Merge cockroachdb#122556

122556: sql/delegate: added external connection info to show grants r=rafiss a=Dedej-Bergin

Previously, when we run the SHOW GRANTS command external connection info would not show up.  These code changes make it so that we can now see external connection granted privileges with the SHOW GRANTS command.

Fixes: cockroachdb#122199
Release note (sql change): external connection granted privileges can now be seen with the SHOW GRANTS command.

Co-authored-by: Bergin Dedej <[email protected]>

pkg/sql/delegate/show_grants.go

@@ -88,18 +88,18 @@ SELECT a.username AS grantee,
   FROM (
         SELECT username, unnest(privileges) AS privilege
           FROM crdb_internal.kv_system_privileges
-       ) AS a
-`
+       ) AS a`
 	const externalConnectionPrivilegeQuery = `
 SELECT *
   FROM (
         SELECT name AS connection_name,
+               'external_connection' AS object_type,
                a.username AS grantee,
                crdb_internal.privilege_name(privilege_key) AS privilege_type,
                a.privilege_key
                IN (
                   SELECT unnest(grant_options)
-                    FROM system.privileges
+                    FROM crdb_internal.kv_system_privileges
                    WHERE username = a.username
                 ) AS is_grantable
           FROM (
@@ -109,11 +109,11 @@ SELECT *
                        ) AS name,
                        username,
                        unnest(privileges) AS privilege_key
-                  FROM system.privileges
+                  FROM crdb_internal.kv_system_privileges
                  WHERE path ~* '^/externalconn/'
                ) AS a
-       )
-`
+       )`
+
 	// Query grants data for user-defined functions and procedures. Builtin
 	// functions are not included.
 	routineQuery := fmt.Sprintf(`
@@ -362,9 +362,13 @@ SELECT database_name,
 			`SELECT database_name, schema_name, routine_signature AS object_name, object_type , grantee, privilege_type, is_grantable FROM (`)
 		source.WriteString(routineQuery)
 		source.WriteByte(')')
+		source.WriteString(` UNION ALL ` +
+			`SELECT NULL::STRING AS database_name, NULL::STRING AS schema_name, connection_name AS object_name, object_type , grantee, privilege_type, is_grantable FROM (`)
+		source.WriteString(externalConnectionPrivilegeQuery)
+		source.WriteByte(')')
 		// If the current database is set, restrict the command to it.
 		if currDB := d.evalCtx.SessionData().Database; currDB != "" {
-			fmt.Fprintf(&cond, ` WHERE database_name = %s`, lexbase.EscapeSQLString(currDB))
+			fmt.Fprintf(&cond, ` WHERE database_name = %s OR object_type = 'external_connection'`, lexbase.EscapeSQLString(currDB))
 		} else {
 			cond.WriteString(`WHERE true`)
 		}
@@ -425,6 +429,5 @@ ORDER BY
 			}
 		}
 	}
-
 	return d.parse(query)
 }

pkg/sql/logictest/testdata/logic_test/role

@@ -1889,10 +1889,13 @@ create type mood as enum ('sad','happy');
 grant usage on type mood to roach;
 create sequence test_sequence;
 grant usage on sequence test_sequence to roach;
+CREATE EXTERNAL CONNECTION connection1 AS 'nodelocal://1/foo';
+grant usage on EXTERNAL CONNECTION connection1 to roach;
 
 query TTTTTTB colnames,rowsort
 show grants for roach
 ----
-database_name  schema_name  object_name    object_type  grantee  privilege_type  is_grantable
-test           public       mood           type         roach    USAGE           false
-test           public       test_sequence  sequence     roach    USAGE           false
+database_name  schema_name  object_name    object_type          grantee  privilege_type  is_grantable
+NULL           NULL         connection1    external_connection  roach    USAGE           false
+test           public       mood           type                 roach    USAGE           false
+test           public       test_sequence  sequence             roach    USAGE           false