[SC-4110] SQL ACL

## What changes were proposed in this pull request?
This is a port of all SQL ACL related patches to DB Spark 2.1:
- 8824d9d [SC-4817] DB Spark ACL extensions
- c60f734 [SC-4816] Add rule to resolve commands.
- 0ddb5db [SC-4862] Modify ACL enforcement for Explain
- 0ee858d [SC-4974] Make specifying securable non-optional for SHOW GRANT
- 4febf33 [SC-4732] CheckPermissions rule for commands and logical plans
- 61cb6df [SC-4815] SQL ACL synchronization for Acl Client and Metastore
- bdaf5f8 [SC-4770] SQL ACL Client Databricks connector
- 8244c7f [SC-4797] Reduced action set for SQL ACLs
- d4ccace [SC-4713] SQL ACL command parser
- 432a51d [SC-4110] Ownership chaining logic for Select requests on views
- 86a2b89 Modified interface for AclClient
- 539134e SQL ACL Interfaces

## How was this patch tested?
Various test suites.

Author: Herman van Hovell <[email protected]>
Author: Srinath Shankar <[email protected]>
Author: Shixiong Zhu <[email protected]>
Author: Sameer Agarwal <[email protected]>
Author: Sameer Agarwal <[email protected]>

Closes apache#125 from hvanhovell/SC-4110-branch-2.1.

Author: hvanhovell

project/SparkBuild.scala

@@ -535,7 +535,10 @@ object Catalyst {
 }
 
 object SQL {
-  lazy val settings = Seq(
+  lazy val settings = antlr4Settings ++ Seq(
+    antlr4PackageName in Antlr4 := Some("com.databricks.sql.acl"),
+    antlr4GenListener in Antlr4 := true,
+    antlr4GenVisitor in Antlr4 := true,
     initialCommands in console :=
       """
         |import org.apache.spark.SparkContext

sql/core/pom.xml

@@ -177,6 +177,21 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.antlr</groupId>
+        <artifactId>antlr4-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <goals>
+              <goal>antlr4</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <visitor>true</visitor>
+          <sourceDirectory>../core/src/main/antlr4</sourceDirectory>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 </project>

sql/core/src/main/antlr4/com/databricks/sql/acl/AclCommandBase.g4

@@ -0,0 +1,123 @@
+/*
+ * Copyright © 2016 Databricks, Inc.
+ *
+ * Portions of this software incorporate or are derived from software contained within Apache Spark,
+ * and this modified software differs from the Apache Spark software provided under the Apache
+ * License, Version 2.0, a copy of which you may obtain at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+grammar AclCommandBase;
+
+tokens {
+    DELIMITER
+}
+
+singleStatement
+    : statement EOF
+    ;
+
+statement
+    : managePermissions                                         #managePermissionsAlt
+    | ALTER securable OWNER TO identifier                       #alterOwner
+    | MSCK REPAIR securable PRIVILEGES                          #repairPrivileges
+    | SHOW GRANT identifier? ON (ALL| securable)                #showPermissions
+    | .*?                                                       #passThrough
+    ;
+
+managePermissions
+    : GRANT (actionTypes+=identifier (',' actionTypes+=identifier)* | ALL PRIVILEGES)
+      ON securable TO grantee=identifier
+      (WITH GRANT OPTION)?
+    | REVOKE (GRANT OPTION FOR)?
+      (actionTypes+=identifier (',' actionTypes+=identifier)* | ALL PRIVILEGES)
+      ON securable FROM grantee=identifier
+    ;
+
+securable
+    : objectType=CATALOG
+    | objectType=DATABASE identifier
+    | objectType=VIEW qualifiedName
+    | objectType=FUNCTION qualifiedName
+    | ANONYMOUS objectType=FUNCTION
+    | objectType=TABLE? qualifiedName
+    ;
+
+qualifiedName
+    : identifier ('.' identifier)*
+    ;
+
+identifier
+    : IDENTIFIER             #unquotedIdentifier
+    | quotedIdentifier       #quotedIdentifierAlternative
+    | nonReserved            #unquotedIdentifier
+    ;
+
+quotedIdentifier
+    : BACKQUOTED_IDENTIFIER
+    ;
+
+nonReserved
+    : ALTER | OWNER | TO | MSCK | REPAIR | PRIVILEGES | SHOW | GRANT | ON | ALL | WITH | OPTION |
+      REVOKE | FOR | FROM | CATALOG | DATABASE | TABLE | VIEW | FUNCTION | ANONYMOUS
+    ;
+
+ALTER: 'ALTER';
+OWNER: 'OWNER';
+TO: 'TO';
+MSCK: 'MSCK';
+REPAIR: 'REPAIR';
+PRIVILEGES: 'PRIVILEGES';
+SHOW: 'SHOW';
+GRANT: 'GRANT';
+ON: 'ON';
+ALL: 'ALL';
+WITH: 'WITH';
+OPTION: 'OPTION';
+REVOKE: 'REVOKE';
+FOR: 'FOR';
+FROM: 'FROM';
+CATALOG: 'CATALOG';
+DATABASE: 'DATABASE';
+TABLE: 'TABLE';
+VIEW: 'VIEW';
+FUNCTION: 'FUNCTION';
+ANONYMOUS: 'ANONYMOUS';
+
+STRING
+    : '\'' ( ~('\''|'\\') | ('\\' .) )* '\''
+    | '\"' ( ~('\"'|'\\') | ('\\' .) )* '\"'
+    ;
+
+IDENTIFIER
+    : (LETTER | DIGIT | '_')+
+    ;
+
+BACKQUOTED_IDENTIFIER
+    : '`' ( ~'`' | '``' )* '`'
+    ;
+
+fragment DIGIT
+    : [0-9]
+    ;
+
+fragment LETTER
+    : [A-Z]
+    ;
+
+SIMPLE_COMMENT
+    : '--' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN)
+    ;
+
+BRACKETED_COMMENT
+    : '/*' .*? '*/' -> channel(HIDDEN)
+    ;
+
+WS  : [ \r\n\t]+ -> channel(HIDDEN)
+    ;
+
+// Catch-all for anything we can't recognize.
+// We use this to be able to ignore and recover all the text
+// when splitting statements with DelimiterLexer
+UNRECOGNIZED
+    : .
+    ;

sql/core/src/main/scala/com/databricks/sql/acl/AclClient.scala

@@ -0,0 +1,85 @@
+/*
+ * Copyright © 2016 Databricks, Inc.
+ *
+ * Portions of this software incorporate or are derived from software contained within Apache Spark,
+ * and this modified software differs from the Apache Spark software provided under the Apache
+ * License, Version 2.0, a copy of which you may obtain at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package com.databricks.sql.acl
+
+trait AclClient {
+  /**
+   * Given a set of actions on securables, returns the subset which the underlying principal
+   * has permissions to execute.
+   *
+   * @param requests to check.
+   */
+  def getValidPermissions(requests: Traversable[(Securable, Action)]): Set[(Securable, Action)]
+
+  /**
+   * Retrieve the owners for the given securables.
+   */
+  def getOwners(securables: Traversable[Securable]): Map[Securable, Principal]
+
+  /**
+   * List the permission for an (optional) principal and an (optional) object securable. The
+   * principal issuing this command must meet one of the following requirements:
+   * 1. The principal must be equal to or an (indirect) member of the given principal.
+   * 2. The principal must own the given securable or one of its hierarchical parents.
+   * A [[SecurityException]] is thrown when neither of these requirements is met.
+   */
+  @throws[SecurityException]("permission denied")
+  def listPermissions(
+      principal: Option[Principal] = None,
+      securable: Securable): Seq[Permission]
+
+  /**
+   * Modify the current permissions. The current principal must hold the correct permissions to
+   * execute all of the given modifications. A [[SecurityException]] will be thrown if this
+   * condition is not met, and none of the modifications will be executed.
+   */
+  @throws[SecurityException]("permission denied")
+  def modify(modifications: Seq[ModifyPermission]): Unit
+}
+
+/**
+ * Modify permission command.
+ */
+sealed trait ModifyPermission
+
+/**
+ * Grant a permission to a user.
+ *
+ * This user issuing the command must hold a GRANT permission for the given ActionType on the
+ * given object.
+ */
+case class GrantPermission(permission: Permission) extends ModifyPermission {
+  require(permission.validateGrant, s"$permission cannot be granted.")
+}
+
+/**
+ * Revoke a permission from a user.
+ */
+case class RevokePermission(permission: Permission) extends ModifyPermission {
+  require(permission.validateGrant, s"$permission cannot be revoked.")}
+
+/**
+ * Remove all permissions for the given [[Securable]].
+ */
+case class DropSecurable(securable: Securable) extends ModifyPermission
+
+/**
+ * Rename a [[Securable]].
+ */
+case class Rename(before: Securable, after: Securable) extends ModifyPermission
+
+/**
+ * Create a new securable which will be owned by the current user.
+ */
+case class CreateSecurable(securable: Securable) extends ModifyPermission
+
+/**
+ * Change the owner of the [[Securable]]
+ */
+case class ChangeOwner(securable: Securable, next: Principal) extends ModifyPermission

sql/core/src/main/scala/com/databricks/sql/acl/AclCommandParser.scala

@@ -0,0 +1,129 @@
+/*
+ * Copyright © 2016 Databricks, Inc.
+ *
+ * Portions of this software incorporate or are derived from software contained within Apache Spark,
+ * and this modified software differs from the Apache Spark software provided under the Apache
+ * License, Version 2.0, a copy of which you may obtain at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package com.databricks.sql.acl
+
+import com.databricks.sql.acl.AclCommandBaseParser._
+import org.antlr.v4.runtime._
+import org.antlr.v4.runtime.atn.PredictionMode
+import org.antlr.v4.runtime.misc.ParseCancellationException
+
+import org.apache.spark.sql.AnalysisException
+import org.apache.spark.sql.catalyst.TableIdentifier
+import org.apache.spark.sql.catalyst.expressions.Expression
+import org.apache.spark.sql.catalyst.parser._
+import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
+import org.apache.spark.sql.catalyst.trees.Origin
+import org.apache.spark.sql.types.DataType
+
+/**
+ * Parser for ACL related commands. The parser passes the query to an underlying (more complete)
+ * parser if it cannot parse the query.
+ */
+class AclCommandParser(client: AclClient, delegate: ParserInterface) extends ParserInterface {
+
+  val builder = new AstCommandBuilder(client)
+
+  override def parseDataType(sqlText: String): DataType =
+    delegate.parseDataType(sqlText)
+
+  override def parseExpression(sqlText: String): Expression =
+    delegate.parseExpression(sqlText)
+
+  override def parseTableIdentifier(sqlText: String): TableIdentifier =
+    delegate.parseTableIdentifier(sqlText)
+
+  /** Creates LogicalPlan for a given SQL string. */
+  override def parsePlan(sqlText: String): LogicalPlan = parse(sqlText) { parser =>
+    builder.visit(parser.singleStatement()) match {
+      case plan: LogicalPlan => plan
+      case _ => delegate.parsePlan(sqlText)
+    }
+  }
+
+  protected def parse[T](command: String)(toResult: AclCommandBaseParser => T): T = {
+    val lexer = new AclCommandBaseLexer(new ANTLRNoCaseStringStream(command))
+    lexer.removeErrorListeners()
+    lexer.addErrorListener(ParseErrorListener)
+
+    val tokenStream = new CommonTokenStream(lexer)
+    val parser = new AclCommandBaseParser(tokenStream)
+    parser.addParseListener(PostProcessor)
+    parser.removeErrorListeners()
+    parser.addErrorListener(ParseErrorListener)
+
+    try {
+      try {
+        // first, try parsing with potentially faster SLL mode
+        parser.getInterpreter.setPredictionMode(PredictionMode.SLL)
+        toResult(parser)
+      } catch {
+        case e: ParseCancellationException =>
+          // if we fail, parse with LL mode
+          tokenStream.reset() // rewind input stream
+          parser.reset()
+
+          // Try Again.
+          parser.getInterpreter.setPredictionMode(PredictionMode.LL)
+          toResult(parser)
+      }
+    } catch {
+      case e: ParseException if e.command.isDefined =>
+        throw e
+      case e: ParseException =>
+        throw e.withCommand(command)
+      case e: AnalysisException =>
+        val position = Origin(e.line, e.startPosition)
+        throw new ParseException(Option(command), e.message, position, position)
+    }
+  }
+}
+
+// TODO open this up in the existing parsing infrastructure.
+class ANTLRNoCaseStringStream(input: String) extends ANTLRInputStream(input) {
+  override def LA(i: Int): Int = {
+    val la = super.LA(i)
+    if (la == 0 || la == IntStream.EOF) la
+    else Character.toUpperCase(la)
+  }
+}
+
+/**
+ * The post-processor validates & cleans-up the parse tree during the parse process.
+ */
+case object PostProcessor extends AclCommandBaseBaseListener {
+
+  /** Remove the back ticks from an Identifier. */
+  override def exitQuotedIdentifier(ctx: QuotedIdentifierContext): Unit = {
+    replaceTokenByIdentifier(ctx, 1) { token =>
+      // Remove the double back ticks in the string.
+      token.setText(token.getText.replace("``", "`"))
+      token
+    }
+  }
+
+  /** Treat non-reserved keywords as Identifiers. */
+  override def exitNonReserved(ctx: NonReservedContext): Unit = {
+    replaceTokenByIdentifier(ctx, 0)(identity)
+  }
+
+  private def replaceTokenByIdentifier(
+      ctx: ParserRuleContext,
+      stripMargins: Int)(
+      f: CommonToken => CommonToken = identity): Unit = {
+    val parent = ctx.getParent
+    parent.removeLastChild()
+    val token = ctx.getChild(0).getPayload.asInstanceOf[Token]
+    parent.addChild(f(new CommonToken(
+      new org.antlr.v4.runtime.misc.Pair(token.getTokenSource, token.getInputStream),
+      AclCommandBaseParser.IDENTIFIER,
+      token.getChannel,
+      token.getStartIndex + stripMargins,
+      token.getStopIndex - stripMargins)))
+  }
+}