Add SQL Grammar and tree Node for ALTER DEFAULT PRIVILEGES

Grammar/tree commit only, no logic. Will populate release note in commit implementing logic. Release note: None
cockroachdb · Jul 8, 2021 · bef4973 · bef4973
1 parent 36ed61e
commit bef4973
Show file tree

Hide file tree

Showing 9 changed files with 1,352 additions and 16 deletions.
diff --git a/docs/generated/sql/bnf/alter_ddl_stmt.bnf b/docs/generated/sql/bnf/alter_ddl_stmt.bnf
@@ -8,3 +8,4 @@ alter_ddl_stmt ::=
 	| alter_partition_stmt
 	| alter_schema_stmt
 	| alter_type_stmt
+	| alter_default_privileges_stmt
diff --git a/docs/generated/sql/bnf/alter_default_privileges_stmt.bnf b/docs/generated/sql/bnf/alter_default_privileges_stmt.bnf
@@ -0,0 +1,3 @@
+alter_default_privileges_stmt ::=
+	'ALTER' 'DEFAULT' 'PRIVILEGES' opt_for_role opt_in_schema abbreviated_grant_stmt
+	| 'ALTER' 'DEFAULT' 'PRIVILEGES' opt_for_role opt_in_schema abbreviated_revoke_stmt
diff --git a/docs/generated/sql/bnf/stmt_block.bnf b/docs/generated/sql/bnf/stmt_block.bnf
@@ -377,6 +377,7 @@ alter_ddl_stmt ::=
 	| alter_partition_stmt
 	| alter_schema_stmt
 	| alter_type_stmt
+	| alter_default_privileges_stmt
 
 alter_role_stmt ::=
 	'ALTER' role_or_group_or_user string_or_placeholder opt_role_options
@@ -885,6 +886,7 @@ unreserved_keyword ::=
 	| 'FORCE'
 	| 'FORCE_INDEX'
 	| 'FUNCTION'
+	| 'FUNCTIONS'
 	| 'GENERATED'
 	| 'GEOMETRYM'
 	| 'GEOMETRYZ'
@@ -1046,6 +1048,7 @@ unreserved_keyword ::=
 	| 'ROLES'
 	| 'ROLLBACK'
 	| 'ROLLUP'
+	| 'ROUTINES'
 	| 'ROWS'
 	| 'RULE'
 	| 'RUNNING'
@@ -1307,6 +1310,10 @@ alter_type_stmt ::=
 	| 'ALTER' 'TYPE' type_name 'SET' 'SCHEMA' schema_name
 	| 'ALTER' 'TYPE' type_name 'OWNER' 'TO' role_spec
 
+alter_default_privileges_stmt ::=
+	'ALTER' 'DEFAULT' 'PRIVILEGES' opt_for_role opt_in_schema abbreviated_grant_stmt
+	| 'ALTER' 'DEFAULT' 'PRIVILEGES' opt_for_role opt_in_schema abbreviated_revoke_stmt
+
 role_or_group_or_user ::=
 	'ROLE'
 	| 'USER'
@@ -1778,6 +1785,21 @@ opt_add_val_placement ::=
 	| 'AFTER' 'SCONST'
 	| 
 
+opt_for_role ::=
+	'FOR' role_or_group_or_user role_spec
+	| 
+
+opt_in_schema ::=
+	'IN' 'SCHEMA' qualifiable_schema_name
+	| 
+
+abbreviated_grant_stmt ::=
+	'GRANT' privileges 'ON' alter_default_privileges_target_object 'TO' name_list opt_with_grant_option
+
+abbreviated_revoke_stmt ::=
+	'REVOKE' privileges 'ON' alter_default_privileges_target_object 'FROM' name_list opt_drop_behavior
+	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' alter_default_privileges_target_object 'FROM' name_list opt_drop_behavior
+
 role_options ::=
 	( role_option ) ( ( role_option ) )*
 
@@ -2248,6 +2270,16 @@ survival_goal_clause ::=
 primary_region_clause ::=
 	'PRIMARY' 'REGION' opt_equal region_name
 
+alter_default_privileges_target_object ::=
+	'TABLES'
+	| 'SEQUENCES'
+	| 'TYPES'
+	| 'SCHEMAS'
+
+opt_with_grant_option ::=
+	'WITH' 'GRANT' 'OPTION'
+	| 
+
 role_option ::=
 	'CREATEROLE'
 	| 'NOCREATEROLE'

diff --git a/pkg/sql/alter_default_privileges.go b/pkg/sql/alter_default_privileges.go
@@ -0,0 +1,24 @@
+// Copyright 2021 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package sql
+
+import (
+	"context"
+
+	"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
+)
+
+func (p *planner) alterDefaultPrivileges(
+	ctx context.Context, n *tree.AlterDefaultPrivileges,
+) (planNode, error) {
+	// TODO: implement this.
+	return nil, nil
+}
diff --git a/pkg/sql/opaque.go b/pkg/sql/opaque.go
@@ -86,6 +86,8 @@ func planOpaque(ctx context.Context, p *planner, stmt tree.Statement) (planNode,
 		return p.AlterDatabasePrimaryRegion(ctx, n)
 	case *tree.AlterDatabaseSurvivalGoal:
 		return p.AlterDatabaseSurvivalGoal(ctx, n)
+	case *tree.AlterDefaultPrivileges:
+		return p.alterDefaultPrivileges(ctx, n)
 	case *tree.AlterIndex:
 		return p.AlterIndex(ctx, n)
 	case *tree.AlterSchema:
@@ -219,6 +221,7 @@ func init() {
 		&tree.AlterDatabaseOwner{},
 		&tree.AlterDatabasePrimaryRegion{},
 		&tree.AlterDatabaseSurvivalGoal{},
+		&tree.AlterDefaultPrivileges{},
 		&tree.AlterIndex{},
 		&tree.AlterSchema{},
 		&tree.AlterTable{},

diff --git a/pkg/sql/parser/sql.y b/pkg/sql/parser/sql.y
@@ -216,6 +216,9 @@ func (u *sqlSymUnion) strs() []string {
 func (u *sqlSymUnion) user() security.SQLUsername {
     return u.val.(security.SQLUsername)
 }
+func (u *sqlSymUnion) userPtr() *security.SQLUsername {
+    return u.val.(*security.SQLUsername)
+}
 func (u *sqlSymUnion) users() []security.SQLUsername {
     return u.val.([]security.SQLUsername)
 }
@@ -655,6 +658,18 @@ func (u *sqlSymUnion) objectNamePrefix() tree.ObjectNamePrefix {
 func (u *sqlSymUnion) objectNamePrefixList() tree.ObjectNamePrefixList {
     return u.val.(tree.ObjectNamePrefixList)
 }
+func (u *sqlSymUnion) abbreviatedGrant() tree.AbbreviatedGrant {
+  return u.val.(tree.AbbreviatedGrant)
+}
+func (u *sqlSymUnion) abbreviatedRevoke() tree.AbbreviatedRevoke {
+  return u.val.(tree.AbbreviatedRevoke)
+}
+func (u *sqlSymUnion) objectNamePrefixPtr() *tree.ObjectNamePrefix {
+  return u.val.(*tree.ObjectNamePrefix)
+}
+func (u *sqlSymUnion) alterDefaultPrivilegesTargetObject() tree.AlterDefaultPrivilegesTargetObject {
+  return u.val.(tree.AlterDefaultPrivilegesTargetObject)
+}
 %}
 
 // NB: the %token definitions must come before the %type definitions in this
@@ -704,7 +719,7 @@ func (u *sqlSymUnion) objectNamePrefixList() tree.ObjectNamePrefixList {
 
 %token <str> FAILURE FALSE FAMILY FETCH FETCHVAL FETCHTEXT FETCHVAL_PATH FETCHTEXT_PATH
 %token <str> FILES FILTER
-%token <str> FIRST FLOAT FLOAT4 FLOAT8 FLOORDIV FOLLOWING FOR FORCE FORCE_INDEX FOREIGN FROM FULL FUNCTION
+%token <str> FIRST FLOAT FLOAT4 FLOAT8 FLOORDIV FOLLOWING FOR FORCE FORCE_INDEX FOREIGN FROM FULL FUNCTION FUNCTIONS
 
 %token <str> GENERATED GEOGRAPHY GEOMETRY GEOMETRYM GEOMETRYZ GEOMETRYZM
 %token <str> GEOMETRYCOLLECTION GEOMETRYCOLLECTIONM GEOMETRYCOLLECTIONZ GEOMETRYCOLLECTIONZM
@@ -751,7 +766,7 @@ func (u *sqlSymUnion) objectNamePrefixList() tree.ObjectNamePrefixList {
 %token <str> REGCLASS REGION REGIONAL REGIONS REGPROC REGPROCEDURE REGNAMESPACE REGTYPE REINDEX
 %token <str> REMOVE_PATH RENAME REPEATABLE REPLACE REPLICATION
 %token <str> RELEASE RESET RESTORE RESTRICT RESUME RETURNING RETRY REVISION_HISTORY REVOKE RIGHT
-%token <str> ROLE ROLES ROLLBACK ROLLUP ROW ROWS RSHIFT RULE RUNNING
+%token <str> ROLE ROLES ROLLBACK ROLLUP ROUTINES ROW ROWS RSHIFT RULE RUNNING
 
 %token <str> SAVEPOINT SCANS SCATTER SCHEDULE SCHEDULES SCHEMA SCHEMAS SCRUB SEARCH SECOND SELECT SEQUENCE SEQUENCES
 %token <str> SERIALIZABLE SERVER SESSION SESSIONS SESSION_USER SET SETS SETTING SETTINGS
@@ -865,6 +880,9 @@ func (u *sqlSymUnion) objectNamePrefixList() tree.ObjectNamePrefixList {
 %type <tree.Statement> alter_sequence_set_schema_stmt
 %type <tree.Statement> alter_sequence_owner_stmt
 
+// ALTER DEFAULT PRIVILEGES
+%type <tree.Statement> alter_default_privileges_stmt
+
 %type <tree.Statement> backup_stmt
 %type <tree.Statement> begin_stmt
 
@@ -1302,6 +1320,14 @@ func (u *sqlSymUnion) objectNamePrefixList() tree.ObjectNamePrefixList {
 %type <tree.ScheduleState> schedule_state
 %type <tree.ScheduledJobExecutorType> opt_schedule_executor_type
 
+%type <tree.AbbreviatedGrant> abbreviated_grant_stmt
+%type <tree.AbbreviatedRevoke> abbreviated_revoke_stmt
+%type <bool> opt_with_grant_option
+%type <*security.SQLUsername> opt_for_role
+%type <*tree.ObjectNamePrefix>  opt_in_schema
+%type <tree.AlterDefaultPrivilegesTargetObject> alter_default_privileges_target_object
+
+
 // Precedence: lowest to highest
 %nonassoc  VALUES              // see value_clause
 %nonassoc  SET                 // see table_expr_opt_alias_idx
@@ -1413,15 +1439,16 @@ alter_stmt:
 | ALTER error         // SHOW HELP: ALTER
 
 alter_ddl_stmt:
-  alter_table_stmt     // EXTEND WITH HELP: ALTER TABLE
-| alter_index_stmt     // EXTEND WITH HELP: ALTER INDEX
-| alter_view_stmt      // EXTEND WITH HELP: ALTER VIEW
-| alter_sequence_stmt  // EXTEND WITH HELP: ALTER SEQUENCE
-| alter_database_stmt  // EXTEND WITH HELP: ALTER DATABASE
-| alter_range_stmt     // EXTEND WITH HELP: ALTER RANGE
-| alter_partition_stmt // EXTEND WITH HELP: ALTER PARTITION
-| alter_schema_stmt    // EXTEND WITH HELP: ALTER SCHEMA
-| alter_type_stmt      // EXTEND WITH HELP: ALTER TYPE
+  alter_table_stmt              // EXTEND WITH HELP: ALTER TABLE
+| alter_index_stmt              // EXTEND WITH HELP: ALTER INDEX
+| alter_view_stmt               // EXTEND WITH HELP: ALTER VIEW
+| alter_sequence_stmt           // EXTEND WITH HELP: ALTER SEQUENCE
+| alter_database_stmt           // EXTEND WITH HELP: ALTER DATABASE
+| alter_range_stmt              // EXTEND WITH HELP: ALTER RANGE
+| alter_partition_stmt          // EXTEND WITH HELP: ALTER PARTITION
+| alter_schema_stmt             // EXTEND WITH HELP: ALTER SCHEMA
+| alter_type_stmt               // EXTEND WITH HELP: ALTER TYPE
+| alter_default_privileges_stmt // EXTEND WITH HELP: ALTER DEFAULT PRIVILEGES
 
 // %Help: ALTER TABLE - change the definition of a table
 // %Category: DDL
@@ -2888,11 +2915,6 @@ alter_unsupported_stmt:
   {
     return unimplemented(sqllex, "alter aggregate")
   }
-| ALTER DEFAULT error
-  {
-    return unimplemented(sqllex, "alter default privileges")
-  }
-
 
 // %Help: IMPORT - load data from file in a distributed manner
 // %Category: CCL
@@ -7826,6 +7848,115 @@ alter_rename_index_stmt:
     $$.val = &tree.RenameIndex{Index: $5.newTableIndexName(), NewName: tree.UnrestrictedName($8), IfExists: true}
   }
 
+alter_default_privileges_stmt:
+ ALTER DEFAULT PRIVILEGES opt_for_role opt_in_schema abbreviated_grant_stmt
+ {
+   $$.val = &tree.AlterDefaultPrivileges{
+     Role: $4.userPtr(),
+     Schema: $5.objectNamePrefixPtr(),
+     Grant: $6.abbreviatedGrant(),
+     IsGrant: true,
+   }
+ }
+| ALTER DEFAULT PRIVILEGES opt_for_role opt_in_schema abbreviated_revoke_stmt
+ {
+   $$.val = &tree.AlterDefaultPrivileges{
+     Role: $4.userPtr(),
+     Schema: $5.objectNamePrefixPtr(),
+     Revoke: $6.abbreviatedRevoke(),
+     IsGrant: false,
+   }
+ }
+
+abbreviated_grant_stmt:
+  GRANT privileges ON alter_default_privileges_target_object TO name_list opt_with_grant_option
+  {
+    $$.val = tree.AbbreviatedGrant{
+      Privileges: $2.privilegeList(),
+      Target: $4.alterDefaultPrivilegesTargetObject(),
+      Grantees: $6.nameList(),
+      WithGrantOption: $7.bool(),
+    }
+  }
+
+opt_with_grant_option:
+ WITH GRANT OPTION
+  {
+    $$.val = true
+  }
+| /* EMPTY */
+  {
+    $$.val = false
+  }
+
+abbreviated_revoke_stmt:
+  REVOKE privileges ON alter_default_privileges_target_object FROM name_list opt_drop_behavior
+  {
+    $$.val = tree.AbbreviatedRevoke{
+      Privileges: $2.privilegeList(),
+      Target: $4.alterDefaultPrivilegesTargetObject(),
+      Grantees: $6.nameList(),
+      Drop: $7.dropBehavior(),
+    }
+  }
+| REVOKE GRANT OPTION FOR privileges ON alter_default_privileges_target_object FROM name_list opt_drop_behavior
+  {
+    $$.val = tree.AbbreviatedRevoke{
+      Privileges: $5.privilegeList(),
+      Target: $7.alterDefaultPrivilegesTargetObject(),
+      Grantees: $9.nameList(),
+      Drop: $10.dropBehavior(),
+      GrantOptionFor: true,
+    }
+  }
+
+alter_default_privileges_target_object:
+  TABLES
+  {
+    $$.val = tree.Tables
+  }
+| SEQUENCES
+  {
+    $$.val = tree.Sequences
+  }
+| TYPES
+  {
+    $$.val = tree.Types
+  }
+| SCHEMAS
+  {
+    $$.val = tree.Schemas
+  }
+| FUNCTIONS error
+  {
+    return unimplemented(sqllex, "ALTER DEFAULT PRIVILEGES ... ON FUNCTIONS ...")
+  }
+| ROUTINES error
+  {
+    return unimplemented(sqllex, "ALTER DEFAULT PRIVILEGES ... ON FUNCTIONS ...")
+  }
+
+opt_for_role:
+ FOR role_or_group_or_user role_spec
+ {
+   tmp := $3.user()
+   $$.val = &tmp
+ }
+| /* EMPTY */ {
+   $$.val = (*security.SQLUsername)(nil)
+}
+
+opt_in_schema:
+ IN SCHEMA qualifiable_schema_name
+ {
+   tmp := $3.objectNamePrefix()
+   $$.val = &tmp
+ }
+| /* EMPTY */
+ {
+   $$.val = (*tree.ObjectNamePrefix)(nil)
+ }
+
 opt_column:
   COLUMN {}
 | /* EMPTY */ {}
@@ -12634,6 +12765,7 @@ unreserved_keyword:
 | FORCE
 | FORCE_INDEX
 | FUNCTION
+| FUNCTIONS
 | GENERATED
 | GEOMETRYM
 | GEOMETRYZ
@@ -12795,6 +12927,7 @@ unreserved_keyword:
 | ROLES
 | ROLLBACK
 | ROLLUP
+| ROUTINES
 | ROWS
 | RULE
 | RUNNING