MDEV-9443: Roles aren't supported in prepared statements

Make role statements work with the PREPARE keyword.

Author: cvicentiu

mysql-test/suite/roles/prepare_stmt_with_role.result

@@ -0,0 +1,62 @@
+#
+# Test user to check if we can grant the created role to it.
+#
+create user test_user;
+#
+# First create the role.
+#
+SET @createRole = 'CREATE ROLE developers';
+PREPARE stmtCreateRole FROM @createRole;
+EXECUTE stmtCreateRole;
+#
+# Test to see if the role is created.
+#
+SELECT user, host,is_role FROM mysql.user
+WHERE user = 'developers';
+user	host	is_role
+developers		Y
+SHOW GRANTS;
+Grants for root@localhost
+GRANT developers TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+#
+# Now grant the role to the test user.
+#
+SET @grantRole = 'GRANT developers to test_user';
+PREPARE stmtGrantRole FROM @grantRole;
+EXECUTE stmtGrantRole;
+#
+# We should see 2 entries in the roles_mapping table.
+#
+SELECT * FROM mysql.roles_mapping;
+Host	User	Role	Admin_option
+%	test_user	developers	N
+localhost	root	developers	Y
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT developers TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+#
+# Now drop the role.
+#
+SET @dropRole = 'DROP ROLE developers';
+PREPARE stmtDropRole FROM @dropRole;
+EXECUTE stmtDropRole;
+#
+# Check both user and roles_mapping table for traces of our role.
+#
+SELECT user, host,is_role FROM mysql.user
+WHERE user = 'developers';
+user	host	is_role
+SELECT * FROM mysql.roles_mapping;
+Host	User	Role	Admin_option
+SHOW GRANTS;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT USAGE ON *.* TO 'test_user'@'%'
+# Cleanup.
+DROP USER test_user;

mysql-test/suite/roles/prepare_stmt_with_role.test

@@ -0,0 +1,52 @@
+--source include/not_embedded.inc
+
+
+--echo #
+--echo # Test user to check if we can grant the created role to it.
+--echo #
+create user test_user;
+--echo #
+--echo # First create the role.
+--echo #
+SET @createRole = 'CREATE ROLE developers';
+PREPARE stmtCreateRole FROM @createRole;
+EXECUTE stmtCreateRole;
+--echo #
+--echo # Test to see if the role is created.
+--echo #
+SELECT user, host,is_role FROM mysql.user
+WHERE user = 'developers';
+SHOW GRANTS;
+
+--echo #
+--echo # Now grant the role to the test user.
+--echo #
+SET @grantRole = 'GRANT developers to test_user';
+PREPARE stmtGrantRole FROM @grantRole;
+EXECUTE stmtGrantRole;
+
+--echo #
+--echo # We should see 2 entries in the roles_mapping table.
+--echo #
+--sorted_result
+SELECT * FROM mysql.roles_mapping;
+SHOW GRANTS FOR test_user;
+
+--echo #
+--echo # Now drop the role.
+--echo #
+SET @dropRole = 'DROP ROLE developers';
+PREPARE stmtDropRole FROM @dropRole;
+EXECUTE stmtDropRole;
+
+--echo #
+--echo # Check both user and roles_mapping table for traces of our role.
+--echo #
+SELECT user, host,is_role FROM mysql.user
+WHERE user = 'developers';
+SELECT * FROM mysql.roles_mapping;
+SHOW GRANTS;
+SHOW GRANTS FOR test_user;
+
+--echo # Cleanup.
+DROP USER test_user;

sql/sql_prepare.cc

@@ -2458,9 +2458,12 @@ static bool check_prepared_statement(Prepared_statement *stmt)
   case SQLCOM_CREATE_USER:
   case SQLCOM_RENAME_USER:
   case SQLCOM_DROP_USER:
+  case SQLCOM_CREATE_ROLE:
+  case SQLCOM_DROP_ROLE:
   case SQLCOM_ASSIGN_TO_KEYCACHE:
   case SQLCOM_PRELOAD_KEYS:
   case SQLCOM_GRANT:
+  case SQLCOM_GRANT_ROLE:
   case SQLCOM_REVOKE:
   case SQLCOM_KILL:
   case SQLCOM_COMPOUND: