Merge branch 'policies'

Fixes #103

Author: nene

src/cst/AlterAction.ts

@@ -163,6 +163,8 @@ export type AlterTriggerAction =
   | AlterActionDependsOnExtension
   | AlterActionNoDependsOnExtension;
 
+export type AlterPolicyAction = AlterActionRename;
+
 export interface AlterActionRename extends BaseNode {
   type: "alter_action_rename";
   renameKw: Keyword<"RENAME"> | [Keyword<"RENAME">, Keyword<"TO" | "AS">];

src/cst/Dcl.ts

@@ -266,7 +266,7 @@ export interface RevokeRoleStmt extends BaseNode {
   behaviorKw?: Keyword<"CASCADE" | "RESTRICT">;
 }
 
-type Grantee = Identifier | FuncCall | GranteeGroup | GranteePublic;
+export type Grantee = Identifier | FuncCall | GranteeGroup | GranteePublic;
 
 export interface GranteeGroup extends BaseNode {
   type: "grantee_group";

src/cst/Node.ts

@@ -21,6 +21,7 @@ export * from "./Merge";
 export * from "./dialects/Mysql";
 export * from "./dialects/Postgresql";
 export * from "./OtherClauses";
+export * from "./Policy";
 export * from "./PreparedStatements";
 export * from "./ProcClause";
 export * from "./Procedure";
@@ -60,6 +61,7 @@ import { AllInsertNodes } from "./Insert";
 import { AllMergeNodes } from "./Merge";
 import { AllMysqlNodes } from "./dialects/Mysql";
 import { AllOtherClauses } from "./OtherClauses";
+import { AllPolicyNodes } from "./Policy";
 import { AllPostgresqlNodes } from "./dialects/Postgresql";
 import { AllPreparedStatementNodes } from "./PreparedStatements";
 import { AllProcClauseNodes } from "./ProcClause";
@@ -99,6 +101,7 @@ export type Node =
   | AllMysqlNodes
   | AllOtherClauses
   | AllPostgresqlNodes
+  | AllPolicyNodes
   | AllPreparedStatementNodes
   | AllProcClauseNodes
   | AllProceduralNodes

src/cst/Policy.ts

@@ -0,0 +1,90 @@
+import { AlterPolicyAction } from "./AlterAction";
+import { BaseNode, Keyword } from "./Base";
+import { Grantee } from "./Dcl";
+import { Identifier, EntityName, Expr, ParenExpr, ListExpr } from "./Expr";
+
+export type AllPolicyNodes = AllPolicyStatements | CreatePolicyClause;
+
+export type AllPolicyStatements =
+  | CreatePolicyStmt
+  | AlterPolicyStmt
+  | DropPolicyStmt;
+
+// CREATE POLICY name ON table
+export interface CreatePolicyStmt extends BaseNode {
+  type: "create_policy_stmt";
+  createPolicyKw: [Keyword<"CREATE">, Keyword<"POLICY">];
+  name: Identifier;
+  onKw: Keyword<"ON">;
+  table: EntityName;
+  clauses: CreatePolicyClause[];
+}
+
+export type CreatePolicyClause =
+  | PolicyPermissiveClause
+  | PolicyRestrictiveClause
+  | PolicyCommandClause
+  | PolicyRolesClause
+  | PolicyUsingClause
+  | PolicyCheckClause;
+
+export interface PolicyPermissiveClause extends BaseNode {
+  type: "policy_permissive_clause";
+  asKw: Keyword<"AS">;
+  permissiveKw: Keyword<"PERMISSIVE">;
+}
+
+export interface PolicyRestrictiveClause extends BaseNode {
+  type: "policy_restrictive_clause";
+  asKw: Keyword<"AS">;
+  restrictiveKw: Keyword<"RESTRICTIVE">;
+}
+
+export interface PolicyCommandClause extends BaseNode {
+  type: "policy_command_clause";
+  forKw: Keyword<"FOR">;
+  commandKw: Keyword<"ALL" | "SELECT" | "INSERT" | "UPDATE" | "DELETE">;
+}
+
+export interface PolicyRolesClause extends BaseNode {
+  type: "policy_roles_clause";
+  toKw: Keyword<"TO">;
+  roles: ListExpr<Grantee>;
+}
+
+export interface PolicyUsingClause extends BaseNode {
+  type: "policy_using_clause";
+  usingKw: Keyword<"USING">;
+  expr: ParenExpr<Expr>;
+}
+
+export interface PolicyCheckClause extends BaseNode {
+  type: "policy_check_clause";
+  withKw: Keyword<"WITH">;
+  checkKw: Keyword<"CHECK">;
+  expr: ParenExpr<Expr>;
+}
+
+export interface AlterPolicyStmt extends BaseNode {
+  type: "alter_policy_stmt";
+  alterPolicyKw: [Keyword<"ALTER">, Keyword<"POLICY">];
+  name: Identifier;
+  onKw: Keyword<"ON">;
+  table: EntityName;
+  actions: (
+    | AlterPolicyAction
+    | PolicyRolesClause
+    | PolicyUsingClause
+    | PolicyCheckClause
+  )[];
+}
+
+export interface DropPolicyStmt extends BaseNode {
+  type: "drop_policy_stmt";
+  dropPolicyKw: [Keyword<"DROP">, Keyword<"POLICY">];
+  ifExistsKw?: [Keyword<"IF">, Keyword<"EXISTS">];
+  name: Identifier;
+  onKw: Keyword<"ON">;
+  table: EntityName;
+  behaviorKw?: Keyword<"CASCADE" | "RESTRICT">;
+}

src/cst/Statement.ts

@@ -25,13 +25,15 @@ import { TruncateStmt } from "./Truncate";
 import { UpdateStmt } from "./Update";
 import { AllPreparedStatements } from "./PreparedStatements";
 import { UnsupportedGrammarStmt } from "./UnsupportedGrammar";
+import { AllPolicyStatements } from "./Policy";
 
 export type Statement =
   | AllAlterTableStatements
   | AllBigqueryStatements
   | AllDclStatements
   | AllFunctionStatements
   | AllIndexStatements
+  | AllPolicyStatements
   | AllPreparedStatements
   | AllProceduralStatements
   | AllProcedureStatements

src/parser.pegjs

@@ -170,6 +170,9 @@ ddl_statement_postgres
   / drop_role_stmt
   / set_role_stmt
   / reset_role_stmt
+  / create_policy_stmt
+  / alter_policy_stmt
+  / drop_policy_stmt
 
 dml_statement
   = compound_select_stmt
@@ -4636,6 +4639,103 @@ reset_role_stmt
     return loc({ type: "reset_role_stmt", resetRoleKw: read(kw) });
   }
 
+/**
+ * ------------------------------------------------------------------------------------ *
+ *                                                                                      *
+ * CREATE/ALTER/DROP POLICY                                                             *
+ *                                                                                      *
+ * ------------------------------------------------------------------------------------ *
+ */
+create_policy_stmt
+  = kw:(CREATE __ POLICY __) name:(ident __) onKw:(ON __) table:entity_name
+    clauses:(__ create_policy_clause)* {
+      return loc({
+        type: "create_policy_stmt",
+        createPolicyKw: read(kw),
+        name: read(name),
+        onKw: read(onKw),
+        table,
+        clauses: clauses.map(read),
+      });
+    }
+
+create_policy_clause
+  = policy_permissive_clause
+  / policy_restrictive_clause
+  / policy_command_clause
+  / policy_roles_clause
+  / policy_using_clause
+  / policy_check_clause
+
+policy_permissive_clause
+  = asKw:(AS __) permissiveKw:PERMISSIVE {
+    return loc({
+      type: "policy_permissive_clause",
+      asKw: read(asKw),
+      permissiveKw,
+    });
+  }
+
+policy_restrictive_clause
+  = asKw:(AS __) restrictiveKw:RESTRICTIVE {
+    return loc({
+      type: "policy_restrictive_clause",
+      asKw: read(asKw),
+      restrictiveKw,
+    });
+  }
+
+policy_command_clause
+  = kw:(FOR __) commandKw:(ALL / SELECT / INSERT / UPDATE / DELETE) {
+    return loc({ type: "policy_command_clause", forKw: read(kw), commandKw });
+  }
+
+policy_roles_clause
+  = kw:(TO __) roles:list$grantee {
+    return loc({ type: "policy_roles_clause", toKw: read(kw), roles });
+  }
+
+policy_using_clause
+  = kw:(USING __) expr:paren$expr {
+    return loc({ type: "policy_using_clause", usingKw: read(kw), expr });
+  }
+
+policy_check_clause
+  = withKw:(WITH __) checkKw:(CHECK __) expr:paren$expr {
+    return loc({ type: "policy_check_clause", withKw: read(withKw), checkKw: read(checkKw), expr });
+  }
+
+alter_policy_stmt
+  = kw:(ALTER __ POLICY __) name:(ident __) onKw:(ON __) table:entity_name actions:(__ alter_policy_action)+ {
+    return loc({
+      type: "alter_policy_stmt",
+      alterPolicyKw: read(kw),
+      name: read(name),
+      onKw: read(onKw),
+      table,
+      actions: actions.map(read),
+    });
+  }
+
+alter_policy_action
+  = alter_action_rename
+  / policy_roles_clause
+  / policy_using_clause
+  / policy_check_clause
+
+drop_policy_stmt
+  = kw:(DROP __ POLICY __) ifExistsKw:(if_exists __)? name:(ident __) onKw:(ON __) table:entity_name behaviorKw:(__ (CASCADE / RESTRICT))? {
+    return loc({
+      type: "drop_policy_stmt",
+      dropPolicyKw: read(kw),
+      ifExistsKw: read(ifExistsKw),
+      name: read(name),
+      onKw: read(onKw),
+      table,
+      behaviorKw: read(behaviorKw),
+    });
+  }
+
 /**
  * ------------------------------------------------------------------------------------ *
  *                                                                                      *
@@ -9010,6 +9110,7 @@ PARTITION           = kw:"PARTITION"i           !ident_part { return loc(createK
 PASSWORD            = kw:"PASSWORD"i            !ident_part { return loc(createKeyword(kw)); }
 PERCENT             = kw:"PERCENT"i             !ident_part { return loc(createKeyword(kw)); }
 PERCENT_RANK        = kw:"PERCENT_RANK"i        !ident_part { return loc(createKeyword(kw)); }
+PERMISSIVE          = kw:"PERMISSIVE"i          !ident_part { return loc(createKeyword(kw)); }
 PERSIST             = kw:"PERSIST"i             !ident_part { return loc(createKeyword(kw)); }
 PERSIST_ONLY        = kw:"PERSIST_ONLY"i        !ident_part { return loc(createKeyword(kw)); }
 PIVOT               = kw:"PIVOT"i               !ident_part { return loc(createKeyword(kw)); }
@@ -9058,6 +9159,7 @@ RESPECT             = kw:"RESPECT"i             !ident_part { return loc(createK
 RESTART             = kw:"RESTART"i             !ident_part { return loc(createKeyword(kw)); }
 RESTRICT            = kw:"RESTRICT"i            !ident_part { return loc(createKeyword(kw)); }
 RESTRICTED          = kw:"RESTRICTED"i          !ident_part { return loc(createKeyword(kw)); }
+RESTRICTIVE         = kw:"RESTRICTIVE"i         !ident_part { return loc(createKeyword(kw)); }
 RETURN              = kw:"RETURN"i              !ident_part { return loc(createKeyword(kw)); }
 RETURNING           = kw:"RETURNING"i           !ident_part { return loc(createKeyword(kw)); }
 RETURNS             = kw:"RETURNS"i             !ident_part { return loc(createKeyword(kw)); }

src/showNode/policy.ts

@@ -0,0 +1,32 @@
+import { show } from "../show";
+import { FullTransformMap } from "../cstTransformer";
+import { AllPolicyNodes } from "src/main";
+
+export const policyMap: FullTransformMap<string, AllPolicyNodes> = {
+  // CREATE POLICY
+  create_policy_stmt: (node) =>
+    show([node.createPolicyKw, node.name, node.onKw, node.table, node.clauses]),
+
+  // Policy clauses
+  policy_permissive_clause: (node) => show([node.asKw, node.permissiveKw]),
+  policy_restrictive_clause: (node) => show([node.asKw, node.restrictiveKw]),
+  policy_command_clause: (node) => show([node.forKw, node.commandKw]),
+  policy_roles_clause: (node) => show([node.toKw, node.roles]),
+  policy_using_clause: (node) => show([node.usingKw, node.expr]),
+  policy_check_clause: (node) => show([node.withKw, node.checkKw, node.expr]),
+
+  // ALTER POLICY
+  alter_policy_stmt: (node) =>
+    show([node.alterPolicyKw, node.name, node.onKw, node.table, node.actions]),
+
+  // DROP POLICY
+  drop_policy_stmt: (node) =>
+    show([
+      node.dropPolicyKw,
+      node.ifExistsKw,
+      node.name,
+      node.onKw,
+      node.table,
+      node.behaviorKw,
+    ]),
+};

src/showNode/transformMap.ts

@@ -15,6 +15,7 @@ import { functionMap } from "./function";
 import { indexMap } from "./index";
 import { insertMap } from "./insert";
 import { mergeMap } from "./merge";
+import { policyMap } from "./policy";
 import { preparedStatementsMap } from "./prepared_statements";
 import { proceduralLanguageMap } from "./procedural_language";
 import { procedureMap } from "./procedure";
@@ -60,7 +61,7 @@ export const transformMap: FullTransformMap<string> = {
   ...dropTableMap,
   ...renameTableMap,
 
-  // CREATE/DROP/ALTER SCHEMA/VIEW/INDEX/TRIGGER/SEQUENCE/TYPE/DOMAIN/ROLE
+  // CREATE/DROP/ALTER SCHEMA/VIEW/INDEX/TRIGGER/SEQUENCE/TYPE/DOMAIN/ROLE/POLICY
   ...schemaMap,
   ...viewMap,
   ...indexMap,
@@ -69,6 +70,7 @@ export const transformMap: FullTransformMap<string> = {
   ...typeMap,
   ...domainMap,
   ...roleMap,
+  ...policyMap,
 
   // CREATE/DROP FUNCTION/PROCEDURE
   ...functionMap,