Create schemas, tables and indexes without "if not exists"#259
Open
pinodeca wants to merge 1 commit into
Open
Conversation
Switch the control file to schema = pg_catalog and create the df and
_duroxide schemas in a pgrx bootstrap block using plain CREATE SCHEMA
(no IF NOT EXISTS), so a pre-existing/squatted df schema makes CREATE
EXTENSION fail loudly instead of being silently adopted.
- Move df.duroxide_schema() into the bootstrap block alongside the
CREATE SCHEMA statements and drop the separate create_duroxide_schema
block.
- Remove IF NOT EXISTS from the install-script tables (df.nodes,
df.instances, df.vars, df._worker_epoch) and indexes so install fails
loud on conflicts.
- Keep #[pg_schema] mod df {} (required for df-qualified externs); its
redundant CREATE SCHEMA IF NOT EXISTS df is now a no-op. Update the
pgspot PS010 allowlist comment to explain why it remains.
Tests: unit (183), 12_extension_lifecycle anti-squat, fmt, clippy,
pgspot gate all pass.
pinodeca
changed the title
pinodeca
changed the title
tjgreen42
approved these changes
Jun 19, 2026
| extension_sql!( | ||
| r#" | ||
| CREATE SCHEMA df; | ||
| CREATE SCHEMA _duroxide; |
Contributor
There was a problem hiding this comment.
I'm a little confused, this runs even for an upgrade and then we'll have both duroxide and _duroxide schemas? (I guess this is preexisting behavior, but still seems weird...) But it's kind of hard to tell what the final .sql scripts look like.
Followup: WDYT about checking in the generated install/upgrade scripts to make confirming this kind of thing easier?
| # present explicitly (they are otherwise PostgreSQL defaults). | ||
| relocatable = false | ||
| superuser = true | ||
| trusted = false |
Contributor
There was a problem hiding this comment.
Did you mean to get rid of the trusted line?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Eliminates silent schema adoption and
IF NOT EXISTSfrom the install path, following the pg_cron anti-squatting model.schema = pg_catalog; thedfand_duroxideschemas are created in a pgrxbootstrapblock with plainCREATE SCHEMA(noIF NOT EXISTS). A pre-existing/squatteddfschema now makesCREATE EXTENSIONfail loudly (duplicate_schema) instead of being silently adopted.df.duroxide_schema()moved into the bootstrap block; the separatecreate_duroxide_schemablock is removed.IF NOT EXISTSfrom install-script tables (df.nodes,df.instances,df.vars,df._worker_epoch) and indexes so install fails loud on conflicts.#[pg_schema] mod df {}retained (required so#[pg_extern(schema = "df")]functions resolve). Its redundantCREATE SCHEMA IF NOT EXISTS dfis now a no-op after bootstrap; the pgspot PS010 allowlist entry stays with an updated explanatory comment.Why not drop the PS010 exception?
pgrx's
#[pg_schema]unconditionally emitsCREATE SCHEMA IF NOT EXISTS dfinto the generated install SQL, and that string isn't configurable from source. Removing it would require post-processing the generated SQL, so the (now no-op) line and its single-line PS010 allowlist entry remain.Testing
12_extension_lifecycleanti-squat Test 2)cargo fmt --check,cargo clippy: clean