Index: ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java =================================================================== --- ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (revision 1567718) +++ ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (working copy) @@ -921,6 +921,8 @@ writeToFile(writeRoleInfo(roles, testMode), roleDDLDesc.getResFile()); } else if (operation.equals(RoleDDLDesc.RoleOperation.SHOW_ROLES)) { List roleNames = db.getAllRoleNames(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roleNames); Path resFile = new Path(roleDDLDesc.getResFile()); FileSystem fs = resFile.getFileSystem(conf); outStream = fs.create(resFile); @@ -3088,6 +3090,9 @@ return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(privileges); + for (HiveObjectPrivilege privilege : privileges) { HiveObjectRef resource = privilege.getHiveObject(); PrivilegeGrantInfo grantInfo = privilege.getGrantInfo(); @@ -3111,6 +3116,8 @@ return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roles); for (Role role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, testMode ? -1 : role.getCreateTime() * 1000L); @@ -3128,6 +3135,8 @@ return ""; } StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roles); for (HiveRole role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, testMode ? -1 : role.getCreateTime() * 1000L); Index: ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java =================================================================== --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java (revision 1567718) +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java (working copy) @@ -21,10 +21,12 @@ import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.metastore.api.Role; +import com.google.common.collect.ComparisonChain; + // same with thrift.Role @LimitedPrivate(value = { "" }) @Evolving -public class HiveRole { +public class HiveRole implements Comparable { private String roleName; private int createTime; @@ -111,4 +113,22 @@ public void setGrantor(String grantor) { this.grantor = grantor; } + + @Override + public int compareTo(HiveRole other) { + if(other == null){ + return 1; + } + return ComparisonChain.start().compare(roleName, other.roleName) + .compare(createTime, other.createTime) + .compare(principalName, other.principalName) + .compare(principalType, other.principalType) + .compare(grantOption, other.grantOption) + .compare(grantTime, other.grantTime) + .compare(grantor, other.grantor) + .result(); + + } + + } Index: ql/src/test/results/clientpositive/authorization_1_sql_std.q.out =================================================================== --- ql/src/test/results/clientpositive/authorization_1_sql_std.q.out (revision 1567718) +++ ql/src/test/results/clientpositive/authorization_1_sql_std.q.out (working copy) @@ -46,8 +46,8 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user_sauth POSTHOOK: type: SHOW_ROLE_GRANT +PUBLIC -1 false -1 src_role -1 user_sauth USER false -1 hive_admin_user -PUBLIC -1 false -1 PREHOOK: query: --table grant to role grant select on table src_autho_test to role src_role Index: ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out =================================================================== --- ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out (revision 1567718) +++ ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out (working copy) @@ -74,8 +74,8 @@ POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev POSTHOOK: type: SHOW_GRANT default table_priv_rev user2 USER INSERT false -1 user1 +default table_priv_rev user2 USER SELECT true -1 user1 default table_priv_rev user2 USER UPDATE false -1 user1 -default table_priv_rev user2 USER SELECT true -1 user1 PREHOOK: query: -- grant delete privilege to user2 GRANT DELETE ON table_priv_rev TO USER user2 PREHOOK: type: GRANT_PRIVILEGE @@ -90,8 +90,8 @@ POSTHOOK: type: SHOW_GRANT default table_priv_rev user2 USER DELETE false -1 user1 default table_priv_rev user2 USER INSERT false -1 user1 +default table_priv_rev user2 USER SELECT true -1 user1 default table_priv_rev user2 USER UPDATE false -1 user1 -default table_priv_rev user2 USER SELECT true -1 user1 PREHOOK: query: -- start revoking -- -- revoke update privilege from user2 REVOKE UPDATE ON TABLE table_priv_rev FROM USER user2 Index: ql/src/test/results/clientpositive/authorization_role_grant1.q.out =================================================================== --- ql/src/test/results/clientpositive/authorization_role_grant1.q.out (revision 1567718) +++ ql/src/test/results/clientpositive/authorization_role_grant1.q.out (working copy) @@ -18,8 +18,8 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT +PUBLIC -1 false -1 src_role2 -1 user2 USER false -1 hive_admin_user -PUBLIC -1 false -1 PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -67,8 +67,8 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT +PUBLIC -1 false -1 src_role_wadmin -1 user2 USER true -1 hive_admin_user -PUBLIC -1 false -1 PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 PREHOOK: type: REVOKE_ROLE