Re: Event Triggers: adding information
| От | Simon Riggs |
|---|---|
| Тема | Re: Event Triggers: adding information |
| Дата | |
| Msg-id | CA+U5nMJHQ+ow8ySiBmJ=61ed7o_4DB-QW8tQCLKaPi_kzcms9g@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Event Triggers: adding information (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 18 January 2013 02:48, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Andres Freund <andres@2ndquadrant.com> writes: >> I have no problem requiring C code to use the even data, be it via hooks >> or via C functions called from event triggers. The problem I have with >> putting in some hooks is that I doubt that you can find sensible spots >> with enough information to actually recreate the DDL for a remote system >> without doing most of the work for command triggers. > > "most of the work"? No, I don't think so. Here's the thing that's > bothering me about that: if the use-case that everybody is worried about > is replication, then triggers of any sort are the Wrong Thing, IMO. > > The difference between a replication hook and a trigger is that a > replication hook has no business changing any state of the local system, > whereas a trigger *has to be expected to change the state of the local > system* because if it has no side-effects you might as well not bother > firing it. And the fear of having to cope with arbitrary side-effects > occuring in the midst of DDL is about 80% of my angst with this whole > concept. > > If we're only interested in replication, let's put in some hooks whose > contract does not allow for side-effects on the local catalogs, and be > done. Otherwise we'll be putting in man-years of unnecessary (or at > least unnecessary for this use-case) work. I would be happy to see something called "replication triggers" or "replication hooks" committed. The things I want to be able to do are: * Replicate DDL for use on other systems, in multiple ways selected by user, possibly >1 at same time * Put in a block to prevent all DDL, for use during upgrades or just a general lockdown, then remove it again when complete. * Perform auditing of DDL statements (which requires more info than simply the text submitted) If there are questions about wider functionality, or risks with that, then reducing the functionality is OK, for me. The last thing we need is a security hole introduced by this, or weird behaviour from people interfering with things. (If you want that, write an executor plugin and cook your own spaghetti). We can do this by declaring clearly that there are limits on what can be achieved with event triggers, perhaps even testing to check bad things haven't been allowed to occur. I don't see that as translating into massive change in the patch, just focusing on the main cases, documenting that and perhaps introducing some restrictions on wider usage. We will likely slowly expand the functionality of event triggers over time, so keeping things general still works as a long range goal. -- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: