Task privilege Part2

1. add function: list_task_ownerships, only list task prefix.

2. add visibility in task/task_history system table.

3. refactor showtasks, directly use select * from system.task;

4. fix ut err

Author: TCeason

src/common/cloud_control/proto/task.proto

@@ -119,6 +119,7 @@ message ShowTasksRequest {// every owner has a roles list like ["role1", "role2"
   int32 result_limit = 4;
   repeated string owners = 5;   // all available roles under current client
   repeated string task_ids = 6; // all task ids which permit to access for given user
+  repeated string task_names = 7; // all task names which permit to access for given user
 }
 
 message ShowTasksResponse {
@@ -170,6 +171,7 @@ message ShowTaskRunsRequest {
   repeated string owners = 6;
   repeated string task_ids = 7;
   string task_name = 8;
+  repeated string task_names = 9;
 
   optional int32 page_size = 90; // 100 by default
   optional int64 next_page_token = 91;

src/meta/app/src/principal/tenant_ownership_object_ident.rs

@@ -253,7 +253,7 @@ mod tests {
             assert_eq!(role_grantee, parsed);
         }
 
-        // udf
+        // task
         {
             let role_grantee = TenantOwnershipObjectIdent::new_unchecked(
                 Tenant::new_literal("test"),

src/query/ast/tests/it/testdata/statement-error.txt

@@ -916,3 +916,48 @@ error:
   | while parsing `DROP TABLE [IF EXISTS] [<database>.]<table>`
 
 
+---------- Input ----------
+GRANT CREATE TASK ON task mytask1 TO role role1
+---------- Output ---------
+error: 
+  --> SQL:1:22
+  |
+1 | GRANT CREATE TASK ON task mytask1 TO role role1
+  | ----- ------         ^^^^ unexpected `task`, expecting `FALSE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `*`, or <Ident>
+  | |     |               
+  | |     while parsing <privileges> ON <privileges_level>
+  | while parsing `GRANT { ROLE <role_name> | schemaObjectPrivileges | ALL [ PRIVILEGES ] ON <privileges_level> } TO { [ROLE <role_name>] | [USER] <user> }`
+
+
+---------- Input ----------
+GRANT ownership ON task MyTask1 TO u1
+---------- Output ---------
+error: 
+  --> SQL:1:36
+  |
+1 | GRANT ownership ON task MyTask1 TO u1
+  | -----                              ^^ unexpected `u1`, expecting `ROLE`
+  | |                                   
+  | while parsing GRANT OWNERSHIP ON <privileges_level> TO ROLE <role_name>
+
+
+---------- Input ----------
+GRANT select ON task MyTask1 TO u2
+---------- Output ---------
+error: 
+  --> SQL:1:17
+  |
+1 | GRANT select ON task MyTask1 TO u2
+  |                 ^^^^ unexpected `task`, expecting `FALSE`, `TABLE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `*`, or <Ident>
+
+
+---------- Input ----------
+GRANT usage ON task MyTask1 TO u1
+---------- Output ---------
+error: 
+  --> SQL:1:16
+  |
+1 | GRANT usage ON task MyTask1 TO u1
+  |                ^^^^ unexpected `task`, expecting `FALSE`, `TABLE`, <QuotedString>, <LiteralInteger>, `TRUE`, `IDENTIFIER`, <PGLiteralHex>, <MySQLLiteralHex>, `DATABASE`, `UDF`, `*`, or <Ident>
+
+

src/query/ast/tests/it/testdata/statement.txt

@@ -18133,6 +18133,120 @@ CreateDynamicTable(
 )
 
 
+---------- Input ----------
+GRANT CREATE TASK ON *.* TO role role1
+---------- Output ---------
+GRANT CREATE DATABASE ON *.* TO ROLE 'role1'
+---------- AST ------------
+Grant(
+    GrantStmt {
+        source: Privs {
+            privileges: [
+                CreateDatabase,
+            ],
+            level: Global,
+        },
+        principal: Role(
+            "role1",
+        ),
+    },
+)
+
+
+---------- Input ----------
+GRANT ownership ON task MyTask1 TO role role1
+---------- Output ---------
+GRANT OWNERSHIP ON TASK MyTask1 TO ROLE 'role1'
+---------- AST ------------
+Grant(
+    GrantStmt {
+        source: Privs {
+            privileges: [
+                Ownership,
+            ],
+            level: Task(
+                "MyTask1",
+            ),
+        },
+        principal: Role(
+            "role1",
+        ),
+    },
+)
+
+
+---------- Input ----------
+GRANT ownership ON task MyTask1 TO role role2
+---------- Output ---------
+GRANT OWNERSHIP ON TASK MyTask1 TO ROLE 'role2'
+---------- AST ------------
+Grant(
+    GrantStmt {
+        source: Privs {
+            privileges: [
+                Ownership,
+            ],
+            level: Task(
+                "MyTask1",
+            ),
+        },
+        principal: Role(
+            "role2",
+        ),
+    },
+)
+
+
+---------- Input ----------
+GRANT drop ON task MyTask1 TO u2
+---------- Output ---------
+GRANT DROP ON TASK MyTask1 TO USER 'u2'@'%'
+---------- AST ------------
+Grant(
+    GrantStmt {
+        source: Privs {
+            privileges: [
+                Drop,
+            ],
+            level: Task(
+                "MyTask1",
+            ),
+        },
+        principal: User(
+            UserIdentity {
+                username: "u2",
+                hostname: "%",
+            },
+        ),
+    },
+)
+
+
+---------- Input ----------
+GRANT alter ON task MyTask1 TO u1
+---------- Output ---------
+GRANT ALTER ON TASK MyTask1 TO USER 'u1'@'%'
+---------- AST ------------
+Grant(
+    GrantStmt {
+        source: Privs {
+            privileges: [
+                Alter,
+            ],
+            level: Task(
+                "MyTask1",
+            ),
+        },
+        principal: User(
+            UserIdentity {
+                username: "u1",
+                hostname: "%",
+            },
+        ),
+    },
+)
+
+
 ---------- Input ----------
 CREATE TASK IF NOT EXISTS MyTask1 WAREHOUSE = 'MyWarehouse' SCHEDULE = 15 MINUTE SUSPEND_TASK_AFTER_NUM_FAILURES = 3 ERROR_INTEGRATION = 'notification_name' COMMENT = 'This is test task 1' DATABASE = 'target', TIMEZONE = 'America/Los Angeles' AS SELECT * FROM MyTable1
 ---------- Output ---------

src/query/management/src/role/role_api.rs

@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use databend_common_exception::ErrorCode;
 use databend_common_exception::Result;
 use databend_common_meta_app::principal::OwnershipInfo;
 use databend_common_meta_app::principal::OwnershipObject;
@@ -30,6 +31,10 @@ pub trait RoleApi: Sync + Send {
 
     async fn get_ownerships(&self) -> Result<Vec<SeqV<OwnershipInfo>>>;
 
+    async fn list_tasks_ownerships(
+        &self,
+    ) -> std::result::Result<Vec<SeqV<OwnershipInfo>>, ErrorCode>;
+
     /// General role update.
     ///
     /// It fetches the role that matches the specified seq number, update it in place, then write it back with the seq it sees.

src/query/management/src/role/role_mgr.rs

@@ -217,6 +217,28 @@ impl RoleApi for RoleMgr {
         Ok(r)
     }
 
+    #[async_backtrace::framed]
+    #[minitrace::trace]
+    async fn list_tasks_ownerships(&self) -> Result<Vec<SeqV<OwnershipInfo>>, ErrorCode> {
+        let mut task_object_owner_prefix = self.ownership_object_prefix();
+        task_object_owner_prefix.push_str("task-by-name/");
+        let values = self
+            .kv_api
+            .prefix_list_kv(task_object_owner_prefix.as_str())
+            .await?;
+
+        let mut r = vec![];
+
+        let mut quota = Quota::new(func_name!());
+
+        for (key, val) in values {
+            let u = check_and_upgrade_to_pb(&mut quota, key, &val, self.kv_api.as_ref()).await?;
+            r.push(u);
+        }
+
+        Ok(r)
+    }
+
     /// General role update.
     ///
     /// It fetch the role that matches the specified seq number, update it in place, then write it back with the seq it sees.