sql: support ROUTINES syntax in GRANT, REVOKE commands

Release note (sql change): The following syntax is now supported:
- GRANT ... ON ALL ROUTINES IN SCHEMA ...
- REVOKE ... ON ALL ROUTINES IN SCHEMA ...
- ALTER DEFAULT PRIVILEGES GRANT ... ON ROUTINES ...
- ALTER DEFAULT PRIVIELGES REVOKE ... ON ROUTINES ...

The ROUTINES keyword makes the command apply to both functions and stored
procedures. Note that ALTER DEFAULT PRIVILEGES ... ON FUNCTIONS already
applied to stored procedures (which aligns with the PostgreSQL behavior),
and that is not changing.

Author: rafiss

docs/generated/sql/bnf/alter_default_privileges_stmt.bnf

@@ -1,5 +1,5 @@
 alter_default_privileges_stmt ::=
-	'ALTER' 'DEFAULT' 'PRIVILEGES' ( 'FOR' ( 'ROLE' | 'USER' ) role_spec_list |  ) ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'GRANT' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'TO' role_spec_list ( 'WITH' 'GRANT' 'OPTION' |  ) )
-	| 'ALTER' 'DEFAULT' 'PRIVILEGES' ( 'FOR' ( 'ROLE' | 'USER' ) role_spec_list |  ) ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'REVOKE' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) | 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) )
-	| 'ALTER' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'GRANT' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'TO' role_spec_list ( 'WITH' 'GRANT' 'OPTION' |  ) )
-	| 'ALTER' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'REVOKE' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) | 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) )
+	'ALTER' 'DEFAULT' 'PRIVILEGES' ( 'FOR' ( 'ROLE' | 'USER' ) role_spec_list |  ) ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'GRANT' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'TO' role_spec_list ( 'WITH' 'GRANT' 'OPTION' |  ) )
+	| 'ALTER' 'DEFAULT' 'PRIVILEGES' ( 'FOR' ( 'ROLE' | 'USER' ) role_spec_list |  ) ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'REVOKE' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) | 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) )
+	| 'ALTER' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'GRANT' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'TO' role_spec_list ( 'WITH' 'GRANT' 'OPTION' |  ) )
+	| 'ALTER' 'DEFAULT' 'PRIVILEGES' 'FOR' 'ALL' 'ROLES' ( 'IN' 'SCHEMA' ( ( qualifiable_schema_name ) ( ( ',' qualifiable_schema_name ) )* ) |  ) ( 'REVOKE' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) | 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' ( 'TABLES' | 'SEQUENCES' | 'TYPES' | 'SCHEMAS' | 'FUNCTIONS' | 'ROUTINES' ) 'FROM' role_spec_list ( 'CASCADE' | 'RESTRICT' |  ) )

docs/generated/sql/bnf/grant_stmt.bnf

@@ -43,6 +43,12 @@ grant_stmt ::=
 	| 'GRANT' 'ALL'  'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 
 	| 'GRANT' privilege_list 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'
 	| 'GRANT' privilege_list 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 
+	| 'GRANT' 'ALL' 'PRIVILEGES' 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'
+	| 'GRANT' 'ALL' 'PRIVILEGES' 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 
+	| 'GRANT' 'ALL'  'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'
+	| 'GRANT' 'ALL'  'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 
+	| 'GRANT' privilege_list 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'
+	| 'GRANT' privilege_list 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list 
 	| 'GRANT' 'SYSTEM' 'ALL' 'PRIVILEGES' 'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'
 	| 'GRANT' 'SYSTEM' 'ALL' 'PRIVILEGES' 'TO' role_spec_list 
 	| 'GRANT' 'SYSTEM' 'ALL'  'TO' role_spec_list 'WITH' 'GRANT' 'OPTION'

docs/generated/sql/bnf/revoke_stmt.bnf

@@ -40,6 +40,12 @@ revoke_stmt ::=
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' 'ALL' 'PRIVILEGES' 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' 'ALL'  'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privilege_list 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'ALL' 'PRIVILEGES' 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'ALL'  'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' privilege_list 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' 'ALL' 'PRIVILEGES' 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' 'ALL'  'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privilege_list 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' 'SYSTEM' 'ALL' 'PRIVILEGES' 'FROM' role_spec_list
 	| 'REVOKE' 'SYSTEM' 'ALL'  'FROM' role_spec_list
 	| 'REVOKE' 'SYSTEM' privilege_list 'FROM' role_spec_list

docs/generated/sql/bnf/stmt_block.bnf

@@ -111,6 +111,7 @@ grant_stmt ::=
 	| 'GRANT' privileges 'ON' 'ALL' 'TABLES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list opt_with_grant_option
 	| 'GRANT' privileges 'ON' 'ALL' 'FUNCTIONS' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list opt_with_grant_option
 	| 'GRANT' privileges 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list opt_with_grant_option
+	| 'GRANT' privileges 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'TO' role_spec_list opt_with_grant_option
 	| 'GRANT' 'SYSTEM' privileges 'TO' role_spec_list opt_with_grant_option
 
 prepare_stmt ::=
@@ -132,6 +133,8 @@ revoke_stmt ::=
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' 'ALL' 'FUNCTIONS' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' privileges 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' 'ALL' 'PROCEDURES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' privileges 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
+	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' privileges 'ON' 'ALL' 'ROUTINES' 'IN' 'SCHEMA' schema_name_list 'FROM' role_spec_list
 	| 'REVOKE' 'SYSTEM' privileges 'FROM' role_spec_list
 	| 'REVOKE' 'GRANT' 'OPTION' 'FOR' 'SYSTEM' privileges 'FROM' role_spec_list
 
@@ -3147,6 +3150,7 @@ target_object_type ::=
 	| 'TYPES'
 	| 'SCHEMAS'
 	| 'FUNCTIONS'
+	| 'ROUTINES'
 
 alter_changefeed_cmd ::=
 	'ADD' changefeed_targets opt_with_options

pkg/sql/grant_revoke.go

@@ -498,6 +498,10 @@ func (p *planner) getGrantOnObject(
 	case targets.AllTablesInSchema:
 		incIAMFunc(sqltelemetry.OnAllTablesInSchema)
 		return privilege.Table, nil
+	case targets.AllFunctionsInSchema && targets.AllProceduresInSchema:
+		incIAMFunc(sqltelemetry.OnAllFunctionsInSchema)
+		incIAMFunc(sqltelemetry.OnAllProceduresInSchema)
+		return privilege.Routine, nil
 	case targets.AllFunctionsInSchema:
 		incIAMFunc(sqltelemetry.OnAllFunctionsInSchema)
 		return privilege.Routine, nil