| From: | shveta malik <shveta(dot)malik(at)gmail(dot)com> |
|---|---|
| To: | 南拓弥 <minamitakuya(at)lifull(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, shveta malik <shveta(dot)malik(at)gmail(dot)com> |
| Subject: | Re: Warn on missing replica identity in CREATE/ALTER PUBLICATION |
| Date: | 2026-04-22 03:33:06 |
| Message-ID: | CAJpy0uAd2BY_jinMWscfLr11WHra7sxrNc18jKbkhp=4CkAFig@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Apr 21, 2026 at 11:06 AM 南拓弥 <minamitakuya(at)lifull(dot)com> wrote:
>
> Hi hackers,
>
> CREATE PUBLICATION silently succeeds even when target tables lack a
> usable replica identity, while the publication publishes UPDATE and/or
> DELETE. The error only surfaces later at replication time:
>
> ERROR: cannot delete from table "foo" because it does not have a
> replica identity and publishes deletes
>
> This gap has caused real production incidents — in one case, a CDC
> pipeline using FOR TABLES IN SCHEMA included a table without a primary
> key, and replication stalled for hours before the cause was found.
>
> I'd like to propose emitting a WARNING at publication creation/alter
> time when this mismatch exists. The check would cover all paths:
>
> - CREATE PUBLICATION ... FOR TABLE / FOR TABLES IN SCHEMA / FOR ALL TABLES
> - ALTER PUBLICATION ... ADD/SET TABLE / ADD/SET TABLES IN SCHEMA
> - ALTER PUBLICATION ... SET (publish = 'update, delete')
>
> The approach I'm considering is a publication-level check that runs
> after the final publication state is known, scanning the effective set
> of published tables via GetIncludedPublicationRelations() /
> GetAllSchemaPublicationRelations() / GetAllPublicationRelations() and
> checking each table's replica identity.
>
> I have a working prototype for the FOR TABLE / ADD TABLE paths. A few
> open questions before I post a full patch:
>
> 1. For FOR ALL TABLES, the check would scan pg_class. Acceptable for
> a DDL operation, or too expensive?
>
> 2. Should we cap the number of warnings when many tables are affected?
>
> 3. Should this be controllable via a GUC, or is a simple WARNING
> sufficient?
>
> Thoughts welcome.
>
Before we dive deeper into this idea, I’d like to highlight that
there’s an ongoing thread addressing a similar issue. The proposed
approach there is to implement a fallback RI in such scenarios to
prevent replication-time errors caused by missing RI. Could you please
review this ([1]) and confirm whether it meets your requirements?
thanks
Shveta
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Quan Zongliang | 2026-04-22 03:58:24 | Re: [PATCH] Remove dead code in ExecForPortionOfLeftovers() |
| Previous Message | Peter Smith | 2026-04-22 03:26:54 | Re: Get rid of translation strings that only contain punctuation |