Merge cockroachdb#93930

93930: catpb: use uint64 for privilege bitfield r=rafiss a=rafiss

fixes cockroachdb#91932

We are close to running out of bits, since we use a uint32 right now.
This commit buys us more time. If the privilege kinds don't keep
growing too much, then we should be safe for quite a while.

This causes functions that convert protos to json to use double quotes
for the privilege bitfield, since 64-bit integers must be handled as
strings in json.

Release note: None

Co-authored-by: Rafi Shamim <[email protected]>

pkg/ccl/logictestccl/testdata/logic_test/redact_descriptor

@@ -149,14 +149,14 @@ SELECT descriptor from redacted_descriptors where id = 'collate_partition'::REGC
             "ownerProto": "root",
             "users": [
                 {
-                    "privileges": 2,
+                    "privileges": "2",
                     "userProto": "admin",
-                    "withGrantOption": 2
+                    "withGrantOption": "2"
                 },
                 {
-                    "privileges": 2,
+                    "privileges": "2",
                     "userProto": "root",
-                    "withGrantOption": 2
+                    "withGrantOption": "2"
                 }
             ],
             "version": 2
@@ -343,14 +343,14 @@ SELECT descriptor from redacted_descriptors where id = 'subpartition'::REGCLASS;
             "ownerProto": "root",
             "users": [
                 {
-                    "privileges": 2,
+                    "privileges": "2",
                     "userProto": "admin",
-                    "withGrantOption": 2
+                    "withGrantOption": "2"
                 },
                 {
-                    "privileges": 2,
+                    "privileges": "2",
                     "userProto": "root",
-                    "withGrantOption": 2
+                    "withGrantOption": "2"
                 }
             ],
             "version": 2

pkg/ccl/schemachangerccl/testdata/decomp/multiregion

@@ -35,17 +35,17 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 104
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 104
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 104
-    privileges: 2048
+    privileges: "2048"
     userName: public
   Status: PUBLIC
 - DatabaseRegionConfig:
@@ -311,12 +311,12 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 110
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 110
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - ObjectParent:
@@ -573,12 +573,12 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 109
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 109
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - ObjectParent:
@@ -940,12 +940,12 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 108
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 108
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - ObjectParent:
@@ -977,17 +977,17 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 106
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 106
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 106
-    privileges: 512
+    privileges: "512"
     userName: public
   Status: PUBLIC
 - ObjectParent:

pkg/ccl/schemachangerccl/testdata/decomp/partitioning

@@ -409,12 +409,12 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 104
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 104
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - ObjectParent:
@@ -715,12 +715,12 @@ ElementState:
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 105
-    privileges: 2
+    privileges: "2"
     userName: admin
   Status: PUBLIC
 - UserPrivileges:
     descriptorId: 105
-    privileges: 2
+    privileges: "2"
     userName: root
   Status: PUBLIC
 - ObjectParent:

pkg/ccl/schemachangerccl/testdata/end_to_end/drop_database_multiregion_primary_region

@@ -41,7 +41,7 @@ add synthetic descriptor #105:
      name: public
      parentId: 104
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   +  state: DROP
      version: "1"
@@ -69,7 +69,7 @@ add synthetic descriptor #107:
      name: _crdb_internal_region
      parentId: 104
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   +  state: DROP
      version: "1"
@@ -139,7 +139,7 @@ upsert descriptor #105
      id: 105
      modificationTime: {}
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  version: "1"
   +  state: DROP
@@ -186,7 +186,7 @@ upsert descriptor #107
      id: 107
      kind: ALIAS
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  version: "1"
   +  state: DROP

pkg/ccl/schemachangerccl/testdata/end_to_end/drop_table_multiregion

@@ -49,7 +49,7 @@ upsert descriptor #106
      enumMembers:
      - logicalRepresentation: us-east1
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  referencingDescriptorIds:
   -  - 108
@@ -69,7 +69,7 @@ upsert descriptor #107
      id: 107
      kind: ALIAS
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  referencingDescriptorIds:
   -  - 108
@@ -136,7 +136,7 @@ upsert descriptor #107
      id: 107
      kind: ALIAS
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  version: "3"
   +  version: "4"

pkg/ccl/schemachangerccl/testdata/end_to_end/drop_table_multiregion_primary_region

@@ -49,7 +49,7 @@ upsert descriptor #106
      enumMembers:
      - logicalRepresentation: us-east1
   ...
-         withGrantOption: 2
+         withGrantOption: "2"
        version: 2
   -  referencingDescriptorIds:
   -  - 108

pkg/sql/catalog/catpb/privilege.go

@@ -412,7 +412,7 @@ func (p PrivilegeDescriptor) Validate(
 // privileges.
 func (p PrivilegeDescriptor) IsValidPrivilegesForObjectType(
 	objectType privilege.ObjectType,
-) (bool, UserPrivileges, uint32) {
+) (bool, UserPrivileges, uint64) {
 	allowedPrivilegesBits := privilege.GetValidPrivilegesForObject(objectType).ToBitField()
 
 	// Validate can be called during the fix_privileges_migration introduced in

pkg/sql/catalog/catpb/privilege.proto

@@ -20,8 +20,8 @@ message UserPrivileges {
   optional string user_proto = 1 [(gogoproto.nullable) = false,
                                   (gogoproto.casttype) = "github.com/cockroachdb/cockroach/pkg/security/username.SQLUsernameProto"];
   // privileges is a bitfield of 1<<Privilege values.
-  optional uint32 privileges = 2 [(gogoproto.nullable) = false];
-  optional uint32 with_grant_option = 3 [(gogoproto.nullable) = false];
+  optional uint64 privileges = 2 [(gogoproto.nullable) = false];
+  optional uint64 with_grant_option = 3 [(gogoproto.nullable) = false];
 }
 
 // PrivilegeDescriptor describes a list of users and attached