Skip to content

Commit

Permalink
chore(query): forbiden revoke ownership statement (#14301)
Browse files Browse the repository at this point in the history
  • Loading branch information
@TCeason
TCeason authored Jan 12, 2024
1 parent ce79940 commit 873a4f9
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 94 deletions.
15 changes: 0 additions & 15 deletions src/query/ast/src/parser/statement.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1133,20 +1133,6 @@ pub fn statement(i: Input) -> IResult<StatementWithFormat> {
})
},
);
let revoke_ownership = map(
rule! {
REVOKE ~ OWNERSHIP ~ ON ~ #grant_ownership_level ~ FROM ~ ROLE ~ #role_name
},
|(_, _, _, level, _, _, role_name)| {
Statement::Revoke(RevokeStmt {
source: AccountMgrSource::Privs {
privileges: vec![UserPrivilegeType::Ownership],
level,
},
principal: PrincipalIdentity::Role(role_name),
})
},
);
let show_grants = map(
rule! {
SHOW ~ GRANTS ~ #show_grant_option?
Expand Down Expand Up @@ -1898,7 +1884,6 @@ pub fn statement(i: Input) -> IResult<StatementWithFormat> {
| #show_grants : "`SHOW GRANTS {FOR { ROLE <role_name> | USER <user> }] | ON {DATABASE <db_name> | TABLE <db_name>.<table_name>} }`"
| #revoke : "`REVOKE { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } FROM { [ROLE <role_name>] | [USER] <user> }`"
| #grant_ownership : "GRANT OWNERSHIP ON <privileges_level> TO ROLE <role_name>"
| #revoke_ownership : "REVOKE OWNERSHIP ON <privileges_level> FROM ROLE <role_name>"
),
rule!(
#presign: "`PRESIGN [{DOWNLOAD | UPLOAD}] <location> [EXPIRE = 3600]`"
Expand Down
4 changes: 1 addition & 3 deletions src/query/ast/tests/it/parser.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -547,9 +547,6 @@ fn test_statement() {
"GRANT OWNERSHIP ON d20_0014.* TO ROLE 'd20_0015_owner';",
"GRANT OWNERSHIP ON d20_0014.t TO ROLE 'd20_0015_owner';",
"GRANT OWNERSHIP ON STAGE s1 TO ROLE 'd20_0015_owner';",
"REVOKE OWNERSHIP ON STAGE s1 FROM ROLE 'd20_0015_owner';",
"REVOKE OWNERSHIP ON d20_0014.* FROM ROLE 'd20_0015_owner';",
"REVOKE OWNERSHIP ON UDF f1 FROM ROLE 'd20_0015_owner';",
"GRANT OWNERSHIP ON UDF f1 TO ROLE 'd20_0015_owner';",
];

Expand Down Expand Up @@ -644,6 +641,7 @@ fn test_statement_error() {
"GRANT OWNERSHIP ON d20_0014.* TO USER A;",
"REVOKE OWNERSHIP, SELECT ON d20_0014.* FROM ROLE 'd20_0015_owner';",
"REVOKE OWNERSHIP ON d20_0014.* FROM USER A;",
"REVOKE OWNERSHIP ON d20_0014.* FROM ROLE A;",
"GRANT OWNERSHIP ON *.* TO ROLE 'd20_0015_owner';",
];

Expand Down
22 changes: 14 additions & 8 deletions src/query/ast/tests/it/testdata/statement-error.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -784,24 +784,30 @@ error:
REVOKE OWNERSHIP, SELECT ON d20_0014.* FROM ROLE 'd20_0015_owner';
---------- Output ---------
error:
--> SQL:1:17
--> SQL:1:8
|
1 | REVOKE OWNERSHIP, SELECT ON d20_0014.* FROM ROLE 'd20_0015_owner';
| ------ ^ unexpected `,`, expecting `ON`
| |
| while parsing REVOKE OWNERSHIP ON <privileges_level> FROM ROLE <role_name>
| ^^^^^^^^^ unexpected `OWNERSHIP`, expecting `INSERT`, `ALTER`, `SUPER`, `ROLE`, `WRITE`, `SET`, `SELECT`, `UPDATE`, `DELETE`, `REFERENCE_USAGE`, `DROP`, `READ`, `USAGE`, `GRANT`, `CREATE`, or `ALL`


---------- Input ----------
REVOKE OWNERSHIP ON d20_0014.* FROM USER A;
---------- Output ---------
error:
--> SQL:1:37
--> SQL:1:8
|
1 | REVOKE OWNERSHIP ON d20_0014.* FROM USER A;
| ------ ^^^^ unexpected `USER`, expecting `ROLE`
| |
| while parsing REVOKE OWNERSHIP ON <privileges_level> FROM ROLE <role_name>
| ^^^^^^^^^ unexpected `OWNERSHIP`, expecting `INSERT`, `ALTER`, `SUPER`, `ROLE`, `WRITE`, `SET`, `SELECT`, `UPDATE`, `DELETE`, `REFERENCE_USAGE`, `DROP`, `READ`, `USAGE`, `GRANT`, `CREATE`, or `ALL`


---------- Input ----------
REVOKE OWNERSHIP ON d20_0014.* FROM ROLE A;
---------- Output ---------
error:
--> SQL:1:8
|
1 | REVOKE OWNERSHIP ON d20_0014.* FROM ROLE A;
| ^^^^^^^^^ unexpected `OWNERSHIP`, expecting `INSERT`, `ALTER`, `SUPER`, `ROLE`, `WRITE`, `SET`, `SELECT`, `UPDATE`, `DELETE`, `REFERENCE_USAGE`, `DROP`, `READ`, `USAGE`, `GRANT`, `CREATE`, or `ALL`


---------- Input ----------
Expand Down
68 changes: 0 additions & 68 deletions src/query/ast/tests/it/testdata/statement.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14797,74 +14797,6 @@ Grant(
)


---------- Input ----------
REVOKE OWNERSHIP ON STAGE s1 FROM ROLE 'd20_0015_owner';
---------- Output ---------
REVOKE OWNERSHIP ON STAGE s1 FROM ROLE d20_0015_owner
---------- AST ------------
Revoke(
RevokeStmt {
source: Privs {
privileges: [
Ownership,
],
level: Stage(
"s1",
),
},
principal: Role(
"d20_0015_owner",
),
},
)


---------- Input ----------
REVOKE OWNERSHIP ON d20_0014.* FROM ROLE 'd20_0015_owner';
---------- Output ---------
REVOKE OWNERSHIP ON d20_0014.* FROM ROLE d20_0015_owner
---------- AST ------------
Revoke(
RevokeStmt {
source: Privs {
privileges: [
Ownership,
],
level: Database(
Some(
"d20_0014",
),
),
},
principal: Role(
"d20_0015_owner",
),
},
)


---------- Input ----------
REVOKE OWNERSHIP ON UDF f1 FROM ROLE 'd20_0015_owner';
---------- Output ---------
REVOKE OWNERSHIP ON UDF f1 FROM ROLE d20_0015_owner
---------- AST ------------
Revoke(
RevokeStmt {
source: Privs {
privileges: [
Ownership,
],
level: UDF(
"f1",
),
},
principal: Role(
"d20_0015_owner",
),
},
)


---------- Input ----------
GRANT OWNERSHIP ON UDF f1 TO ROLE 'd20_0015_owner';
---------- Output ---------
Expand Down

0 comments on commit 873a4f9

Please sign in to comment.