Skip to content

feat: implement irreversible vacuum drop table protection #18809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

feat: implement irreversible vacuum drop table protection #18809

wants to merge 10 commits into from

Conversation

dantengsky
Copy link
Member

@dantengsky dantengsky commented Sep 29, 2025
edited by drmingdrmer
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

Fixes data integrity issue where undrop could succeed on tables with incomplete S3 data after vacuum cleanup has begun.

🤖 Generated with Claude Code

Add retention guard mechanism to prevent undrop operations after vacuum has started, ensuring data consistency by blocking restoration of tables whose data may have been partially or fully cleaned up.

Key changes:

  • Add VacuumRetention metadata with monotonic timestamp semantics
  • Implement fetch_set_vacuum_timestamp API with correct CAS behavior
  • Integrate retention checks in vacuum drop table workflow
  • Add retention guard validation in undrop table operations
  • Include comprehensive error handling and user-friendly messages
  • Add protobuf serialization support with v151 compatibility
  • Provide full integration test coverage

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

This change is Reviewable

@dantengsky @claude
feat: implement irreversible vacuum drop table protection
dead520 
Add retention guard mechanism to prevent undrop operations after vacuum
has started, ensuring data consistency by blocking restoration of tables
whose data may have been partially or fully cleaned up.

Key changes:
- Add VacuumRetention metadata with monotonic timestamp semantics
- Implement fetch_set_vacuum_timestamp API with correct CAS behavior
- Integrate retention checks in vacuum drop table workflow
- Add retention guard validation in undrop table operations
- Include comprehensive error handling and user-friendly messages
- Add protobuf serialization support with v151 compatibility
- Provide full integration test coverage

Fixes data integrity issue where undrop could succeed on tables with
incomplete S3 data after vacuum cleanup has begun.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions github-actions bot added the pr-feature this PR introduces a new feature to the codebase label Sep 29, 2025
dantengsky and others added 9 commits September 30, 2025 00:18
@dantengsky
prepare resolve merge conflict
40639e2
@dantengsky
Merge remote-tracking branch 'origin/main' into feat/irreversible-vac…
99ac749 
…uum-drop-table
@dantengsky
fix license header
09ff84b
@dantengsky
Merge remote-tracking branch 'origin/main' into feat/irreversible-vac…
3e06312 
…uum-drop-table
@dantengsky @claude
refactor: improve undrop table retention guard error message
f84cc81 
Make error message more user-friendly by:
- Using clear language about why undrop is blocked
- Including vacuum start timestamp for better context
- Removing technical jargon like 'retention guard' and 'precedes'

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@dantengsky @claude
refactor: simplify VacuumRetention to VacuumWatermark structure
f5e03be 
- Rename VacuumRetention to VacuumWatermark for clarity
- Remove unnecessary fields: updated_by, updated_at, version
- Keep only essential 'time' field for monotonic timestamp tracking
- Update protobuf conversion and tests accordingly
- Maintain API compatibility and retention guard functionality

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@dantengsky @claude
refactor: move fetch_set_vacuum_timestamp to VacuumDropTablesInterpreter
d6680b1 
- Move vacuum timestamp setting from gc_drop_tables to VacuumDropTablesInterpreter::execute2
- Use actual retention settings instead of hardcoded 7 days
- Set timestamp before vacuum operation starts for better timing
- Simplify gc_drop_tables to focus only on metadata cleanup
- Improve separation of concerns between business logic and cleanup operations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@dantengsky
cargo fmt
3fd25fa
@dantengsky @claude
fix: prevent vacuum watermark modification in dry run mode
89ca899 
- Only set vacuum timestamp when NOT in dry run mode
- Maintains consistency with existing dry run behavior for metadata cleanup
- Dry run should not modify any state including vacuum watermark
- Preserves read-only nature of dry run operations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drmingdrmer drmingdrmer Awaiting requested review from drmingdrmer drmingdrmer will be requested when the pull request is marked ready for review drmingdrmer is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
pr-feature this PR introduces a new feature to the codebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dantengsky