github.com/cockroachdb/cockroachdb-parser@v0.23.3-0.20240213214944-911057d40c9a/pkg/sql/privilege/kind.go (about) 1 // Copyright 2023 The Cockroach Authors. 2 // 3 // Use of this software is governed by the Business Source License 4 // included in the file licenses/BSL.txt. 5 // 6 // As of the Change Date specified in that file, in accordance with 7 // the Business Source License, use of this software will be governed 8 // by the Apache License, Version 2.0, included in the file 9 // licenses/APL.txt. 10 11 package privilege 12 13 import ( 14 "strings" 15 16 "github.com/cockroachdb/errors" 17 "github.com/cockroachdb/redact" 18 ) 19 20 // Kind defines a privilege. This is output by the parser, and used to 21 // generate the privilege bitfields in the PrivilegeDescriptor. 22 type Kind uint32 23 24 // List of privileges. ALL is specifically encoded so that it will automatically 25 // pick up new privileges. 26 // Do not change values of privileges. These correspond to the position 27 // of the privilege in a bit field and are expected to stay constant. 28 const ( 29 ALL Kind = 1 30 CREATE Kind = 2 31 DROP Kind = 3 32 // This is a placeholder to make sure that 4 is not reused. 33 // 34 // It was previously used for the GRANT privilege that has been replaced 35 // with the more granular Privilege.GrantOption. 36 _ Kind = 4 37 SELECT Kind = 5 38 INSERT Kind = 6 39 DELETE Kind = 7 40 UPDATE Kind = 8 41 USAGE Kind = 9 42 ZONECONFIG Kind = 10 43 CONNECT Kind = 11 44 RULE Kind = 12 45 MODIFYCLUSTERSETTING Kind = 13 46 EXTERNALCONNECTION Kind = 14 47 VIEWACTIVITY Kind = 15 48 VIEWACTIVITYREDACTED Kind = 16 49 VIEWCLUSTERSETTING Kind = 17 50 CANCELQUERY Kind = 18 51 NOSQLLOGIN Kind = 19 52 EXECUTE Kind = 20 53 VIEWCLUSTERMETADATA Kind = 21 54 VIEWDEBUG Kind = 22 55 BACKUP Kind = 23 56 RESTORE Kind = 24 57 EXTERNALIOIMPLICITACCESS Kind = 25 58 CHANGEFEED Kind = 26 59 VIEWJOB Kind = 27 60 MODIFYSQLCLUSTERSETTING Kind = 28 61 REPLICATION Kind = 29 62 MANAGEVIRTUALCLUSTER Kind = 30 63 VIEWSYSTEMTABLE Kind = 31 64 CREATEROLE Kind = 32 65 CREATELOGIN Kind = 33 66 CREATEDB Kind = 34 67 CONTROLJOB Kind = 35 68 REPAIRCLUSTERMETADATA Kind = 36 69 largestKind = REPAIRCLUSTERMETADATA 70 ) 71 72 var isDeprecatedKind = map[Kind]bool{ 73 4: true, 74 } 75 76 // KindInternalKey is the value stored in system tables, etc, that represent the 77 // privilege internally. It is not visible to end-users. 78 type KindInternalKey string 79 80 func (k Kind) InternalKey() KindInternalKey { 81 switch k { 82 case ALL: 83 return "ALL" 84 case CREATE: 85 return "CREATE" 86 case DROP: 87 return "DROP" 88 case SELECT: 89 return "SELECT" 90 case INSERT: 91 return "INSERT" 92 case DELETE: 93 return "DELETE" 94 case UPDATE: 95 return "UPDATE" 96 case USAGE: 97 return "USAGE" 98 case ZONECONFIG: 99 return "ZONECONFIG" 100 case CONNECT: 101 return "CONNECT" 102 case RULE: 103 return "RULE" 104 case MODIFYCLUSTERSETTING: 105 return "MODIFYCLUSTERSETTING" 106 case EXTERNALCONNECTION: 107 return "EXTERNALCONNECTION" 108 case VIEWACTIVITY: 109 return "VIEWACTIVITY" 110 case VIEWACTIVITYREDACTED: 111 return "VIEWACTIVITYREDACTED" 112 case VIEWCLUSTERSETTING: 113 return "VIEWCLUSTERSETTING" 114 case CANCELQUERY: 115 return "CANCELQUERY" 116 case NOSQLLOGIN: 117 return "NOSQLLOGIN" 118 case EXECUTE: 119 return "EXECUTE" 120 case VIEWCLUSTERMETADATA: 121 return "VIEWCLUSTERMETADATA" 122 case VIEWDEBUG: 123 return "VIEWDEBUG" 124 case BACKUP: 125 return "BACKUP" 126 case RESTORE: 127 return "RESTORE" 128 case EXTERNALIOIMPLICITACCESS: 129 return "EXTERNALIOIMPLICITACCESS" 130 case CHANGEFEED: 131 return "CHANGEFEED" 132 case VIEWJOB: 133 return "VIEWJOB" 134 case MODIFYSQLCLUSTERSETTING: 135 return "MODIFYSQLCLUSTERSETTING" 136 case REPLICATION: 137 return "REPLICATION" 138 case MANAGEVIRTUALCLUSTER: 139 // This Kind was renamed during 23.2 cycle. 140 return "MANAGETENANT" 141 case VIEWSYSTEMTABLE: 142 return "VIEWSYSTEMTABLE" 143 case CREATEROLE: 144 return "CREATEROLE" 145 case CREATELOGIN: 146 return "CREATELOGIN" 147 case CREATEDB: 148 return "CREATEDB" 149 case CONTROLJOB: 150 return "CONTROLJOB" 151 case REPAIRCLUSTERMETADATA: 152 return "REPAIRCLUSTERMETADATA" 153 default: 154 panic(errors.AssertionFailedf("unhandled kind: %d", int(k))) 155 } 156 } 157 158 // KindDisplayName is the string representation of privileges 159 // displayed to end users and recognized by the parser. The name can 160 // be different from the key (e.g. when we choose a better name). 161 type KindDisplayName string 162 163 // DisplayName reports the display name for a privilege. 164 func (k Kind) DisplayName() KindDisplayName { 165 switch k { 166 case MANAGEVIRTUALCLUSTER: 167 return "MANAGEVIRTUALCLUSTER" 168 default: 169 // Unless we have an exception above, the internal 170 // key is also a valid display name. 171 return KindDisplayName(k.InternalKey()) 172 } 173 } 174 175 // SafeValue implements the redact.SafeValuer interface. 176 func (KindDisplayName) SafeValue() {} 177 178 // SafeValue implements the redact.SafeValuer interface. 179 func (KindInternalKey) SafeValue() {} 180 181 // SafeFormat implements the redact.SafeFormatter interface. 182 func (k Kind) SafeFormat(p redact.SafePrinter, _ rune) { 183 p.Print(k.DisplayName()) 184 } 185 186 // KeyToName converts a privilege key to its name. 187 func KeyToName(key string) (string, error) { 188 kind, ok := ByInternalKey[KindInternalKey(strings.ToUpper(key))] 189 if !ok { 190 return "", errors.Errorf("not a valid privilege: %q", key) 191 } 192 return string(kind.DisplayName()), nil 193 } 194 195 // ByDisplayName is a map of display name -> kind value. It is populated by 196 // init. All names use upper case. 197 // 198 // Note that all internal keys are also added into this map to allow for 199 // backward-compatibility. 200 var ByDisplayName map[KindDisplayName]Kind 201 202 // ByInternalKey is a map of internal key -> kind value. It is populated by 203 // init. All keys use upper case. 204 var ByInternalKey map[KindInternalKey]Kind 205 206 func init() { 207 AllPrivileges = make([]Kind, 0, largestKind) 208 ByDisplayName = make(map[KindDisplayName]Kind) 209 ByInternalKey = make(map[KindInternalKey]Kind) 210 211 for kind := ALL; kind <= largestKind; kind++ { 212 if isDeprecatedKind[kind] { 213 continue 214 } 215 AllPrivileges = append(AllPrivileges, kind) 216 ByInternalKey[kind.InternalKey()] = kind 217 218 ByDisplayName[kind.DisplayName()] = kind 219 // It should also be possible to look up a privilege using its internal 220 // key. 221 ByDisplayName[KindDisplayName(kind.InternalKey())] = kind 222 } 223 }