Postgres/MySQL: Restrict database permissions to just what is required (#2237)

* Postgres/MySQL: Restrict database permissions to just what is required

Some frameworks were misbehaving and changing the schema.

Also remove upper-case verions of MySQL tables as those are not needed.

* Fix GRANT syntax error

config/create-postgres-database.sql

@@ -2,5 +2,3 @@ CREATE USER benchmarkdbuser WITH PASSWORD 'benchmarkdbpass';
 
 DROP DATABASE IF EXISTS hello_world;
 CREATE DATABASE hello_world WITH ENCODING 'UTF8';
-
-GRANT ALL PRIVILEGES ON DATABASE hello_world to benchmarkdbuser;

config/create-postgres-old.sql

@@ -1,29 +0,0 @@
-DROP TABLE IF EXISTS World;
-CREATE TABLE  "World" (
-  id integer NOT NULL,
-  randomNumber integer NOT NULL default 0,
-  PRIMARY KEY  (id)
-);
-
-INSERT INTO "World" (id, randomNumber)
-SELECT x.id, random() * 10000 + 1 FROM generate_series(1,10000) as x(id);
-
-DROP TABLE IF EXISTS Fortune;
-CREATE TABLE  "Fortune" (
-  id integer NOT NULL,
-  message varchar(2048) NOT NULL,
-  PRIMARY KEY  (id)
-);
-
-INSERT INTO fortune (id, message) VALUES (1, 'fortune: No such file or directory');
-INSERT INTO fortune (id, message) VALUES (2, 'A computer scientist is someone who fixes things that aren''t broken.');
-INSERT INTO fortune (id, message) VALUES (3, 'After enough decimal places, nobody gives a damn.');
-INSERT INTO fortune (id, message) VALUES (4, 'A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1');
-INSERT INTO fortune (id, message) VALUES (5, 'A computer program does what you tell it to do, not what you want it to do.');
-INSERT INTO fortune (id, message) VALUES (6, 'Emacs is a nice operating system, but I prefer UNIX. — Tom Christaensen');
-INSERT INTO fortune (id, message) VALUES (7, 'Any program that runs right is obsolete.');
-INSERT INTO fortune (id, message) VALUES (8, 'A list is only as strong as its weakest link. — Donald Knuth');
-INSERT INTO fortune (id, message) VALUES (9, 'Feature: A bug with seniority.');
-INSERT INTO fortune (id, message) VALUES (10, 'Computers make very fast, very accurate mistakes.');
-INSERT INTO fortune (id, message) VALUES (11, '<script>alert("This should not be displayed in a browser alert box.");</script>');
-INSERT INTO fortune (id, message) VALUES (12, 'フレームワークのベンチマーク');

config/create-postgres-upper-quote.sql

@@ -1,29 +0,0 @@
-DROP TABLE IF EXISTS "World";
-CREATE TABLE  "World" (
-  id integer NOT NULL,
-  randomNumber integer NOT NULL default 0,
-  PRIMARY KEY  (id)
-);
-
-INSERT INTO "World" (id, randomNumber)
-SELECT x.id, random() * 10000 + 1 FROM generate_series(1,10000) as x(id);
-
-DROP TABLE IF EXISTS "Fortune";
-CREATE TABLE "Fortune" (
-  id integer NOT NULL,
-  message varchar(2048) NOT NULL,
-  PRIMARY KEY  (id)
-);
-
-INSERT INTO "Fortune" (id, message) VALUES (1, 'fortune: No such file or directory');
-INSERT INTO "Fortune" (id, message) VALUES (2, 'A computer scientist is someone who fixes things that aren''t broken.');
-INSERT INTO "Fortune" (id, message) VALUES (3, 'After enough decimal places, nobody gives a damn.');
-INSERT INTO "Fortune" (id, message) VALUES (4, 'A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1');
-INSERT INTO "Fortune" (id, message) VALUES (5, 'A computer program does what you tell it to do, not what you want it to do.');
-INSERT INTO "Fortune" (id, message) VALUES (6, 'Emacs is a nice operating system, but I prefer UNIX. — Tom Christaensen');
-INSERT INTO "Fortune" (id, message) VALUES (7, 'Any program that runs right is obsolete.');
-INSERT INTO "Fortune" (id, message) VALUES (8, 'A list is only as strong as its weakest link. — Donald Knuth');
-INSERT INTO "Fortune" (id, message) VALUES (9, 'Feature: A bug with seniority.');
-INSERT INTO "Fortune" (id, message) VALUES (10, 'Computers make very fast, very accurate mistakes.');
-INSERT INTO "Fortune" (id, message) VALUES (11, '<script>alert("This should not be displayed in a browser alert box.");</script>');
-INSERT INTO "Fortune" (id, message) VALUES (12, 'フレームワークのベンチマーク');

config/create-postgres.sql

@@ -5,6 +5,7 @@ CREATE TABLE  World (
   randomNumber integer NOT NULL default 0,
   PRIMARY KEY  (id)
 );
+GRANT SELECT, UPDATE ON World to benchmarkdbuser;
 
 INSERT INTO World (id, randomnumber)
 SELECT x.id, random() * 10000 + 1 FROM generate_series(1,10000) as x(id);
@@ -15,6 +16,7 @@ CREATE TABLE Fortune (
   message varchar(2048) NOT NULL,
   PRIMARY KEY  (id)
 );
+GRANT SELECT ON Fortune to benchmarkdbuser;
 
 INSERT INTO Fortune (id, message) VALUES (1, 'fortune: No such file or directory');
 INSERT INTO Fortune (id, message) VALUES (2, 'A computer scientist is someone who fixes things that aren''t broken.');
@@ -36,6 +38,7 @@ CREATE TABLE  "World" (
   randomNumber integer NOT NULL default 0,
   PRIMARY KEY  (id)
 );
+GRANT SELECT, UPDATE ON "World" to benchmarkdbuser;
 
 INSERT INTO "World" (id, randomnumber)
 SELECT x.id, random() * 10000 + 1 FROM generate_series(1,10000) as x(id);
@@ -46,6 +49,7 @@ CREATE TABLE "Fortune" (
   message varchar(2048) NOT NULL,
   PRIMARY KEY  (id)
 );
+GRANT SELECT ON "Fortune" to benchmarkdbuser;
 
 INSERT INTO "Fortune" (id, message) VALUES (1, 'fortune: No such file or directory');
 INSERT INTO "Fortune" (id, message) VALUES (2, 'A computer scientist is someone who fixes things that aren''t broken.');

config/create.sql

@@ -3,59 +3,6 @@ DROP DATABASE IF EXISTS hello_world;
 CREATE DATABASE hello_world;
 USE hello_world;
 
-DROP TABLE IF EXISTS World;
-CREATE TABLE  World (
-  id int(10) unsigned NOT NULL auto_increment,
-  randomNumber int NOT NULL default 0,
-  PRIMARY KEY  (id)
-)
-ENGINE=INNODB;
-GRANT ALL ON hello_world.world TO 'benchmarkdbuser'@'%' IDENTIFIED BY 'benchmarkdbpass';
-GRANT ALL ON hello_world.world TO 'benchmarkdbuser'@'localhost' IDENTIFIED BY 'benchmarkdbpass';
-
-DROP PROCEDURE IF EXISTS load_data;
-
-DELIMITER #
-CREATE PROCEDURE load_data()
-BEGIN
-
-declare v_max int unsigned default 10000;
-declare v_counter int unsigned default 0;
-
-  TRUNCATE TABLE World;
-  START TRANSACTION;
-  while v_counter < v_max do
-    INSERT INTO World (randomNumber) VALUES ( floor(0 + (rand() * 10000)) );
-    SET v_counter=v_counter+1;
-  end while;
-  commit;
-END #
-
-DELIMITER ;
-
-CALL load_data();
-
-DROP TABLE IF EXISTS Fortune;
-CREATE TABLE  Fortune (
-  id int(10) unsigned NOT NULL auto_increment,
-  message varchar(2048) CHARACTER SET 'utf8' NOT NULL,
-  PRIMARY KEY  (id)
-)
-ENGINE=INNODB;
-
-INSERT INTO Fortune (message) VALUES ('fortune: No such file or directory');
-INSERT INTO Fortune (message) VALUES ('A computer scientist is someone who fixes things that aren''t broken.');
-INSERT INTO Fortune (message) VALUES ('After enough decimal places, nobody gives a damn.');
-INSERT INTO Fortune (message) VALUES ('A bad random number generator: 1, 1, 1, 1, 1, 4.33e+67, 1, 1, 1');
-INSERT INTO Fortune (message) VALUES ('A computer program does what you tell it to do, not what you want it to do.');
-INSERT INTO Fortune (message) VALUES ('Emacs is a nice operating system, but I prefer UNIX. — Tom Christaensen');
-INSERT INTO Fortune (message) VALUES ('Any program that runs right is obsolete.');
-INSERT INTO Fortune (message) VALUES ('A list is only as strong as its weakest link. — Donald Knuth');
-INSERT INTO Fortune (message) VALUES ('Feature: A bug with seniority.');
-INSERT INTO Fortune (message) VALUES ('Computers make very fast, very accurate mistakes.');
-INSERT INTO Fortune (message) VALUES ('<script>alert("This should not be displayed in a browser alert box.");</script>');
-INSERT INTO Fortune (message) VALUES ('フレームワークのベンチマーク');
-
 DROP TABLE IF EXISTS world;
 CREATE TABLE  world (
   id int(10) unsigned NOT NULL auto_increment,
@@ -63,6 +10,8 @@ CREATE TABLE  world (
   PRIMARY KEY  (id)
 )
 ENGINE=INNODB;
+GRANT SELECT, UPDATE ON hello_world.world TO 'benchmarkdbuser'@'%' IDENTIFIED BY 'benchmarkdbpass';
+GRANT SELECT, UPDATE ON hello_world.world TO 'benchmarkdbuser'@'localhost' IDENTIFIED BY 'benchmarkdbpass';
 
 DROP PROCEDURE IF EXISTS load_data;
 

config/travis_setup.sh

@@ -83,7 +83,7 @@ echo "Populating Postgres database"
 psql --version
 sudo useradd benchmarkdbuser -p benchmarkdbpass
 sudo -u postgres psql template1 < config/create-postgres-database.sql
-sudo -u benchmarkdbuser psql hello_world < config/create-postgres.sql
+sudo -u postgres psql hello_world < config/create-postgres.sql
 sudo sed -i "s|#listen_addresses = 'localhost'|listen_addresses = '*'|g" /etc/postgresql/9.3/main/postgresql.conf
 sudo sed -i 's|max_connections = 255|max_connections = 500|g' /etc/postgresql/9.3/main/postgresql.conf
 sudo service postgresql stop

toolset/setup/linux/database.sh

@@ -121,7 +121,7 @@ sudo mv 60-postgresql-shm.conf /etc/sysctl.d/60-postgresql-shm.conf
 sudo service postgresql start
 
 sudo -u postgres psql template1 < create-postgres-database.sql
-sudo -u benchmarkdbuser psql hello_world < create-postgres.sql
+sudo -u postgres psql hello_world < create-postgres.sql
 rm create-postgres-database.sql create-postgres.sql
 # Last chance to make sure postgresql starts up correctly
 sudo killall -s 9 -u postgres