Add CREATE/ALTER/DROP LOGIN statement support

Add parsing for:
- CREATE LOGIN with PASSWORD, WINDOWS, CERTIFICATE, ASYMMETRIC KEY sources
- ALTER LOGIN ENABLE/DISABLE statements
- ALTER LOGIN WITH options (PASSWORD, NO CREDENTIAL, etc.)
- DROP LOGIN statement

Add new AST types:
- PasswordCreateLoginSource, WindowsCreateLoginSource
- CertificateCreateLoginSource, AsymmetricKeyCreateLoginSource
- AlterLoginEnableDisableStatement, AlterLoginOptionsStatement
- DropLoginStatement, OnOffPrincipalOption, PrincipalOptionSimple

Update PasswordAlterPrincipalOption to support both String and Binary passwords.

Author: claude

ast/create_simple_statements.go

@@ -34,6 +34,32 @@ type CreateLoginStatement struct {
 func (s *CreateLoginStatement) node()      {}
 func (s *CreateLoginStatement) statement() {}
 
+// AlterLoginEnableDisableStatement represents ALTER LOGIN name ENABLE/DISABLE
+type AlterLoginEnableDisableStatement struct {
+	Name     *Identifier `json:"Name,omitempty"`
+	IsEnable bool        `json:"IsEnable"`
+}
+
+func (s *AlterLoginEnableDisableStatement) node()      {}
+func (s *AlterLoginEnableDisableStatement) statement() {}
+
+// AlterLoginOptionsStatement represents ALTER LOGIN name WITH options
+type AlterLoginOptionsStatement struct {
+	Name    *Identifier       `json:"Name,omitempty"`
+	Options []PrincipalOption `json:"Options,omitempty"`
+}
+
+func (s *AlterLoginOptionsStatement) node()      {}
+func (s *AlterLoginOptionsStatement) statement() {}
+
+// DropLoginStatement represents DROP LOGIN name
+type DropLoginStatement struct {
+	Name *Identifier `json:"Name,omitempty"`
+}
+
+func (s *DropLoginStatement) node()      {}
+func (s *DropLoginStatement) statement() {}
+
 // CreateLoginSource is an interface for login sources
 type CreateLoginSource interface {
 	createLoginSource()
@@ -46,6 +72,39 @@ type ExternalCreateLoginSource struct {
 
 func (s *ExternalCreateLoginSource) createLoginSource() {}
 
+// PasswordCreateLoginSource represents WITH PASSWORD = '...' source
+type PasswordCreateLoginSource struct {
+	Password   ScalarExpression  `json:"Password,omitempty"`
+	Hashed     bool              `json:"Hashed"`
+	MustChange bool              `json:"MustChange"`
+	Options    []PrincipalOption `json:"Options,omitempty"`
+}
+
+func (s *PasswordCreateLoginSource) createLoginSource() {}
+
+// WindowsCreateLoginSource represents FROM WINDOWS source
+type WindowsCreateLoginSource struct {
+	Options []PrincipalOption `json:"Options,omitempty"`
+}
+
+func (s *WindowsCreateLoginSource) createLoginSource() {}
+
+// CertificateCreateLoginSource represents FROM CERTIFICATE source
+type CertificateCreateLoginSource struct {
+	Certificate *Identifier `json:"Certificate,omitempty"`
+	Credential  *Identifier `json:"Credential,omitempty"`
+}
+
+func (s *CertificateCreateLoginSource) createLoginSource() {}
+
+// AsymmetricKeyCreateLoginSource represents FROM ASYMMETRIC KEY source
+type AsymmetricKeyCreateLoginSource struct {
+	Key        *Identifier `json:"Key,omitempty"`
+	Credential *Identifier `json:"Credential,omitempty"`
+}
+
+func (s *AsymmetricKeyCreateLoginSource) createLoginSource() {}
+
 // PrincipalOption is an interface for principal options (SID, TYPE, etc.)
 type PrincipalOption interface {
 	principalOptionNode()

ast/create_user_statement.go

@@ -39,6 +39,23 @@ type IdentifierPrincipalOption struct {
 func (o *IdentifierPrincipalOption) userOptionNode()      {}
 func (o *IdentifierPrincipalOption) principalOptionNode() {}
 
+// OnOffPrincipalOption represents an ON/OFF principal option
+type OnOffPrincipalOption struct {
+	OptionKind  string
+	OptionState string // "On" or "Off"
+}
+
+func (o *OnOffPrincipalOption) userOptionNode()      {}
+func (o *OnOffPrincipalOption) principalOptionNode() {}
+
+// PrincipalOptionSimple represents a simple principal option with just an option kind
+type PrincipalOptionSimple struct {
+	OptionKind string
+}
+
+func (o *PrincipalOptionSimple) userOptionNode()      {}
+func (o *PrincipalOptionSimple) principalOptionNode() {}
+
 // DefaultSchemaPrincipalOption represents a default schema option
 type DefaultSchemaPrincipalOption struct {
 	OptionKind string
@@ -47,14 +64,15 @@ type DefaultSchemaPrincipalOption struct {
 
 func (o *DefaultSchemaPrincipalOption) userOptionNode() {}
 
-// PasswordAlterPrincipalOption represents a password option for ALTER USER
+// PasswordAlterPrincipalOption represents a password option for ALTER USER/LOGIN
 type PasswordAlterPrincipalOption struct {
-	Password    *StringLiteral
+	Password    ScalarExpression
 	OldPassword *StringLiteral
 	MustChange  bool
 	Unlock      bool
 	Hashed      bool
 	OptionKind  string
 }
 
-func (o *PasswordAlterPrincipalOption) userOptionNode() {}
+func (o *PasswordAlterPrincipalOption) userOptionNode()      {}
+func (o *PasswordAlterPrincipalOption) principalOptionNode() {}

parser/marshal.go

@@ -446,6 +446,12 @@ func statementToJSON(stmt ast.Statement) jsonNode {
 		return dropDatabaseEncryptionKeyStatementToJSON(s)
 	case *ast.CreateLoginStatement:
 		return createLoginStatementToJSON(s)
+	case *ast.AlterLoginEnableDisableStatement:
+		return alterLoginEnableDisableStatementToJSON(s)
+	case *ast.AlterLoginOptionsStatement:
+		return alterLoginOptionsStatementToJSON(s)
+	case *ast.DropLoginStatement:
+		return dropLoginStatementToJSON(s)
 	case *ast.CreateIndexStatement:
 		return createIndexStatementToJSON(s)
 	case *ast.CreateSpatialIndexStatement:
@@ -12370,7 +12376,7 @@ func userOptionToJSON(o ast.UserOption) jsonNode {
 			"Hashed":     opt.Hashed,
 		}
 		if opt.Password != nil {
-			node["Password"] = stringLiteralToJSON(opt.Password)
+			node["Password"] = scalarExpressionToJSON(opt.Password)
 		}
 		if opt.OldPassword != nil {
 			node["OldPassword"] = stringLiteralToJSON(opt.OldPassword)
@@ -15555,6 +15561,57 @@ func createLoginSourceToJSON(s ast.CreateLoginSource) jsonNode {
 			node["Options"] = opts
 		}
 		return node
+	case *ast.PasswordCreateLoginSource:
+		node := jsonNode{
+			"$type":      "PasswordCreateLoginSource",
+			"Hashed":     src.Hashed,
+			"MustChange": src.MustChange,
+		}
+		if src.Password != nil {
+			node["Password"] = scalarExpressionToJSON(src.Password)
+		}
+		if len(src.Options) > 0 {
+			opts := make([]jsonNode, len(src.Options))
+			for i, opt := range src.Options {
+				opts[i] = principalOptionToJSON(opt)
+			}
+			node["Options"] = opts
+		}
+		return node
+	case *ast.WindowsCreateLoginSource:
+		node := jsonNode{
+			"$type": "WindowsCreateLoginSource",
+		}
+		if len(src.Options) > 0 {
+			opts := make([]jsonNode, len(src.Options))
+			for i, opt := range src.Options {
+				opts[i] = principalOptionToJSON(opt)
+			}
+			node["Options"] = opts
+		}
+		return node
+	case *ast.CertificateCreateLoginSource:
+		node := jsonNode{
+			"$type": "CertificateCreateLoginSource",
+		}
+		if src.Certificate != nil {
+			node["Certificate"] = identifierToJSON(src.Certificate)
+		}
+		if src.Credential != nil {
+			node["Credential"] = identifierToJSON(src.Credential)
+		}
+		return node
+	case *ast.AsymmetricKeyCreateLoginSource:
+		node := jsonNode{
+			"$type": "AsymmetricKeyCreateLoginSource",
+		}
+		if src.Key != nil {
+			node["Key"] = identifierToJSON(src.Key)
+		}
+		if src.Credential != nil {
+			node["Credential"] = identifierToJSON(src.Credential)
+		}
+		return node
 	default:
 		return jsonNode{}
 	}
@@ -15580,11 +15637,75 @@ func principalOptionToJSON(o ast.PrincipalOption) jsonNode {
 			node["Identifier"] = identifierToJSON(opt.Identifier)
 		}
 		return node
+	case *ast.OnOffPrincipalOption:
+		return jsonNode{
+			"$type":       "OnOffPrincipalOption",
+			"OptionKind":  opt.OptionKind,
+			"OptionState": opt.OptionState,
+		}
+	case *ast.PrincipalOptionSimple:
+		return jsonNode{
+			"$type":      "PrincipalOption",
+			"OptionKind": opt.OptionKind,
+		}
+	case *ast.PasswordAlterPrincipalOption:
+		node := jsonNode{
+			"$type":      "PasswordAlterPrincipalOption",
+			"OptionKind": opt.OptionKind,
+			"MustChange": opt.MustChange,
+			"Unlock":     opt.Unlock,
+			"Hashed":     opt.Hashed,
+		}
+		if opt.Password != nil {
+			node["Password"] = scalarExpressionToJSON(opt.Password)
+		}
+		if opt.OldPassword != nil {
+			node["OldPassword"] = stringLiteralToJSON(opt.OldPassword)
+		}
+		return node
 	default:
 		return jsonNode{}
 	}
 }
 
+func alterLoginEnableDisableStatementToJSON(s *ast.AlterLoginEnableDisableStatement) jsonNode {
+	node := jsonNode{
+		"$type":    "AlterLoginEnableDisableStatement",
+		"IsEnable": s.IsEnable,
+	}
+	if s.Name != nil {
+		node["Name"] = identifierToJSON(s.Name)
+	}
+	return node
+}
+
+func alterLoginOptionsStatementToJSON(s *ast.AlterLoginOptionsStatement) jsonNode {
+	node := jsonNode{
+		"$type": "AlterLoginOptionsStatement",
+	}
+	if s.Name != nil {
+		node["Name"] = identifierToJSON(s.Name)
+	}
+	if len(s.Options) > 0 {
+		opts := make([]jsonNode, len(s.Options))
+		for i, opt := range s.Options {
+			opts[i] = principalOptionToJSON(opt)
+		}
+		node["Options"] = opts
+	}
+	return node
+}
+
+func dropLoginStatementToJSON(s *ast.DropLoginStatement) jsonNode {
+	node := jsonNode{
+		"$type": "DropLoginStatement",
+	}
+	if s.Name != nil {
+		node["Name"] = identifierToJSON(s.Name)
+	}
+	return node
+}
+
 func createIndexStatementToJSON(s *ast.CreateIndexStatement) jsonNode {
 	node := jsonNode{
 		"$type":                  "CreateIndexStatement",