Skip to content

Commit

Permalink
Merge #107953
Browse files Browse the repository at this point in the history 
107953: sql: add show default privileges for grantee r=andyyang890,rafiss a=annrpom

Previously, `SHOW DEFAULT PRIVILEGES [FOR <ROLE|USER|ALL ROLES>]` statements were supported. However, support for finding default privileges for a grantee did not exist. This patch adds a new syntax for showing the default privileges that a grantee received.

Fixes: #107741
Epic: CRDB-25481

Release note (sql change): This adds a new syntax to `SHOW DEFAULT PRIVILEGES`, `SHOW DEFAULT PRIVILEGES FOR GRANTEE <grantee>`, that shows the default privileges that a grantee received.

Co-authored-by: Annie Pompa <[email protected]>
  • Loading branch information
@annrpom
craig[bot] and annrpom committed Aug 4, 2023
2 parents a20cf2d + 4f41f5e commit bc45d6b
Show file tree
Hide file tree
Showing 7 changed files with 326 additions and 191 deletions.
1 change: 1 addition & 0 deletions docs/generated/sql/bnf/show_default_privileges_stmt.bnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ show_default_privileges_stmt ::=
'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ROLE' role_spec_list ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) | )
| 'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'USER' role_spec_list ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) | )
| 'SHOW' 'DEFAULT' 'PRIVILEGES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) | )
| 'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'GRANTEE' role_spec_list ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) | )
| 'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) | )
3 changes: 3 additions & 0 deletions docs/generated/sql/bnf/stmt_block.bnf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -954,6 +954,7 @@ show_full_scans_stmt ::=

show_default_privileges_stmt ::=
'SHOW' 'DEFAULT' 'PRIVILEGES' opt_for_roles opt_in_schema
| 'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'GRANTEE' role_spec_list opt_in_schema
| 'SHOW' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' opt_in_schema

opt_table ::=
Expand Down Expand Up @@ -1145,6 +1146,7 @@ unreserved_keyword ::=
| 'GEOMETRYCOLLECTIONZM'
| 'GLOBAL'
| 'GOAL'
| 'GRANTEE'
| 'GRANTS'
| 'GROUPS'
| 'HASH'
Expand Down Expand Up @@ -3667,6 +3669,7 @@ bare_label_keywords ::=
| 'GEOMETRYZM'
| 'GLOBAL'
| 'GOAL'
| 'GRANTEE'
| 'GRANTS'
| 'GREATEST'
| 'GROUPING'
Expand Down
8 changes: 7 additions & 1 deletion pkg/sql/delegate/show_default_privileges.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,20 @@ func (d *delegator) delegateShowDefaultPrivileges(
if n.ForAllRoles {
query += " AND for_all_roles=true"
} else if len(n.Roles) > 0 {
targetCol := "grantee"
if !n.ForGrantee {
targetCol = "role"
query += " AND for_all_roles=false"
}

targetRoles, err := decodeusername.FromRoleSpecList(
d.evalCtx.SessionData(), username.PurposeValidation, n.Roles,
)
if err != nil {
return nil, err
}

query = fmt.Sprintf("%s AND for_all_roles=false AND role IN (", query)
query = fmt.Sprintf("%s AND %s IN (", query, targetCol)
for i, role := range targetRoles {
if i != 0 {
query += fmt.Sprintf(", '%s'", role.Normalized())
Expand Down
444 changes: 257 additions & 187 deletions pkg/sql/logictest/testdata/logic_test/show_default_privileges
View file

Large diffs are not rendered by default.

13 changes: 11 additions & 2 deletions pkg/sql/parser/sql.y
View file
Original file line number Diff line number Diff line change
Expand Up @@ -935,7 +935,7 @@ func (u *sqlSymUnion) showCreateFormatOption() tree.ShowCreateFormatOption {

%token <str> GENERATED GEOGRAPHY GEOMETRY GEOMETRYM GEOMETRYZ GEOMETRYZM
%token <str> GEOMETRYCOLLECTION GEOMETRYCOLLECTIONM GEOMETRYCOLLECTIONZ GEOMETRYCOLLECTIONZM
%token <str> GLOBAL GOAL GRANT GRANTS GREATEST GROUP GROUPING GROUPS
%token <str> GLOBAL GOAL GRANT GRANTEE GRANTS GREATEST GROUP GROUPING GROUPS

%token <str> HAVING HASH HEADER HIGH HISTOGRAM HOLD HOUR

Expand Down Expand Up @@ -7824,13 +7824,21 @@ show_databases_stmt:
// %Help: SHOW DEFAULT PRIVILEGES - list default privileges
// %Category: DDL
// %Text: SHOW DEFAULT PRIVILEGES
// %SeeAlso: WEBDOCS/show-default-privileges
show_default_privileges_stmt:
SHOW DEFAULT PRIVILEGES opt_for_roles opt_in_schema {
$$.val = &tree.ShowDefaultPrivileges{
Roles: $4.roleSpecList(),
Schema: tree.Name($5),
}
}
| SHOW DEFAULT PRIVILEGES FOR GRANTEE role_spec_list opt_in_schema {
$$.val = &tree.ShowDefaultPrivileges{
Roles: $6.roleSpecList(),
ForGrantee: true,
Schema: tree.Name($7),
}
}
| SHOW DEFAULT PRIVILEGES FOR ALL ROLES opt_in_schema {
$$.val = &tree.ShowDefaultPrivileges{
ForAllRoles: true,
Expand Down Expand Up @@ -9117,7 +9125,6 @@ for_grantee_clause:
$$.val = tree.RoleSpecList(nil)
}


// %Help: PAUSE - pause background tasks
// %Category: Group
// %Text: PAUSE JOBS, PAUSE SCHEDULES, PAUSE ALL JOBS
Expand Down Expand Up @@ -16655,6 +16662,7 @@ unreserved_keyword:
| GEOMETRYCOLLECTIONZM
| GLOBAL
| GOAL
| GRANTEE
| GRANTS
| GROUPS
| HASH
Expand Down Expand Up @@ -17166,6 +17174,7 @@ bare_label_keywords:
| GEOMETRYZM
| GLOBAL
| GOAL
| GRANTEE
| GRANTS
| GREATEST
| GROUPING
Expand Down
40 changes: 40 additions & 0 deletions pkg/sql/parser/testdata/show_default_privileges
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,38 @@ SHOW DEFAULT PRIVILEGES FOR ALL ROLES -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR ALL ROLES -- literals removed
SHOW DEFAULT PRIVILEGES FOR ALL ROLES -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo
----
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo -- normalized!
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo -- literals removed
SHOW DEFAULT PRIVILEGES FOR GRANTEE _ -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar
----
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- normalized!
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- literals removed
SHOW DEFAULT PRIVILEGES FOR GRANTEE _, _ -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES FOR GRANTEE fOo, baR
----
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- normalized!
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar -- literals removed
SHOW DEFAULT PRIVILEGES FOR GRANTEE _, _ -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES FOR GRANTEE "fOo", "baR"
----
SHOW DEFAULT PRIVILEGES FOR GRANTEE "fOo", "baR" -- normalized!
SHOW DEFAULT PRIVILEGES FOR GRANTEE "fOo", "baR" -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR GRANTEE "fOo", "baR" -- literals removed
SHOW DEFAULT PRIVILEGES FOR GRANTEE _, _ -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES IN SCHEMA s
----
Expand All @@ -69,3 +101,11 @@ SHOW DEFAULT PRIVILEGES FOR ALL ROLES IN SCHEMA s
SHOW DEFAULT PRIVILEGES FOR ALL ROLES IN SCHEMA s -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR ALL ROLES IN SCHEMA s -- literals removed
SHOW DEFAULT PRIVILEGES FOR ALL ROLES IN SCHEMA _ -- identifiers removed

parse
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar IN SCHEMA s
----
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar IN SCHEMA s
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar IN SCHEMA s -- fully parenthesized
SHOW DEFAULT PRIVILEGES FOR GRANTEE foo, bar IN SCHEMA s -- literals removed
SHOW DEFAULT PRIVILEGES FOR GRANTEE _, _ IN SCHEMA _ -- identifiers removed
8 changes: 7 additions & 1 deletion pkg/sql/sem/tree/show.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1323,6 +1323,7 @@ func (n *ShowSchedules) Format(ctx *FmtCtx) {
type ShowDefaultPrivileges struct {
Roles RoleSpecList
ForAllRoles bool
ForGrantee bool
// If Schema is not specified, SHOW DEFAULT PRIVILEGES is being
// run on the current database.
Schema Name
Expand All @@ -1334,7 +1335,12 @@ var _ Statement = &ShowDefaultPrivileges{}
func (n *ShowDefaultPrivileges) Format(ctx *FmtCtx) {
ctx.WriteString("SHOW DEFAULT PRIVILEGES ")
if len(n.Roles) > 0 {
ctx.WriteString("FOR ROLE ")
if n.ForGrantee {
ctx.WriteString("FOR GRANTEE ")
} else {
ctx.WriteString("FOR ROLE ")
}

for i := range n.Roles {
if i > 0 {
ctx.WriteString(", ")
Expand Down

0 comments on commit bc45d6b

Please sign in to comment.