| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sql_drop Event Trigger |
| Date: | 2013-02-28 19:42:22 |
| Message-ID: | 20130228194222.GO9507@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas escribió:
> On Thu, Feb 28, 2013 at 2:14 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> > Maybe down the road we'll conclude that there's no other way and we're
> > willing to put up with an unsafe feature, but I don't want to take that
> > step under time pressure to ship something in 9.3.
>
> I'm opposed to doing it under any circumstances, ever. Right now,
> there's a very limited number of things which can result in foreign
> key constraints between system catalogs being violated. So, when it
> happens, from a support point of view, we don't have many things to
> investigate. If we add "badly written event triggers" to the list,
> it's going to open up a can of worms so large it'll be gravitationally
> rounded.
Well, that's a good point, but I think that was a foreseeable
consequence of event triggers themselves. I agree that we need to get
this as robust and bulletproof as possible.
> > I thought the proposal was to recompute the set of drop target objects,
> > and complain if that had changed.
>
> Alvaro did that, but it isn't sufficient to prevent catalog corruption.
>
> It seems to me that a better way to do this might be to look up the
> names of all the objects being dropped, as we get rid of them, and
> pass that information off to the ddl_command_end trigger via something
> like the pg_dropped_objects() function Dimitri proposed. Then we
> don't have to deal with the massive grottiness of running a command
> right in the middle of the deletions, which I continue to maintain
> will have many as-yet-unforeseen failure modes.
There are two points you're making here: one is about what data do we
provide about objects being dropped (you argue OIDs and names are
sufficient); and you're also saying calling these triggers at
ddl_command_end is the right timing. I disagree about the first one,
because I don't think object names are sufficient; Tom argued upthread
about being able to look up the objects from the catalogs in the event
trigger function. This in turn means that ddl_command_end is not good
enough; these functions need to be called earlier than that. Which is
what the new DDL_DROP event provides: a point in the execution sequence
that's after we've looked up the objects, but before they are gone from
the catalogs.
Can we get agreement on those points? Otherwise ISTM we're going to
continue to argue in circles.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2013-02-28 20:03:44 | Parameterized paths vs index clauses extracted from OR clauses |
| Previous Message | Alvaro Herrera | 2013-02-28 19:30:13 | Re: sql_drop Event Trigger |