From c7c76d1f8fdca9a487595f01ec4d42fe6a2f74c5 Mon Sep 17 00:00:00 2001
From: Ilyas Ahsan <meilyasahsan@gmail.com>
Date: Fri, 10 May 2024 21:20:33 +0700
Subject: [PATCH] DBZ-7864 Support Oracle DDL Alter Audit Policy

---
 .../parser/oracle/generated/PlSqlParser.g4    | 75 +++++++++++++++++++
 .../resources/oracle/examples/ddl_alter.sql   | 39 +++++++++-
 2 files changed, 113 insertions(+), 1 deletion(-)

diff --git a/debezium-ddl-parser/src/main/antlr4/io/debezium/ddl/parser/oracle/generated/PlSqlParser.g4 b/debezium-ddl-parser/src/main/antlr4/io/debezium/ddl/parser/oracle/generated/PlSqlParser.g4
index e298dde2e..241546346 100644
--- a/debezium-ddl-parser/src/main/antlr4/io/debezium/ddl/parser/oracle/generated/PlSqlParser.g4
+++ b/debezium-ddl-parser/src/main/antlr4/io/debezium/ddl/parser/oracle/generated/PlSqlParser.g4
@@ -55,6 +55,7 @@ unit_statement
     | alter_materialized_view_log
     | alter_user
     | alter_view
+    | alter_audit_policy
 
     | analyze
     | associate_statistics
@@ -1387,6 +1388,80 @@ alter_view_editionable
     : {isVersion12()}? (EDITIONABLE | NONEDITIONABLE)
     ;
 
+// https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/ALTER-AUDIT-POLICY-Unified-Auditing.html
+alter_audit_policy
+    : ALTER AUDIT POLICY p = id_expression ADD? (
+        privilege_audit_clause? action_audit_clause? role_audit_clause?
+        | (ONLY TOPLEVEL)?
+    ) DROP? (privilege_audit_clause? action_audit_clause? role_audit_clause? | (ONLY TOPLEVEL)?) (
+        CONDITION (DROP | CHAR_STRING EVALUATE PER (STATEMENT | SESSION | INSTANCE))
+    )?
+    ;
+
+privilege_audit_clause
+    : PRIVILEGES system_privilege (',' system_privilege)*
+    ;
+
+action_audit_clause
+    : (standard_actions | component_actions | system_actions)+
+    ;
+
+system_actions
+    : ACTIONS system_privilege (',' system_privilege)*
+    ;
+
+standard_actions
+    : ACTIONS actions_clause (',' actions_clause)*
+    ;
+
+actions_clause
+    : (object_action | ALL) ON (
+        DIRECTORY directory_name
+        | (MINING MODEL)? (schema_name '.')? id_expression
+    )
+    | (system_action | ALL)
+    ;
+
+role_audit_clause
+    : ROLES role_name (',' role_name)*
+    ;
+
+component_actions
+    : ACTIONS COMPONENT '=' (
+        (DATAPUMP | DIRECT_LOAD | OLS | XS) component_action (',' component_action)*
+        | DV component_action ON id_expression (',' component_action ON id_expression)*
+        | PROTOCOL (FTP | HTTP | AUTHENTICATION)
+    )
+    ;
+
+component_action
+    : id_expression
+    ;
+
+object_action
+    : ALTER
+    | GRANT
+    | READ
+    | EXECUTE
+    | AUDIT
+    | COMMENT
+    | DELETE
+    | INDEX
+    | INSERT
+    | LOCK
+    | SELECT
+    | UPDATE
+    | FLASHBACK
+    | RENAME
+    ;
+
+system_action
+    : id_expression
+    | (CREATE | ALTER | DROP) JAVA
+    | LOCK TABLE
+    | (READ | WRITE | EXECUTE) DIRECTORY
+    ;
+
 create_view
     : CREATE (OR REPLACE)? (OR? FORCE)? EDITIONABLE? EDITIONING? VIEW
       tableview_name (IF NOT EXISTS)? view_options?
diff --git a/debezium-ddl-parser/src/test/resources/oracle/examples/ddl_alter.sql b/debezium-ddl-parser/src/test/resources/oracle/examples/ddl_alter.sql
index 233d4e87d..914b2e3b2 100644
--- a/debezium-ddl-parser/src/test/resources/oracle/examples/ddl_alter.sql
+++ b/debezium-ddl-parser/src/test/resources/oracle/examples/ddl_alter.sql
@@ -86,4 +86,41 @@ alter table fruit annotations (drop Visibility);
 alter table fruit annotations (add Visibility 'Everyone');
 alter table fruit modify (id annotations (Visibility 'Hidden'));
 alter table fruit modify (id annotations (drop Visibility));
-alter table fruit modify (id annotations (add Visibility 'Hidden'));
\ No newline at end of file
+alter table fruit modify (id annotations (add Visibility 'Hidden'));
+
+-- alter audit policy
+ALTER AUDIT POLICY HR_AUDIT_POLICY ADD ONLY TOPLEVEL;
+ALTER AUDIT POLICY HR_AUDIT_POLICY DROP ONLY TOPLEVEL;
+ALTER AUDIT POLICY DML_POL
+  ADD PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE;
+ALTER AUDIT POLICY JAVA_POL
+  ADD ACTIONS CREATE JAVA, ALTER JAVA, DROP JAVA;
+ALTER AUDIT POLICY TABLE_POL
+  ADD ROLES DBA;
+ALTER AUDIT POLICY SECURITY_POL
+  ADD PRIVILEGES CREATE ANY LIBRARY, DROP ANY LIBRARY
+      ACTIONS DELETE ON HR.EMPLOYEES,
+INSERT ON HR.EMPLOYEES,
+UPDATE ON HR.EMPLOYEES,
+    ALL ON HR.DEPARTMENTS
+    ROLES DBA, CONNECT;
+ALTER AUDIT POLICY TABLE_POL
+  DROP PRIVILEGES CREATE ANY TABLE;
+ALTER AUDIT POLICY DML_POL
+  DROP ACTIONS INSERT ON HR.EMPLOYEES,
+UPDATE ON HR.EMPLOYEES;
+ALTER AUDIT POLICY JAVA_POL
+  DROP ROLES JAVA_DEPLOY;
+ALTER AUDIT POLICY HR_ADMIN_POL
+  DROP PRIVILEGES CREATE ANY TABLE
+       ACTIONS LOCK TABLE
+       ROLES AUDIT_VIEWER;
+ALTER AUDIT POLICY DP_ACTIONS_POL
+  ADD ACTIONS COMPONENT = DATAPUMP EXPORT
+  DROP ACTIONS COMPONENT = DATAPUMP IMPORT;
+ALTER AUDIT POLICY ORDER_UPDATES_POL
+  CONDITION DROP;
+ALTER AUDIT POLICY EMP_UPDATES_POL
+  CONDITION 'UID = 102'
+  EVALUATE PER STATEMENT;
+