disable hdfs blockcache during solr e2e tests
    * [SENTRY-261] - Improve test coverage for grant/revoke statements in Hive e2e tests
    * [SENTRY-287] - Add test case for giving select privieleges on a table in a non default database
    * [SENTRY-291] - Remove duplicate testSameGrantTwice



