Add CREATE/ALTER/DROP/SHOW CREATE ROLE support

Implement parsing and explain output for ROLE statements:
- CREATE ROLE
- ALTER ROLE
- DROP ROLE
- SHOW CREATE ROLE

The explain output matches ClickHouse's format:
- CREATE/ALTER -> "CreateRoleQuery"
- DROP -> "DROP ROLE query"
- SHOW CREATE (single) -> "SHOW CREATE ROLE query"
- SHOW CREATE (multiple) -> "SHOW CREATE ROLES query"

This fixes all 56 failing statements in 01293_create_role test and
also fixes related ROLE statements in other test files.

Author: claude

ast/ast.go

@@ -930,6 +930,36 @@ func (s *ShowCreateRowPolicyQuery) Pos() token.Position { return s.Position }
 func (s *ShowCreateRowPolicyQuery) End() token.Position { return s.Position }
 func (s *ShowCreateRowPolicyQuery) statementNode()      {}
 
+// CreateRoleQuery represents a CREATE ROLE or ALTER ROLE statement.
+type CreateRoleQuery struct {
+	Position token.Position `json:"-"`
+	IsAlter  bool           `json:"is_alter,omitempty"`
+}
+
+func (c *CreateRoleQuery) Pos() token.Position { return c.Position }
+func (c *CreateRoleQuery) End() token.Position { return c.Position }
+func (c *CreateRoleQuery) statementNode()      {}
+
+// DropRoleQuery represents a DROP ROLE statement.
+type DropRoleQuery struct {
+	Position token.Position `json:"-"`
+	IfExists bool           `json:"if_exists,omitempty"`
+}
+
+func (d *DropRoleQuery) Pos() token.Position { return d.Position }
+func (d *DropRoleQuery) End() token.Position { return d.Position }
+func (d *DropRoleQuery) statementNode()      {}
+
+// ShowCreateRoleQuery represents a SHOW CREATE ROLE statement.
+type ShowCreateRoleQuery struct {
+	Position  token.Position `json:"-"`
+	RoleCount int            `json:"role_count,omitempty"` // Number of roles specified
+}
+
+func (s *ShowCreateRoleQuery) Pos() token.Position { return s.Position }
+func (s *ShowCreateRoleQuery) End() token.Position { return s.Position }
+func (s *ShowCreateRoleQuery) statementNode()      {}
+
 // CreateIndexQuery represents a CREATE INDEX statement.
 type CreateIndexQuery struct {
 	Position  token.Position `json:"-"`

internal/explain/explain.go

@@ -149,6 +149,17 @@ func Node(sb *strings.Builder, node interface{}, depth int) {
 		fmt.Fprintf(sb, "%sDROP ROW POLICY query\n", indent)
 	case *ast.ShowCreateRowPolicyQuery:
 		fmt.Fprintf(sb, "%sSHOW CREATE ROW POLICY query\n", indent)
+	case *ast.CreateRoleQuery:
+		fmt.Fprintf(sb, "%sCreateRoleQuery\n", indent)
+	case *ast.DropRoleQuery:
+		fmt.Fprintf(sb, "%sDROP ROLE query\n", indent)
+	case *ast.ShowCreateRoleQuery:
+		// Use ROLES (plural) when multiple roles are specified
+		if n.RoleCount > 1 {
+			fmt.Fprintf(sb, "%sSHOW CREATE ROLES query\n", indent)
+		} else {
+			fmt.Fprintf(sb, "%sSHOW CREATE ROLE query\n", indent)
+		}
 	case *ast.ShowGrantsQuery:
 		fmt.Fprintf(sb, "%sShowGrantsQuery\n", indent)
 	case *ast.GrantQuery:

parser/parser.go

@@ -135,6 +135,10 @@ func (p *Parser) parseStatement() ast.Statement {
 		if p.peek.Token == token.IDENT && (strings.ToUpper(p.peek.Value) == "ROW" || strings.ToUpper(p.peek.Value) == "POLICY") {
 			return p.parseDropRowPolicy()
 		}
+		// Check for DROP ROLE
+		if p.peek.Token == token.IDENT && strings.ToUpper(p.peek.Value) == "ROLE" {
+			return p.parseDropRole()
+		}
 		return p.parseDrop()
 	case token.ALTER:
 		// Check for ALTER USER
@@ -153,6 +157,10 @@ func (p *Parser) parseStatement() ast.Statement {
 		if p.peek.Token == token.IDENT && (strings.ToUpper(p.peek.Value) == "ROW" || strings.ToUpper(p.peek.Value) == "POLICY") {
 			return p.parseAlterRowPolicy()
 		}
+		// Check for ALTER ROLE
+		if p.peek.Token == token.IDENT && strings.ToUpper(p.peek.Value) == "ROLE" {
+			return p.parseAlterRole()
+		}
 		return p.parseAlter()
 	case token.TRUNCATE:
 		return p.parseTruncate()
@@ -1366,7 +1374,10 @@ func (p *Parser) parseCreate() ast.Statement {
 		case "POLICY":
 			// CREATE POLICY (without ROW keyword)
 			return p.parseCreateRowPolicy(pos)
-		case "RESOURCE", "WORKLOAD", "ROLE", "QUOTA":
+		case "ROLE":
+			// CREATE ROLE
+			return p.parseCreateRole(pos)
+		case "RESOURCE", "WORKLOAD", "QUOTA":
 			// Skip these statements - just consume tokens until semicolon
 			p.parseCreateGeneric(create)
 		default:
@@ -2184,6 +2195,119 @@ func (p *Parser) parseShowCreateRowPolicy(pos token.Position) *ast.ShowCreateRow
 	return query
 }
 
+func (p *Parser) parseCreateRole(pos token.Position) *ast.CreateRoleQuery {
+	query := &ast.CreateRoleQuery{
+		Position: pos,
+	}
+
+	// Skip ROLE
+	if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "ROLE" {
+		p.nextToken()
+	}
+
+	// Skip the rest of the statement (role names, SETTINGS, etc.)
+	for !p.currentIs(token.EOF) && !p.currentIs(token.SEMICOLON) {
+		p.nextToken()
+	}
+
+	return query
+}
+
+func (p *Parser) parseDropRole() *ast.DropRoleQuery {
+	query := &ast.DropRoleQuery{
+		Position: p.current.Pos,
+	}
+
+	p.nextToken() // skip DROP
+
+	// Skip ROLE
+	if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "ROLE" {
+		p.nextToken()
+	}
+
+	// Handle IF EXISTS
+	if p.currentIs(token.IF) {
+		p.nextToken()
+		if p.currentIs(token.EXISTS) {
+			query.IfExists = true
+			p.nextToken()
+		}
+	}
+
+	// Skip the rest of the statement (role names, etc.)
+	for !p.currentIs(token.EOF) && !p.currentIs(token.SEMICOLON) {
+		p.nextToken()
+	}
+
+	return query
+}
+
+func (p *Parser) parseAlterRole() *ast.CreateRoleQuery {
+	query := &ast.CreateRoleQuery{
+		Position: p.current.Pos,
+		IsAlter:  true,
+	}
+
+	p.nextToken() // skip ALTER
+
+	// Skip ROLE
+	if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "ROLE" {
+		p.nextToken()
+	}
+
+	// Skip the rest of the statement (role names, SETTINGS, RENAME TO, etc.)
+	for !p.currentIs(token.EOF) && !p.currentIs(token.SEMICOLON) {
+		p.nextToken()
+	}
+
+	return query
+}
+
+func (p *Parser) parseShowCreateRole(pos token.Position) *ast.ShowCreateRoleQuery {
+	query := &ast.ShowCreateRoleQuery{
+		Position:  pos,
+		RoleCount: 1, // Default to 1 role
+	}
+
+	// Skip ROLE
+	if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "ROLE" {
+		p.nextToken()
+	}
+
+	// Count role names (separated by commas)
+	// Skip first role name
+	for p.currentIs(token.IDENT) || p.currentIs(token.STRING) || p.current.Token.IsKeyword() {
+		p.nextToken()
+		// Handle role@host syntax
+		if p.currentIs(token.IDENT) && strings.HasPrefix(p.current.Value, "@") {
+			p.nextToken()
+		}
+		break
+	}
+
+	// Count additional roles
+	for p.currentIs(token.COMMA) {
+		query.RoleCount++
+		p.nextToken()
+		// Skip role name
+		for p.currentIs(token.IDENT) || p.currentIs(token.STRING) || p.current.Token.IsKeyword() {
+			p.nextToken()
+			// Handle role@host syntax
+			if p.currentIs(token.IDENT) && strings.HasPrefix(p.current.Value, "@") {
+				p.nextToken()
+			}
+			break
+		}
+	}
+
+	// Skip the rest of the statement
+	for !p.currentIs(token.EOF) && !p.currentIs(token.SEMICOLON) {
+		p.nextToken()
+	}
+
+	return query
+}
+
 func (p *Parser) parseCreateDictionary(create *ast.CreateQuery) {
 	// Handle IF NOT EXISTS
 	if p.currentIs(token.IF) {
@@ -3840,6 +3964,9 @@ func (p *Parser) parseShow() ast.Statement {
 		} else if p.currentIs(token.IDENT) && (strings.ToUpper(p.current.Value) == "ROW" || strings.ToUpper(p.current.Value) == "POLICY") {
 			// SHOW CREATE ROW POLICY or SHOW CREATE POLICY
 			return p.parseShowCreateRowPolicy(pos)
+		} else if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "ROLE" {
+			// SHOW CREATE ROLE
+			return p.parseShowCreateRole(pos)
 		} else if p.currentIs(token.IDENT) && strings.ToUpper(p.current.Value) == "DICTIONARY" {
 			show.ShowType = ast.ShowCreateDictionary
 			p.nextToken()

parser/testdata/01292_create_user/metadata.json

@@ -1,6 +1,5 @@
 {
   "explain_todo": {
-    "stmt141": true,
     "stmt157": true,
     "stmt158": true,
     "stmt159": true,
@@ -14,7 +13,6 @@
     "stmt205": true,
     "stmt207": true,
     "stmt208": true,
-    "stmt219": true,
     "stmt22": true,
     "stmt221": true,
     "stmt23": true,
@@ -29,7 +27,6 @@
     "stmt40": true,
     "stmt41": true,
     "stmt42": true,
-    "stmt43": true,
-    "stmt6": true
+    "stmt43": true
   }
 }

parser/testdata/01293_create_role/metadata.json

@@ -1,60 +1 @@
-{
-  "explain_todo": {
-    "stmt1": true,
-    "stmt11": true,
-    "stmt12": true,
-    "stmt13": true,
-    "stmt14": true,
-    "stmt16": true,
-    "stmt17": true,
-    "stmt18": true,
-    "stmt19": true,
-    "stmt2": true,
-    "stmt20": true,
-    "stmt21": true,
-    "stmt22": true,
-    "stmt24": true,
-    "stmt25": true,
-    "stmt26": true,
-    "stmt27": true,
-    "stmt28": true,
-    "stmt29": true,
-    "stmt3": true,
-    "stmt30": true,
-    "stmt31": true,
-    "stmt32": true,
-    "stmt33": true,
-    "stmt34": true,
-    "stmt35": true,
-    "stmt36": true,
-    "stmt37": true,
-    "stmt38": true,
-    "stmt39": true,
-    "stmt40": true,
-    "stmt41": true,
-    "stmt42": true,
-    "stmt43": true,
-    "stmt44": true,
-    "stmt45": true,
-    "stmt46": true,
-    "stmt47": true,
-    "stmt48": true,
-    "stmt5": true,
-    "stmt50": true,
-    "stmt51": true,
-    "stmt52": true,
-    "stmt53": true,
-    "stmt54": true,
-    "stmt56": true,
-    "stmt58": true,
-    "stmt6": true,
-    "stmt60": true,
-    "stmt61": true,
-    "stmt62": true,
-    "stmt63": true,
-    "stmt64": true,
-    "stmt66": true,
-    "stmt8": true,
-    "stmt9": true
-  }
-}
+{}

parser/testdata/01294_create_settings_profile/metadata.json

@@ -1,7 +1 @@
-{
-  "explain_todo": {
-    "stmt108": true,
-    "stmt4": true,
-    "stmt47": true
-  }
-}
+{}

parser/testdata/01295_create_row_policy/metadata.json

@@ -1,7 +1 @@
-{
-  "explain_todo": {
-    "stmt31": true,
-    "stmt6": true,
-    "stmt70": true
-  }
-}
+{}

parser/testdata/01702_system_query_log/metadata.json

@@ -2,7 +2,6 @@
   "explain_todo": {
     "stmt14": true,
     "stmt15": true,
-    "stmt16": true,
     "stmt19": true,
     "stmt24": true,
     "stmt26": true,
@@ -25,7 +24,6 @@
     "stmt45": true,
     "stmt46": true,
     "stmt49": true,
-    "stmt5": true,
     "stmt50": true,
     "stmt51": true,
     "stmt52": true,
@@ -41,7 +39,6 @@
     "stmt69": true,
     "stmt74": true,
     "stmt8": true,
-    "stmt83": true,
     "stmt86": true
   }
 }

parser/testdata/01999_grant_with_replace/metadata.json

@@ -1,10 +1 @@
-{
-  "explain_todo": {
-    "stmt26": true,
-    "stmt27": true,
-    "stmt47": true,
-    "stmt48": true,
-    "stmt52": true,
-    "stmt53": true
-  }
-}
+{}