diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index ba77736..1c1532b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -921,6 +921,8 @@ private int roleDDL(RoleDDLDesc roleDDLDesc) throws HiveException, IOException { writeToFile(writeRoleInfo(roles, testMode), roleDDLDesc.getResFile()); } else if (operation.equals(RoleDDLDesc.RoleOperation.SHOW_ROLES)) { List roleNames = db.getAllRoleNames(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roleNames); Path resFile = new Path(roleDDLDesc.getResFile()); FileSystem fs = resFile.getFileSystem(conf); outStream = fs.create(resFile); @@ -3088,6 +3090,9 @@ static String writeGrantInfo(List privileges, boolean testM return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(privileges); + for (HiveObjectPrivilege privilege : privileges) { HiveObjectRef resource = privilege.getHiveObject(); PrivilegeGrantInfo grantInfo = privilege.getGrantInfo(); @@ -3111,6 +3116,8 @@ static String writeRoleInfo(List roles, boolean testMode) { return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roles); for (Role role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, testMode ? -1 : role.getCreateTime() * 1000L); @@ -3128,6 +3135,8 @@ static String writeHiveRoleInfo(List roles, boolean testMode) { return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roles); for (HiveRole role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, testMode ? -1 : role.getCreateTime() * 1000L); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java index a23239b..7f3d78a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java @@ -21,10 +21,12 @@ import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.metastore.api.Role; +import com.google.common.collect.ComparisonChain; + // same with thrift.Role @LimitedPrivate(value = { "" }) @Evolving -public class HiveRole { +public class HiveRole implements Comparable { private String roleName; private int createTime; @@ -111,4 +113,22 @@ public String getGrantor() { public void setGrantor(String grantor) { this.grantor = grantor; } + + @Override + public int compareTo(HiveRole other) { + if(other == null){ + return 1; + } + return ComparisonChain.start().compare(roleName, other.roleName) + .compare(createTime, other.createTime) + .compare(principalName, other.principalName) + .compare(principalType, other.principalType) + .compare(grantOption, other.grantOption) + .compare(grantTime, other.grantTime) + .compare(grantor, other.grantor) + .result(); + + } + + } diff --git a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out index 8184708..bb558f1 100644 --- a/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out +++ b/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out @@ -42,8 +42,8 @@ PREHOOK: query: show role grant user user_sauth PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user_sauth POSTHOOK: type: SHOW_ROLE_GRANT -src_role -1 user_sauth USER false -1 hive_test_user PUBLIC -1 false -1 +src_role -1 user_sauth USER false -1 hive_test_user PREHOOK: query: --table grant to role grant select on table src_autho_test to role src_role diff --git a/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out b/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out index 7ea601d..0f5746d 100644 --- a/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out +++ b/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out @@ -74,8 +74,8 @@ PREHOOK: type: SHOW_GRANT POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev POSTHOOK: type: SHOW_GRANT default table_priv_rev user2 USER INSERT false -1 user1 -default table_priv_rev user2 USER UPDATE false -1 user1 default table_priv_rev user2 USER SELECT true -1 user1 +default table_priv_rev user2 USER UPDATE false -1 user1 PREHOOK: query: -- grant delete privilege to user2 GRANT DELETE ON table_priv_rev TO USER user2 PREHOOK: type: GRANT_PRIVILEGE @@ -90,8 +90,8 @@ POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev POSTHOOK: type: SHOW_GRANT default table_priv_rev user2 USER DELETE false -1 user1 default table_priv_rev user2 USER INSERT false -1 user1 -default table_priv_rev user2 USER UPDATE false -1 user1 default table_priv_rev user2 USER SELECT true -1 user1 +default table_priv_rev user2 USER UPDATE false -1 user1 PREHOOK: query: -- start revoking -- -- revoke update privilege from user2 REVOKE UPDATE ON TABLE table_priv_rev FROM USER user2 diff --git a/ql/src/test/results/clientpositive/authorization_role_grant1.q.out b/ql/src/test/results/clientpositive/authorization_role_grant1.q.out index e11b7e1..467cc2c 100644 --- a/ql/src/test/results/clientpositive/authorization_role_grant1.q.out +++ b/ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -16,8 +16,8 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -src_role2 -1 user2 USER false -1 hive_test_user PUBLIC -1 false -1 +src_role2 -1 user2 USER false -1 hive_test_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -61,8 +61,8 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -src_role_wadmin -1 user2 USER false -1 hive_test_user PUBLIC -1 false -1 +src_role_wadmin -1 user2 USER false -1 hive_test_user PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 with admin option PREHOOK: type: REVOKE_ROLE