Re: [PATCH] Support % wildcard in extension upgrade filenames - Mailing list pgsql-hackers
From | Tom Lane |
---|---|
Subject | Re: [PATCH] Support % wildcard in extension upgrade filenames |
Date | |
Msg-id | 387183.1673394631@sss.pgh.pa.us Whole thread Raw |
In response to | Re: [PATCH] Support % wildcard in extension upgrade filenames (Sandro Santilli <strk@kbt.io>) |
Responses |
RE: [PATCH] Support % wildcard in extension upgrade filenames
Re: [PATCH] Support % wildcard in extension upgrade filenames Re: [PATCH] Support % wildcard in extension upgrade filenames |
List | pgsql-hackers |
Sandro Santilli <strk@kbt.io> writes: > On Mon, Jan 09, 2023 at 05:51:49PM -0500, Tom Lane wrote: >> ... you still need one script file for each supported upgrade step > That's exactly the problem we're trying to solve here. > The include support is nice on itself, but won't solve our problem. The script-file-per-upgrade-path aspect solves a problem that you have, whether you admit it or not; I think you simply aren't realizing that because you have not had to deal with the consequences of your proposed feature. Namely that you won't have any control over what the backend will try to do in terms of upgrade paths. As an example, suppose that a database has foo 4.0 installed, and the DBA decides to try to downgrade to 3.0. With the system as it stands, if you've provided foo--4.0--3.0.sql then the conversion will go through, and presumably it will work because you tested that that script does what it is intended to. If you haven't provided any such downgrade script, then ALTER EXTENSION UPDATE will say "Sorry Dave, I'm afraid I can't do that" and no harm is done. With the proposed % feature, if foo--%--3.0.sql exists then the system will invoke it and expect the end result to be a valid 3.0 installation, whether or not the script actually has any ability to do a downgrade. Moreover, there isn't any very good way to detect or prevent unsupported version transitions. (I suppose you could add code to look at pg_extension.extversion, but I'm not sure if that works: it looks to me like we update that before we run the extension script. Besides which, if you have to add such code is that really better than having a number of one-liner scripts implementing the same check declaratively?) It gets worse though, because above I'm supposing that 4.0 at least existed when this copy of foo--%--3.0.sql was made. Suppose that somebody fat-fingered a package upgrade, such that the extension fileset available to a database containing foo 4.0 now corresponds to foo 3.0, and there's no knowledge of 4.0 at all in the extension scripts. The DBA trustingly issues ALTER EXTENSION UPDATE, which will conclude from foo.control that it should update to 3.0, and invoke foo--%--3.0.sql to do it. Maybe the odds of success are higher than zero, but not by much; almost certainly you are going to end with an extension containing some leftover 4.0 objects, some 3.0 objects, and maybe some objects with properties that don't exactly match either 3.0 or 4.0. Even if that state of affairs manages not to cause immediate problems, it'll surely be a mess whenever somebody tries to re-update to 4.0 or later. So I really think this is a case of "be careful what you ask for, you might get it". Even if PostGIS is willing to put in the amount of infrastructure legwork needed to make such a design bulletproof, I'm quite sure nobody else will manage to use such a thing successfully. I'd rather spend our development effort on a feature that has more than one use-case. regards, tom lane
pgsql-hackers by date: