Regex to parse a SHOW GRANTS line. Inspired by several stack overflow posts and
adjusted to account for the different quoting styles across MySQL versions.
If this regex matches then this is a grant on an actual object which looks like:
GRANT SELECT, INSERT, UPDATE ON db1.* TO u1@localhost
GRANT SELECT ON db1.table1 TO my_user@localhost WITH GRANT OPTION
The regex needs to account for the possibility of a wildcard schema or table, and for the
quote-char to be part of the table/schema name too.
Group 1 is the list of privileges being granted
Group 2 is either the wildcard * or a quoted database/schema
Group 4 is the unquoted database/schema when the wildcard is not matched
Group 5 is either the wildcard * or a quoted table
Group 7 is the unquoted table when the wildcard is not matched
Group 9 is the user being granted
We use the fancy_regex crate to allow backreferences which are necessary to find the ending
quote of each identifier since there are different quoting types across mysql versions.
Allowlist of characters permitted in the value spliced into the
SHOW GRANTS ... USING <roles> query. The value originates from the
upstream MySQL server’s CURRENT_ROLE() and must be conservatively
validated to prevent SQL injection. Comma-separated role specs of the
form `role`@`host` or 'role'@'host' use only this character set.
Parses a returned row of a SHOW GRANTS statement to return a MySqlObjectGrant
If the grant is not on an object (e.g. a grant of a role to a user), returns None