MIME-Version: 1.0
References: 
 <CAFj8pRDY+m9OOxfO10R7J0PAkCCauM-TweaTrdsrsLGMb1VbEQ@mail.gmail.com>
 <CAFj8pRBNqJ0_mHSFW0ksR90f0eKzk+zABboZ1tmoH6q4T8m0nA@mail.gmail.com>
 <157701619041.1198.10146593618667092522.pgcf@coridan.postgresql.org>
In-Reply-To: 
 <157701619041.1198.10146593618667092522.pgcf@coridan.postgresql.org>
From: Pavel Stehule <pavel.stehule@gmail.com>
Date: Sun, 22 Dec 2019 19:50:22 +0100
Message-ID: 
 <CAFj8pRDFj4Xc3PN6uEeHEW-Rz7q-s=1Vd5eqH77ZewGyaTevgA@mail.gmail.com>
Subject: Re: proposal: schema variables
To: Philippe BEAUDOIN <phb07@apra.asso.fr>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="00000000000040c940059a4f6421"
Precedence: bulk

--00000000000040c940059a4f6421
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi

ne 22. 12. 2019 v 13:04 odes=C3=ADlatel Philippe BEAUDOIN <phb07@apra.asso.=
fr>
napsal:

> The following review has been posted through the commitfest application:
> make installcheck-world:  tested, passed
> Implements feature:       tested, failed
> Spec compliant:           not tested
> Documentation:            tested, failed
>
> Hi Pavel,
>
> First of all, I would like to congratulate you for this great work. This
> patch is really cool. The lack of package variables is sometimes a blocki=
ng
> issue for Oracle to Postgres migrations, because the usual emulation with
> GUC is sometimes not enough, in particular when there are security concer=
ns
> or when the database is used in a public cloud.
>
> As I look forward to having this patch commited, I decided to spend some
> time to participate to the review, although I am not a C specialist and I
> have not a good knowledge of the Postgres internals. Here is my report.
>
> A) Installation
>
> The patch applies correctly and the compilation is fine. The "make check"
> doesn't report any issue.
>
> B) Basic usage
>
> I tried some simple schema variables use cases. No problem.
>
> C) The interface
>
> The SQL changes look good to me.
>
> However, in the CREATE VARIABLE command, I would replace the "TRANSACTION=
"
> word by "TRANSACTIONAL".
>

There is not technical problem - the problem is in introduction new keyword
"transactional" that is near to "transaction". I am not sure if it is
practical to have two "similar" keyword and how much the CREATE statement
has to use correct English grammar.

I am not native speaker, so I am not able to see how bad is using
"TRANSACTION" instead "TRANSACTIONAL" in this context. So I see a risk to
have two important (it is not syntactic sugar) similar keywords.

Just I afraid so using TRANSACTIONAL instead just TRANSACTION is not too
user friendly. I have not strong opinion about this - and the
implementation is easy, but I am not feel comfortable with introduction
this keyword.


> I have also tried to replace this word by a ON ROLLBACK clause at the end
> of the statement, like for ON COMMIT, but I have not found a satisfying
> wording to propose.
>


>
> D) Behaviour
>
> I am ok with variables not being transactional by default. That's the mos=
t
> simple, the most efficient, it emulates the package variables of other
> RDBMS and it will probably fit the most common use cases.
>
> Note that I am not strongly opposed to having by default transactional
> variables. But I don't know whether this change would be a great work. We
> would have at least to find another keyword in the CREATE VARIABLE
> statement. Something like "NON-TRANSACTIONAL VARIABLE" ?
>

Variables almost everywhere (global user settings - GUC is only one planet
exception) are non transactional by default. I don't see any reason
introduce new different design than is wide used.


> It is possible to create a NOT NULL variable without DEFAULT. When trying
> to read the variable before a LET statement, one gets an error massage
> saying that the NULL value is not allowed (and the documentation is clear
> about this case). Just for the records, I wondered whether it wouldn't be
> better to forbid a NOT NULL variable creation that wouldn't have a DEFAUL=
T
> value. But finally, I think this behaviour provides a good way to force t=
he
> variable initialisation before its use. So let's keep it as is.
>

This is a question - and there are two possibilities

postgres=3D# do $$
declare x int not null;
begin
  raise notice '%', x;
end;
$$ ;
ERROR:  variable "x" must have a default value, since it's declared NOT NUL=
L
LINE 2: declare x int not null;
                      ^

PLpgSQL requires it. But there is not a possibility to enforce future
setting.

So I know so behave of schema variables is little bit different, but I
think so this difference has interesting use case. You can check if the
variable was modified somewhere or not.


> E) ACL and Rights
>
> I played a little bit with the GRANT and REVOKE statements.
>
> I have got an error (Issue 1). The following statement chain:
>   create variable public.sv1 int;
>   grant read on variable sv1 to other_user;
>   drop owned by other_user;
> reports : ERROR:  unexpected object class 4287
>

this is bug and should be fixed


> I then tried to use DEFAULT PRIVILEGES. Despite this is not documented, I
> successfuly performed:
>   alter default privileges in schema public grant read on variables to
> simple_user;
>   alter default privileges in schema public grant write on variables to
> simple_user;
>
> When variables are then created, the grants are properly given.
> And the psql \ddp command perfectly returns:
>              Default access privileges
>   Owner   | Schema | Type |    Access privileges
> ----------+--------+------+-------------------------
>  postgres | public |      | simple_user=3DSW/postgres
> (1 row)
>
> So the ALTER DEFAULT PRIVILEGES documentation chapter has to reflect this
> new syntax (Issue 2).
>
> BTW, in the ACL, the READ privilege is represented by a S letter. A
> comment in the source reports that the R letter was used in the past for
> rule privilege. Looking at the postgres sources, I see that this privileg=
e
> on rules has been suppressed  in 8.2, so 13 years ago. As this R letter
> would be a so much better choice, I wonder whether it couldn't be reused
> now for this new purpose. Is it important to keep this letter frozen ?
>

I have not a idea why it is. I'll recheck it - but in this moment I prefer
a consistency with existing ACL - it can be in future as one block if it
will be necessary for somebody.


>
> F) Extension
>
> I then created an extension, whose installation script creates a schema
> variable and functions that use it. The schema variable is correctly link=
ed
> to the extension, so that dropping the extension drops the variable.
>
> But there is an issue when dumping the database (Issue 3). The script
> generated by pg_dump includes the CREATE EXTENSION statement as expected
> but also a redundant CREATE VARIABLE statement for the variable that
> belongs to the extension. As a result, one of course gets an error at
> restore time.
>

It is bug and should be fixed


> G) Row Level Security
>
> I did a test activating RLS on a table and creating a POLICY that
> references a schema variable in its USING and WITH CHECK clauses.
> Everything worked fine.
>
> H) psql
>
> A \dV meta-command displays all the created variables.
> I would change a little bit the provided view. More precisely I would:
> - rename "Constraint" into "Is nullable" and report it as a boolean
> - rename "Special behave" into "Is transactional" and report it as a
> boolean
> - change the order of columns so to have:
> Schema | Name | Type | Is nullable | Default | Owner | Is transactional |
> Transaction end action
> "Is nullable" being aside "Default"
>

ok


> I) Performance
>
> I just quickly looked at the performance, and didn't notice any issue.
>
> About variables read performance, I have noticed that:
>   select sum(1) from generate_series(1,10000000);
> and
>   select sum(sv1) from generate_series(1,10000000);
> have similar response times.
>

> About planning, a condition with a variable used as a constant is
> indexable, as if it were a literal.
>
> J) Documentation
>
> There are some wordings to improve in the documentation. But I am not the
> best person to give advice about english language ;-).
>
> However, aside the already mentionned lack of changes in the ALTER DEFAUL=
T
> PRIVILEGES chapter, I also noticed :
> - line 50 of the patch, the sentence "(hidden attribute; must be
> explicitly selected)" looks false as the oid column of pg_variable is
> displayed, as for other tables of the catalog;
> - at several places, the word "behave" should be replaced by "behaviour"
> - line 433, a get_schema_variable() function is mentionned; is it a
> function that can really be called by users ?
>
> May be it would be interesting to also add a chapter in the Section V of
> the documentation, in order to more globally present the schema variables
> concept, aside the new or the modified statements.
>
> K) Coding
>
> I am not able to appreciate the way the feature has been coded. So I let
> this for other reviewers ;-)
>
>
> To conclude, again, thanks a lot for this feature !
> And if I may add this. I dream of an additional feature: adding a SHARED
> clause to the CREATE VARIABLE statement in order to be able to create
> memory spaces that could be shared by all connections on the database and
> accessible in SQL and PL, under the protection of ACL. But that's another
> story ;-)
>

sure, it is another story :-).

Thank you for review - I'll try to fix bugs this week.

Pavel


> Best regards. Philippe.
>
> The new status of this patch is: Waiting on Author
>

--00000000000040c940059a4f6421
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi<br></div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr" class=3D"gmail_attr">ne 22. 12. 2019 v=C2=A013:04 odes=C3=ADlatel =
Philippe BEAUDOIN &lt;<a href=3D"mailto:phb07@apra.asso.fr">phb07@apra.asso=
.fr</a>&gt; napsal:<br></div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1=
ex">The following review has been posted through the commitfest application=
:<br>
make installcheck-world:=C2=A0 tested, passed<br>
Implements feature:=C2=A0 =C2=A0 =C2=A0 =C2=A0tested, failed<br>
Spec compliant:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0not tested<br>
Documentation:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 tested, failed<br>
<br>
Hi Pavel,<br>
<br>
First of all, I would like to congratulate you for this great work. This pa=
tch is really cool. The lack of package variables is sometimes a blocking i=
ssue for Oracle to Postgres migrations, because the usual emulation with GU=
C is sometimes not enough, in particular when there are security concerns o=
r when the database is used in a public cloud.<br>
<br>
As I look forward to having this patch commited, I decided to spend some ti=
me to participate to the review, although I am not a C specialist and I hav=
e not a good knowledge of the Postgres internals. Here is my report.<br>
<br>
A) Installation<br>
<br>
The patch applies correctly and the compilation is fine. The &quot;make che=
ck&quot; doesn&#39;t report any issue.<br>
<br>
B) Basic usage<br>
<br>
I tried some simple schema variables use cases. No problem.<br>
<br>
C) The interface<br>
<br>
The SQL changes look good to me.<br>
<br>
However, in the CREATE VARIABLE command, I would replace the &quot;TRANSACT=
ION&quot; word by &quot;TRANSACTIONAL&quot;.<br></blockquote><div><br></div=
><div>There is not technical problem - the problem is in introduction new k=
eyword &quot;transactional&quot; that is near to &quot;transaction&quot;. I=
 am not sure if it is practical to have two &quot;similar&quot; keyword and=
 how much the CREATE statement has to use correct English grammar. <br></di=
v><div><br></div><div>I am not native speaker, so I am not able to see how =
bad is using &quot;TRANSACTION&quot; instead &quot;TRANSACTIONAL&quot; in t=
his context. So I see a risk to have two important (it is not syntactic sug=
ar) similar keywords.</div><div><br></div><div>Just I afraid so using TRANS=
ACTIONAL instead just TRANSACTION is not too user friendly. I have not stro=
ng opinion about this - and the implementation is easy, but I am not feel c=
omfortable with introduction this keyword.<br></div><div><br></div><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px=
 solid rgb(204,204,204);padding-left:1ex">
<br>
I have also tried to replace this word by a ON ROLLBACK clause at the end o=
f the statement, like for ON COMMIT, but I have not found a satisfying word=
ing to propose.<br></blockquote><div><br></div><div>=C2=A0</div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so=
lid rgb(204,204,204);padding-left:1ex">
<br>
D) Behaviour<br>
<br>
I am ok with variables not being transactional by default. That&#39;s the m=
ost simple, the most efficient, it emulates the package variables of other =
RDBMS and it will probably fit the most common use cases.<br>
<br>
Note that I am not strongly opposed to having by default transactional vari=
ables. But I don&#39;t know whether this change would be a great work. We w=
ould have at least to find another keyword in the CREATE VARIABLE statement=
. Something like &quot;NON-TRANSACTIONAL VARIABLE&quot; ?<br></blockquote><=
div><br></div><div>Variables almost everywhere (global user settings - GUC =
is only one planet exception) are non transactional by default. I don&#39;t=
 see any reason introduce new different design than is wide used.</div><div=
> <br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
It is possible to create a NOT NULL variable without DEFAULT. When trying t=
o read the variable before a LET statement, one gets an error massage sayin=
g that the NULL value is not allowed (and the documentation is clear about =
this case). Just for the records, I wondered whether it wouldn&#39;t be bet=
ter to forbid a NOT NULL variable creation that wouldn&#39;t have a DEFAULT=
 value. But finally, I think this behaviour provides a good way to force th=
e variable initialisation before its use. So let&#39;s keep it as is.<br></=
blockquote><div><br></div><div>This is a question - and there are two possi=
bilities</div><div><br></div><div>postgres=3D# do $$<br>declare x int not n=
ull;<br>begin<br>=C2=A0 raise notice &#39;%&#39;, x;<br>end;<br>$$ ;<br>ERR=
OR: =C2=A0variable &quot;x&quot; must have a default value, since it&#39;s =
declared NOT NULL<br>LINE 2: declare x int not null;<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ^</div><div><br=
></div><div>PLpgSQL requires it. But there is not a possibility to enforce =
future setting.</div><div><br></div><div>So I know so behave of schema vari=
ables is little bit different, but I think so this difference has interesti=
ng use case. You can check if the variable was modified somewhere or not.</=
div><div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0p=
x 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
E) ACL and Rights<br>
<br>
I played a little bit with the GRANT and REVOKE statements. <br>
<br>
I have got an error (Issue 1). The following statement chain:<br>
=C2=A0 create variable public.sv1 int;<br>
=C2=A0 grant read on variable sv1 to other_user;<br>
=C2=A0 drop owned by other_user;<br>
reports : ERROR:=C2=A0 unexpected object class 4287<br></blockquote><div><b=
r></div><div>this is bug and should be fixed</div><div> <br></div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex">
<br>
I then tried to use DEFAULT PRIVILEGES. Despite this is not documented, I s=
uccessfuly performed:<br>
=C2=A0 alter default privileges in schema public grant read on variables to=
 simple_user;<br>
=C2=A0 alter default privileges in schema public grant write on variables t=
o simple_user;<br>
<br>
When variables are then created, the grants are properly given.<br>
And the psql \ddp command perfectly returns:<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Default access privileges<b=
r>
=C2=A0 Owner=C2=A0 =C2=A0| Schema | Type |=C2=A0 =C2=A0 Access privileges=
=C2=A0 =C2=A0 <br>
----------+--------+------+-------------------------<br>
=C2=A0postgres | public |=C2=A0 =C2=A0 =C2=A0 | simple_user=3DSW/postgres<b=
r>
(1 row)<br>
<br>
So the ALTER DEFAULT PRIVILEGES documentation chapter has to reflect this n=
ew syntax (Issue 2).<br>
<br>
BTW, in the ACL, the READ privilege is represented by a S letter. A comment=
 in the source reports that the R letter was used in the past for rule priv=
ilege. Looking at the postgres sources, I see that this privilege on rules =
has been suppressed=C2=A0 in 8.2, so 13 years ago. As this R letter would b=
e a so much better choice, I wonder whether it couldn&#39;t be reused now f=
or this new purpose. Is it important to keep this letter frozen ?<br></bloc=
kquote><div><br></div><div>I have not a idea why it is. I&#39;ll recheck it=
 - but in this moment I prefer a consistency with existing ACL - it can be =
in future as one block if it will be necessary for somebody.<br></div><div>=
=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
F) Extension<br>
<br>
I then created an extension, whose installation script creates a schema var=
iable and functions that use it. The schema variable is correctly linked to=
 the extension, so that dropping the extension drops the variable.<br>
<br>
But there is an issue when dumping the database (Issue 3). The script gener=
ated by pg_dump includes the CREATE EXTENSION statement as expected but als=
o a redundant CREATE VARIABLE statement for the variable that belongs to th=
e extension. As a result, one of course gets an error at restore time.<br><=
/blockquote><div><br></div><div>It is bug and should be fixed</div><div> <b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
G) Row Level Security<br>
<br>
I did a test activating RLS on a table and creating a POLICY that reference=
s a schema variable in its USING and WITH CHECK clauses. Everything worked =
fine.<br>
<br>
H) psql<br>
<br>
A \dV meta-command displays all the created variables.<br>
I would change a little bit the provided view. More precisely I would:<br>
- rename &quot;Constraint&quot; into &quot;Is nullable&quot; and report it =
as a boolean<br>
- rename &quot;Special behave&quot; into &quot;Is transactional&quot; and r=
eport it as a boolean<br>
- change the order of columns so to have:<br>
Schema | Name | Type | Is nullable | Default | Owner | Is transactional | T=
ransaction end action<br>
&quot;Is nullable&quot; being aside &quot;Default&quot;<br></blockquote><di=
v><br></div><div>ok</div><div> <br></div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa=
dding-left:1ex">
<br>
I) Performance<br>
<br>
I just quickly looked at the performance, and didn&#39;t notice any issue.<=
br>
<br>
About variables read performance, I have noticed that:<br>
=C2=A0 select sum(1) from generate_series(1,10000000);<br>
and<br>
=C2=A0 select sum(sv1) from generate_series(1,10000000);<br>
have similar response times. <br></blockquote><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex">
<br>
About planning, a condition with a variable used as a constant is indexable=
, as if it were a literal.<br>
<br>
J) Documentation<br>
<br>
There are some wordings to improve in the documentation. But I am not the b=
est person to give advice about english language ;-).<br>
<br>
However, aside the already mentionned lack of changes in the ALTER DEFAULT =
PRIVILEGES chapter, I also noticed :<br>
- line 50 of the patch, the sentence &quot;(hidden attribute; must be expli=
citly selected)&quot; looks false as the oid column of pg_variable is displ=
ayed, as for other tables of the catalog;<br>
- at several places, the word &quot;behave&quot; should be replaced by &quo=
t;behaviour&quot;<br>
- line 433, a get_schema_variable() function is mentionned; is it a functio=
n that can really be called by users ?<br>
<br>
May be it would be interesting to also add a chapter in the Section V of th=
e documentation, in order to more globally present the schema variables con=
cept, aside the new or the modified statements.<br>
<br>
K) Coding<br>
<br>
I am not able to appreciate the way the feature has been coded. So I let th=
is for other reviewers ;-)<br>
<br>
<br>
To conclude, again, thanks a lot for this feature !<br>
And if I may add this. I dream of an additional feature: adding a SHARED cl=
ause to the CREATE VARIABLE statement in order to be able to create memory =
spaces that could be shared by all connections on the database and accessib=
le in SQL and PL, under the protection of ACL. But that&#39;s another story=
 ;-)<br></blockquote><div><br></div><div>sure, it is another story :-). <br=
></div><div><br></div><div>Thank you for review - I&#39;ll try to fix bugs =
this week.</div><div><br></div><div>Pavel</div><div><br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex">
<br>
Best regards. Philippe.<br>
<br>
The new status of this patch is: Waiting on Author<br>
</blockquote></div></div>

--00000000000040c940059a4f6421--