Skip to content

Commit

Permalink
migrate revoke to planner v2
Browse files Browse the repository at this point in the history
  • Loading branch information
TCeason committed Jun 20, 2022
1 parent be7f251 commit d9730ae
Show file tree
Hide file tree
Showing 21 changed files with 476 additions and 215 deletions.
61 changes: 61 additions & 0 deletions common/ast/src/ast/statement.rs
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ pub enum Statement<'a> {
ShowGrants {
principal: Option<PrincipalIdentity>,
},
Revoke(GrantStatement),

// UDF
CreateUDF {
Expand Down Expand Up @@ -1088,6 +1089,8 @@ impl<'a> Display for Statement<'a> {
GrantLevel::Database(database_name) => {
if let Some(database_name) = database_name {
write!(f, " {database_name}.*")?;
} else {
write!(f, " *")?;
}
}
GrantLevel::Table(database_name, table_name) => {
Expand Down Expand Up @@ -1134,6 +1137,64 @@ impl<'a> Display for Statement<'a> {
}
}
}
Statement::Revoke(GrantStatement { source, principal }) => {
write!(f, "REVOKE")?;
match source {
GrantSource::Role { role } => write!(f, " ROLE {role}")?,
GrantSource::Privs { privileges, level } => {
write!(
f,
" {}",
privileges
.iter()
.map(|p| p.to_string())
.collect::<Vec<_>>()
.join(", ")
)?;
write!(f, " ON")?;
match level {
GrantLevel::Global => write!(f, " *.*")?,
GrantLevel::Database(database_name) => {
if let Some(database_name) = database_name {
write!(f, " {database_name}.*")?;
} else {
write!(f, " *")?;
}
}
GrantLevel::Table(database_name, table_name) => {
if let Some(database_name) = database_name {
write!(f, " {database_name}.{table_name}")?;
}
}
}
}
GrantSource::ALL { level, .. } => {
write!(f, " ALL PRIVILEGES")?;
write!(f, " ON")?;
match level {
GrantLevel::Global => write!(f, " *.*")?,
GrantLevel::Database(database_name) => {
if let Some(database_name) = database_name {
write!(f, " {database_name}.*")?;
} else {
write!(f, " *")?;
}
}
GrantLevel::Table(database_name, table_name) => {
if let Some(database_name) = database_name {
write!(f, " {database_name}.{table_name}")?;
}
}
}
}
}

write!(f, " FROM")?;
match principal {
PrincipalIdentity::User(user) => write!(f, " USER {user}")?,
PrincipalIdentity::Role(role) => write!(f, " ROLE {role}")?,
}
}
Statement::CreateUDF {
if_not_exists,
udf_name,
Expand Down
17 changes: 15 additions & 2 deletions common/ast/src/parser/statement.rs
Original file line number Diff line number Diff line change
Expand Up @@ -434,7 +434,7 @@ pub fn statement(i: Input) -> IResult<Statement> {
role_name,
},
);
let grant_priv = map(
let grant = map(
rule! {
GRANT ~ #grant_source ~ TO ~ #grant_option
},
Expand All @@ -453,6 +453,17 @@ pub fn statement(i: Input) -> IResult<Statement> {
principal: opt_principal.map(|(_, principal)| principal),
},
);
let revoke = map(
rule! {
REVOKE ~ #grant_source ~ FROM ~ #grant_option
},
|(_, source, _, grant_option)| {
Statement::Revoke(GrantStatement {
source,
principal: grant_option,
})
},
);
let create_udf = map(
rule! {
CREATE ~ FUNCTION ~ ( IF ~ NOT ~ EXISTS )?
Expand Down Expand Up @@ -663,8 +674,10 @@ pub fn statement(i: Input) -> IResult<Statement> {
| #drop_stage: "`DROP STAGE <stage_name>`"
),
rule!(
#grant_priv : "`GRANT { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } TO { [ROLE <role_name>] | [USER] <user> }`"
#grant : "`GRANT { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } TO { [ROLE <role_name>] | [USER] <user> }`"
| #show_grants : "`SHOW GRANTS [FOR { ROLE <role_name> | [USER] <user> }]`"
| #revoke : "`REVOKE { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } FROM { [ROLE <role_name>] | [USER] <user> }`"

),
));

Expand Down
2 changes: 2 additions & 0 deletions common/ast/src/parser/token.rs
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,8 @@ pub enum TokenKind {
PRIVILEGES,
#[token("REMOVE", ignore(ascii_case))]
REMOVE,
#[token("REVOKE", ignore(ascii_case))]
REVOKE,
#[token("GRANTS", ignore(ascii_case))]
GRANTS,
#[token("RIGHT", ignore(ascii_case))]
Expand Down
3 changes: 3 additions & 0 deletions common/ast/tests/it/parser.rs
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ fn test_statement() {
r#"SHOW GRANTS FOR 'test-grant'@'localhost';"#,
r#"SHOW GRANTS FOR USER 'test-grant'@'localhost';"#,
r#"SHOW GRANTS FOR ROLE 'role1';"#,
r#"REVOKE SELECT, CREATE ON * FROM 'test-grant'@'localhost';"#,
];

for case in cases {
Expand Down Expand Up @@ -187,6 +188,8 @@ fn test_statement_error() {
r#"GRANT SELECT, ALL PRIVILEGES, CREATE ON * TO 'test-grant'@'localhost';"#,
r#"GRANT SELECT, CREATE ON *.c TO 'test-grant'@'localhost';"#,
r#"SHOW GRANT FOR ROLE role1;"#,
r#"REVOKE SELECT, CREATE, ALL PRIVILEGES ON * FROM 'test-grant'@'localhost';"#,
r#"REVOKE SELECT, CREATE ON * TO 'test-grant'@'localhost';"#,
];

for case in cases {
Expand Down
25 changes: 25 additions & 0 deletions common/ast/tests/it/testdata/statement-error.txt
Original file line number Diff line number Diff line change
Expand Up @@ -225,3 +225,28 @@ error:
| ^^^^^ expected `SETTINGS`, `STAGES`, `PROCESSLIST`, `METRICS`, `FUNCTIONS`, `DATABASES`, or 8 more ...


---------- Input ----------
REVOKE SELECT, CREATE, ALL PRIVILEGES ON * FROM 'test-grant'@'localhost';
---------- Output ---------
error:
--> SQL:1:24
|
1 | REVOKE SELECT, CREATE, ALL PRIVILEGES ON * FROM 'test-grant'@'localhost';
| ------ ------ ^^^ expected `USAGE`, `SELECT`, `INSERT`, `UPDATE`, `DELETE`, `CREATE`, or 5 more ...
| | |
| | while parsing <privileges> ON <privileges_level>
| while parsing `REVOKE { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } FROM { [ROLE <role_name>] | [USER] <user> }`


---------- Input ----------
REVOKE SELECT, CREATE ON * TO 'test-grant'@'localhost';
---------- Output ---------
error:
--> SQL:1:28
|
1 | REVOKE SELECT, CREATE ON * TO 'test-grant'@'localhost';
| ------ ^^ expected `FROM` or `.`
| |
| while parsing `REVOKE { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } FROM { [ROLE <role_name>] | [USER] <user> }`


32 changes: 29 additions & 3 deletions common/ast/tests/it/testdata/statement.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3355,7 +3355,7 @@ CreateTable(
---------- Input ----------
GRANT SELECT, CREATE ON * TO 'test-grant'@'localhost';
---------- Output ---------
GRANT SELECT, CREATE ON TO USER 'test-grant'@'localhost'
GRANT SELECT, CREATE ON * TO USER 'test-grant'@'localhost'
---------- AST ------------
Grant(
GrantStatement {
Expand All @@ -3381,7 +3381,7 @@ Grant(
---------- Input ----------
GRANT SELECT, CREATE ON * TO USER 'test-grant'@'localhost';
---------- Output ---------
GRANT SELECT, CREATE ON TO USER 'test-grant'@'localhost'
GRANT SELECT, CREATE ON * TO USER 'test-grant'@'localhost'
---------- AST ------------
Grant(
GrantStatement {
Expand All @@ -3407,7 +3407,7 @@ Grant(
---------- Input ----------
GRANT SELECT, CREATE ON * TO ROLE 'role1';
---------- Output ---------
GRANT SELECT, CREATE ON TO ROLE role1
GRANT SELECT, CREATE ON * TO ROLE role1
---------- AST ------------
Grant(
GrantStatement {
Expand Down Expand Up @@ -3779,3 +3779,29 @@ ShowGrants {
}


---------- Input ----------
REVOKE SELECT, CREATE ON * FROM 'test-grant'@'localhost';
---------- Output ---------
REVOKE SELECT, CREATE ON * FROM USER 'test-grant'@'localhost'
---------- AST ------------
Revoke(
GrantStatement {
source: Privs {
privileges: [
Select,
Create,
],
level: Database(
None,
),
},
principal: User(
UserIdentity {
username: "test-grant",
hostname: "localhost",
},
),
},
)


1 change: 1 addition & 0 deletions common/meta/types/src/user_privilege.rs
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ const ALL_PRIVILEGES: BitFlags<UserPrivilegeType> = make_bitflags!(
| CreateUser
| CreateRole
| Grant
| CreateStage
| Set
}
);
Expand Down
8 changes: 8 additions & 0 deletions query/src/interpreters/interpreter_factory_v2.rs
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ impl InterpreterFactoryV2 {
| DfStatement::GrantPrivilege(_)
| DfStatement::GrantRole(_)
| DfStatement::ShowGrants(_)
| DfStatement::RevokeRole(_)
| DfStatement::RevokePrivilege(_)
)
}

Expand Down Expand Up @@ -216,6 +218,12 @@ impl InterpreterFactoryV2 {
Plan::ShowGrants(show_grants) => {
ShowGrantsInterpreter::try_create(ctx.clone(), *show_grants.clone())
}
Plan::RevokePriv(revoke_priv) => {
RevokePrivilegeInterpreter::try_create(ctx.clone(), *revoke_priv.clone())
}
Plan::RevokeRole(revoke_role) => {
RevokeRoleInterpreter::try_create(ctx.clone(), *revoke_role.clone())
}
}?;

Ok(Arc::new(InterceptorInterpreter::create(
Expand Down
Loading

0 comments on commit d9730ae

Please sign in to comment.