Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tdnBh-009VeT-El for pgsql-hackers@arkaria.postgresql.org; Fri, 31 Jan 2025 09:19:45 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tdnBg-00GqPs-Hw for pgsql-hackers@arkaria.postgresql.org; Fri, 31 Jan 2025 09:19:44 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tdnBg-00GqPj-75 for pgsql-hackers@lists.postgresql.org; Fri, 31 Jan 2025 09:19:44 +0000 Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tdnBd-002UYa-1J for pgsql-hackers@lists.postgresql.org; Fri, 31 Jan 2025 09:19:43 +0000 Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-5dc75f98188so2411870a12.2 for ; Fri, 31 Jan 2025 01:19:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738315181; x=1738919981; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6VVMIpVl1vpYDWdv/AHcWIubvg9/XCCK5039/f9GBTQ=; b=TTCsbaa0cBg7EIi39xSzxAzjdtDpwfUZ6Hje2MNDBtDVDbRhr22BhsqXZKTx119+vs SYc+B82cR/Uj9RpaKWASgPWwBRaS7EgX5GrHv2l788y9JgH6W/saKIKr98WfVrYw6P0I H6LKRpRlIXn9kzyziyp+8A4b1aL2yj9bTw1ODJCXcjHDC62FOimC64jpH6TdalCImTtp NR8jv0VBojPcL4AbOx00ROY9JXkbqt8UeYU49L0QZuO1YN5Anf1Q4hlJh6r9JhWTuCtr gNl1ji3yZUpS0LEVWtFFNa6OabUKcg6zjK3Y5envOfuyIDsku8ayCCOpKZ2GeeOmOLZC 2Dqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738315181; x=1738919981; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6VVMIpVl1vpYDWdv/AHcWIubvg9/XCCK5039/f9GBTQ=; b=X46Vhd82w8fXNecJGVo67TXOQ3b9DxDTBIP8lS4Ug1pUcSdUX73i4SqNRhWIdRXqn7 9oYbIuqHrKTm4f29cBrnzXWEkkBNdqEQeGlU7bZasy3gEXZxFD/KOMTeiKQadDU5vnSU rp2pcJ+1441SyL9Sb9gPGkvCFTX564AU3om2DtkDfeMiRkCveYusf/Fv0oqTd2ZC0pu1 GNI/b+8JEdgt8BZ1tPCzMOHTtbZ2k4RtnQ9J66tRdoK0H3lg/a1WeMwKx3tduomKvTrz jLntjKQhEbN41WcBvHLzLTMHOwBUaF1ih23UfaLx7Ad3TJLm90HRKzarpW384ccY7TXu f72w== X-Forwarded-Encrypted: i=1; AJvYcCX+xnK0+KQhIlFTSzzV+nBJ4lZBpXgUvzW5W8LSI3XJCvqOrRQlXL6JTSQDsVGyA6TRO8sHRP4GhgDAfib9@lists.postgresql.org X-Gm-Message-State: AOJu0Yy29EGYG2PC8sTgthTLy27U++lde7x15Li1KbgiHEEE3i8BIaRb WD/VM3QCs8MUIhFhtr/gUD/aimlHq6XguwTBA5CIxslOuFLFVs2gVWzpvNCJaFrm8cL/hOCbUM8 ug9vbPuFH0HqXKZvY2bEpE84/zvo= X-Gm-Gg: ASbGncvoSaBpPRLGlqOwMoV4ptOXrBfFOLt1NcMMMmkibzpta8HURF2dw6+lDVYzCCE Zg2vOedSFG2fNAzKKlg5XS3VzfLj5PjWAS7lpNuL+L+EiebGrEcRelxuWyVnSL6V7gy68g/uA X-Google-Smtp-Source: AGHT+IFUKLxQ2EwYgk7K6j0TQajJUDKcWgNsR41pj0SOPBwkm6uqNskpUgsntzdkr6bg4C5O7ce5DFydwz2vAXOF7Fk= X-Received: by 2002:a05:6402:274a:b0:5d0:e9de:5415 with SMTP id 4fb4d7f45d1cf-5dc5efbf631mr8200511a12.14.1738315180524; Fri, 31 Jan 2025 01:19:40 -0800 (PST) MIME-Version: 1.0 References: <171085360143.2046436.7217841141682511557.pgcf@coridan.postgresql.org> <171085858750.2046434.12246066729700037354.pgcf@coridan.postgresql.org> <909e16b4-9eda-435c-b033-8294ae4adc05@postgrespro.ru> <3a4b9c1c-3edf-4e29-9629-b4113aefb0f3@postgrespro.ru> <20240808171351.a9.nmisch@google.com> <19c1e04c-2012-4475-8460-821dd633a6ce@postgrespro.ru> <768cbb42-d3f8-45de-89ad-72861f078dc2@postgrespro.ru> In-Reply-To: From: Alexander Korotkov Date: Fri, 31 Jan 2025 11:19:29 +0200 X-Gm-Features: AWEUYZl3S-TfoPEkVJU-O_ol4VQo0hlOCrSt6wTU3NPXPOq141HYQCLeCVN-tAk Message-ID: Subject: Re: Add SPLIT PARTITION/MERGE PARTITIONS commands To: Robert Haas Cc: Pavel Borisov , Dmitry Koval , Noah Misch , pgsql-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi! I'd like to share some thoughts on which particular way this patch could go= . On Thu, Aug 22, 2024 at 8:25=E2=80=AFPM Robert Haas = wrote: > Here, aside from the name lookup issues, there are also problems with > expression evaluation: we can't split partitions without reindexing > rows that those partitions contain, and it is critical to think > through which is going to do the evaluation and make sure it's > properly sandboxed. I think we might need > SECURITY_RESTRICTED_OPERATION here. +1 for use SECURITY_RESTRICTED_OPERATION > Another thing I want to highlight if you do have another go at this > patch is that it's really critical to think about where every single > property of the newly-created tables comes from. The original patch > didn't consider relpersistence or tableam, and here I just discovered > that owner is also an issue that probably needs more consideration, > but it goes way beyond that. For example, I was surprised to discover > that if I put per-partition constraints or triggers on a partition and > then split it, they were not duplicated to the new partitions. Now, > maybe that's actually the behavior we want -- I'm not 100% positive -- > but it sure wasn't what I was expecting. If we did duplicate them when > splitting, then what's supposed to happen when merging occurs? That is > not at all obvious, at least to me, but it needs careful thought. ACLs > and rules and default values and foreign keys (both outbond and > inbound) all need to be considered too, along with 27 other things > that I'm sure I'm not thinking about right now. Some of this behavior > should probably be explicitly documented, but all of it should be > considered carefully enough before commit to avoid surprises later. I > say that both from a security point of view and also just from a user > experience point of view. Even if things aren't insecure, they can > still be annoying, but it's not uncommon in cases like this for > annoying things to turn out to also be insecure. Yes, I think it's a good idea to duplicate dependent objects of split partition to new partitions. But it important to very carefully check user have relevant permissions for all of them. We could also provide a syntax to exclude some of them (and even define new ones?), but I strongly suspect that would overcomplicate patch for now and we need to postpone this. Regarding the merge, I think it would be good to provide a syntax to let user choose a model partition between partitions to be merged. > Finally, if you do revisit this, I believe it would be a good idea to > think a bit harder about how data is moved around. My impression (and > please correct me if I am mistaken) is that currently, any split or > merge operation rewrites all the data in the source partition(s). If a > large partition is being split nearly equally, I think that has a good > chance of being optimal, but I think that might be the only case. If > we're merging partitions, wouldn't it be better to adjust the > constraints on the first partition -- or perhaps the largest partition > if we want to be clever -- and insert the data from all of the others > into it? Maybe that would even have syntax that puts the user in > control of which partition survives, e.g. ALTER TABLE tab1 MERGE > PARTITION part1 WITH part2, part3, .... That would also make it really > obvious to the user what all of the properties of part1 will be after > the merge: they will be exactly the same as they were before the > merge, except that the partition constraint will have been adjusted. > You basically dodge everything in the previous paragraph in one shot, > and it seems like it would also be faster. Splitting there's no > similar get-out-of-jail free card, at least not that I can see. Even > if you add syntax that splits a partition by using INSERT/DELETE to > move some rows to a newly-created partition, you still have to make at > least one new partition. But possibly that syntax is worth having > anyway, because it would be a lot quicker in the case of a highly > asymmetric split. On the other hand, maybe even splits are much more > likely and we don't really need it. I don't know. Hmm... I think the important aspect for this DDL operation is to be atomic and transactional. And that seems to be extremely hard to achieve if we move the data between existing relnodes. How can we rollback or recover after error? So, it least for initial implementation I would leave data movement as it is. ------ Regards, Alexander Korotkov Supabase