feat: Support CREATE/DROP SECRET for duckdb.

Author: JichaoS

src/ast/mod.rs

@@ -1999,6 +1999,19 @@ pub enum Statement {
         authorization_owner: Option<ObjectName>,
     },
     /// ```sql
+    /// CREATE SECRET
+    /// ```
+    /// See [duckdb](https://duckdb.org/docs/sql/statements/create_secret.html)
+    CreateSecret {
+        or_replace: bool,
+        temporary: Option<bool>,
+        if_not_exists: bool,
+        name: Option<Ident>,
+        storage_specifier: Option<Ident>,
+        secret_type: Ident,
+        options: Vec<SecretOption>,
+    },
+    /// ```sql
     /// ALTER TABLE
     /// ```
     AlterTable {
@@ -2080,6 +2093,15 @@ pub enum Statement {
         option: Option<ReferentialAction>,
     },
     /// ```sql
+    /// DROP SECRET
+    /// ```
+    DropSecret {
+        if_exists: bool,
+        temporary: Option<bool>,
+        name: Ident,
+        storage_specifier: Option<Ident>,
+    },
+    /// ```sql
     /// DECLARE
     /// ```
     /// Declare Cursor Variables
@@ -3515,6 +3537,48 @@ impl fmt::Display for Statement {
                 }
                 Ok(())
             }
+            Statement::CreateSecret {
+                or_replace,
+                temporary,
+                if_not_exists,
+                name,
+                storage_specifier,
+                secret_type,
+                options,
+            } => {
+                write!(
+                    f,
+                    "CREATE {or_replace}",
+                    or_replace = if *or_replace { "OR REPLACE " } else { "" },
+                )?;
+                if let Some(t) = temporary {
+                    write!(f, "{}", if *t { "TEMPORARY " } else { "PERSISTENT " })?;
+                }
+                write!(
+                    f,
+                    "SECRET {if_not_exists}",
+                    if_not_exists = if *if_not_exists { "IF NOT EXISTS " } else { "" },
+                )?;
+                if let Some(n) = name {
+                    write!(f, "{n} ")?;
+                };
+                if let Some(s) = storage_specifier {
+                    write!(f, "IN {s} ")?;
+                }
+                write!(
+                    f,
+                    "( TYPE {secret_type}",
+                )?;
+                if !options.is_empty() {
+                    write!(
+                        f,
+                        ", {o}",
+                        o = display_comma_separated(options)
+                    )?;
+                }
+                write!(f, " )")?;
+                Ok(())
+            }
             Statement::AlterTable {
                 name,
                 if_exists,
@@ -3595,6 +3659,21 @@ impl fmt::Display for Statement {
                 }
                 Ok(())
             }
+            Statement::DropSecret { if_exists, temporary, name, storage_specifier } => {
+                write!(f, "DROP ")?;
+                if let Some(t) = temporary {
+                    write!(f, "{}", if *t { "TEMPORARY " } else { "PERSISTENT " })?;
+                }
+                write!(
+                    f,
+                    "SECRET {if_exists}{name}",
+                    if_exists = if *if_exists { "IF EXISTS " } else { "" },
+                )?;
+                if let Some(s) = storage_specifier {
+                    write!(f, " FROM {s}")?;
+                }
+                Ok(())
+            }
             Statement::Discard { object_type } => {
                 write!(f, "DISCARD {object_type}")?;
                 Ok(())
@@ -5026,6 +5105,20 @@ impl fmt::Display for SqlOption {
     }
 }
 
+#[derive(Debug, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
+#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
+#[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]
+pub struct SecretOption {
+    pub key: Ident,
+    pub value: Ident,
+}
+
+impl fmt::Display for SecretOption {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "{} {}", self.key, self.value)
+    }
+}
+
 #[derive(Debug, Copy, Clone, PartialEq, PartialOrd, Eq, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
 #[cfg_attr(feature = "visitor", derive(Visit, VisitMut))]

src/keywords.rs

@@ -511,6 +511,7 @@ define_keywords!(
     PERCENTILE_DISC,
     PERCENT_RANK,
     PERIOD,
+    PERSISTENT,
     PIVOT,
     PLACING,
     PLANS,
@@ -596,6 +597,7 @@ define_keywords!(
     SCROLL,
     SEARCH,
     SECOND,
+    SECRET,
     SECURITY,
     SELECT,
     SEMI,

src/parser/mod.rs

@@ -3031,6 +3031,7 @@ impl<'a> Parser<'a> {
         let temporary = self
             .parse_one_of_keywords(&[Keyword::TEMP, Keyword::TEMPORARY])
             .is_some();
+        let persistent = dialect_of!(self is DuckDbDialect) && self.parse_one_of_keywords(&[Keyword::PERSISTENT]).is_some();
         if self.parse_keyword(Keyword::TABLE) {
             self.parse_create_table(or_replace, temporary, global, transient)
         } else if self.parse_keyword(Keyword::MATERIALIZED) || self.parse_keyword(Keyword::VIEW) {
@@ -3042,6 +3043,8 @@ impl<'a> Parser<'a> {
             self.parse_create_function(or_replace, temporary)
         } else if self.parse_keyword(Keyword::MACRO) {
             self.parse_create_macro(or_replace, temporary)
+        } else if self.parse_keyword(Keyword::SECRET) {
+            self.parse_create_secret(or_replace, temporary, persistent)
         } else if or_replace {
             self.expected(
                 "[EXTERNAL] TABLE or [MATERIALIZED] VIEW or FUNCTION after CREATE OR REPLACE",
@@ -3072,6 +3075,62 @@ impl<'a> Parser<'a> {
         }
     }
 
+    /// See [DuckDB Docs](https://duckdb.org/docs/sql/statements/create_secret.html) for more details.
+    pub fn parse_create_secret(
+        &mut self,
+        or_replace: bool,
+        temporary: bool,
+        persistent: bool,
+    ) -> Result<Statement, ParserError> {
+        let if_not_exists = self.parse_keywords(&[Keyword::IF, Keyword::NOT, Keyword::EXISTS]);
+
+        let mut storage_specifier = None;
+        let mut name = None;
+        if self.peek_token() != Token::LParen {
+            if self.parse_keyword(Keyword::IN) {
+                storage_specifier = self.parse_identifier(false).ok()
+            } else {
+                name = self.parse_identifier(false).ok();
+            }
+
+            // Storage specifier may follow the name
+            if storage_specifier.is_none() && self.peek_token() != Token::LParen && self.parse_keyword(Keyword::IN) {
+                storage_specifier = self.parse_identifier(false).ok();
+            }
+        }
+
+        self.expect_token(&Token::LParen)?;
+        self.expect_keyword(Keyword::TYPE)?;
+        let secret_type = self.parse_identifier(false)?;
+
+        let mut options = Vec::new();
+        if self.consume_token(&Token::Comma) {
+            options.append(&mut self.parse_comma_separated(|p| {
+                let key = p.parse_identifier(false)?;
+                let value = p.parse_identifier(false)?;
+                Ok(SecretOption { key, value })
+            })?);
+        }
+        self.expect_token(&Token::RParen)?;
+
+        let temp = match (temporary, persistent) {
+            (true, false) => Some(true),
+            (false, true) => Some(false),
+            (false, false) => None,
+            _ => self.expected("TEMPORARY or PERSISTENT", self.peek_token())?,
+        };
+
+        Ok(Statement::CreateSecret {
+            or_replace,
+            temporary: temp,
+            if_not_exists,
+            name,
+            storage_specifier,
+            secret_type,
+            options,
+        })
+    }
+
     /// Parse a CACHE TABLE statement
     pub fn parse_cache_table(&mut self) -> Result<Statement, ParserError> {
         let (mut table_flag, mut options, mut has_as, mut query) = (None, vec![], false, None);
@@ -3805,8 +3864,9 @@ impl<'a> Parser<'a> {
 
     pub fn parse_drop(&mut self) -> Result<Statement, ParserError> {
         // MySQL dialect supports `TEMPORARY`
-        let temporary = dialect_of!(self is MySqlDialect | GenericDialect)
+        let temporary = dialect_of!(self is MySqlDialect | GenericDialect | DuckDbDialect)
             && self.parse_keyword(Keyword::TEMPORARY);
+        let persistent = dialect_of!(self is DuckDbDialect) && self.parse_one_of_keywords(&[Keyword::PERSISTENT]).is_some();
 
         let object_type = if self.parse_keyword(Keyword::TABLE) {
             ObjectType::Table
@@ -3824,6 +3884,8 @@ impl<'a> Parser<'a> {
             ObjectType::Stage
         } else if self.parse_keyword(Keyword::FUNCTION) {
             return self.parse_drop_function();
+        } else if self.parse_keyword(Keyword::SECRET) {
+            return self.parse_drop_secret(temporary, persistent);
         } else {
             return self.expected(
                 "TABLE, VIEW, INDEX, ROLE, SCHEMA, FUNCTION, STAGE or SEQUENCE after DROP",
@@ -3896,6 +3958,25 @@ impl<'a> Parser<'a> {
         Ok(DropFunctionDesc { name, args })
     }
 
+    /// See [DuckDB Docs](https://duckdb.org/docs/sql/statements/create_secret.html) for more details.
+    fn parse_drop_secret(&mut self, temporary: bool, persistent: bool) -> Result<Statement, ParserError> {
+        let if_exists = self.parse_keywords(&[Keyword::IF, Keyword::EXISTS]);
+        let name = self.parse_identifier(false)?;
+        let storage_specifier = if self.parse_keyword(Keyword::FROM) {
+            self.parse_identifier(false).ok()
+        } else {
+            None
+        };
+        let temp = match (temporary, persistent) {
+            (true, false) => Some(true),
+            (false, true) => Some(false),
+            (false, false) => None,
+            _ => self.expected("TEMPORARY or PERSISTENT", self.peek_token())?,
+        };
+
+        Ok(Statement::DropSecret { if_exists, temporary: temp, name, storage_specifier})
+    }
+
     /// Parse a `DECLARE` statement.
     ///
     /// ```sql

tests/sqlparser_duckdb.rs

@@ -246,3 +246,72 @@ fn test_duckdb_load_extension() {
         stmt
     );
 }
+
+#[test]
+fn test_create_secret() {
+    let sql = r#"CREATE OR REPLACE PERSISTENT SECRET IF NOT EXISTS name IN storage ( TYPE type, key1 value1, key2 value2 )"#;
+    let stmt = duckdb().verified_stmt(sql);
+    assert_eq!(
+        Statement::CreateSecret {
+            or_replace: true,
+            temporary: Some(false),
+            if_not_exists: true,
+            name: Some(Ident::new("name")),
+            storage_specifier: Some(Ident::new("storage")),
+            secret_type: Ident::new("type"),
+            options: vec![
+                SecretOption {
+                    key: Ident::new("key1"),
+                    value: Ident::new("value1"),
+                },
+                SecretOption {
+                    key: Ident::new("key2"),
+                    value: Ident::new("value2"),
+                }
+            ]
+        },
+        stmt
+    );
+}
+
+#[test]
+fn test_create_secret_simple() {
+    let sql = r#"CREATE SECRET ( TYPE type )"#;
+    let stmt = duckdb().verified_stmt(sql);
+    assert_eq!(
+        Statement::CreateSecret {
+            or_replace: false,
+            temporary: None,
+            if_not_exists: false,
+            name: None,
+            storage_specifier: None,
+            secret_type: Ident::new("type"),
+            options: vec![]
+        },
+        stmt
+    );
+}
+
+#[test]
+fn test_drop_secret() {
+    let sql = r#"DROP PERSISTENT SECRET IF EXISTS secret FROM storage"#;
+    let stmt = duckdb().verified_stmt(sql);
+    assert_eq!(
+        Statement::DropSecret {
+             if_exists: true, temporary: Some(false), name:  Ident::new("secret"), storage_specifier: Some(Ident::new("storage")) }
+            ,
+        stmt
+    );
+}
+
+#[test]
+fn test_drop_secret_simple() {
+    let sql = r#"DROP SECRET secret"#;
+    let stmt = duckdb().verified_stmt(sql);
+    assert_eq!(
+        Statement::DropSecret {
+             if_exists: false, temporary: None, name:  Ident::new("secret"), storage_specifier: None }
+            ,
+        stmt
+    );
+}