Re: Skipping logical replication transactions on subscriber side

From: Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
To: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
Cc: Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, "tanghy(dot)fnst(at)fujitsu(dot)com" <tanghy(dot)fnst(at)fujitsu(dot)com>, vignesh C <vignesh21(at)gmail(dot)com>, Greg Nancarrow <gregn4422(at)gmail(dot)com>, "houzj(dot)fnst(at)fujitsu(dot)com" <houzj(dot)fnst(at)fujitsu(dot)com>, Alexey Lesovsky <lesovsky(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "osumi(dot)takamichi(at)fujitsu(dot)com" <osumi(dot)takamichi(at)fujitsu(dot)com>
Subject: Re: Skipping logical replication transactions on subscriber side
Date: 2022-01-26 01:09:06
Message-ID: CAA4eK1J+S_kOHeWrTZuiTNpqf_21aodwUbFBjj2wVBSiv+5V7g@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jan 25, 2022 at 6:18 PM Peter Eisentraut
<peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
>
> On 25.01.22 03:54, Amit Kapila wrote:
> >> I don't think this functionality allows a nonprivileged user to do
> >> anything they couldn't otherwise do. You can create inconsistent data
> >> in the sense that you can choose not to apply certain replicated data.
> >>
> > I thought this will be the only primary way to skip applying certain
> > transactions. The other could be via pg_replication_origin_advance().
> > Or are you talking about the case where we skip applying update/delete
> > where the corresponding rows are not found?
> >
> > I see the point that if we can allow the owner to skip applying
> > updates/deletes in certain cases then probably this should also be
> > okay. Kindly let us know if you have something else in mind as well?
>
> Let's start this again: The question at hand is whether ALTER
> SUBSCRIPTION ... SKIP should be allowed for subscription owners that are
> not superusers. The argument raised against that was that this would
> allow the owner to create "inconsistent" data. But it hasn't been
> explained what that actually means or why it is dangerous.
>

There are two reasons in my mind: (a) We are going to skip some
unrelated data changes that are not the direct cause of conflict
because of the entire transaction skip. Now, it is possible that
unintentionally it allows skipping some actual changes
insert/update/delete/truncate to some relations which will then allow
even the future changes to cause some conflict or won't get applied. A
few examples are after TRUNCATE is skipped, the INSERTS in following
transactions can cause error "duplicate key .."; similarly say some
INSERT is skipped, then following UPDATE/DELETE won't find the
corresponding row to perform the operation. (b) Users can specify some
random XID, the discussion below is trying to detect this and raise
WARNING/ERROR but still, it could cause some valid transaction (which
won't generate any conflict/error) to skip.

These can lead to some missing data in the subscriber which the user
might not have expected.

--
With Regards,
Amit Kapila.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2022-01-26 01:15:27 Re: Refactoring of compression options in pg_basebackup
Previous Message Michael Paquier 2022-01-26 00:57:59 Re: Is it correct to update db state in control file as "shutting down" during end-of-recovery checkpoint?