NAME

Rinci::Undo - (DEPRECATED) Protocol for undo operations in functions

VERSION

version 1.1.29

SPECIFICATION VERSION

1.1

STATUS

This protocol (riundo for short) is now deprecated in favor of Rinci::Transaction (ritx for short) for several reasons:

  • riundo is inherently unreliable

    Undo information is returned by function after the function has performed the action. If function dies in the middle of action, client does not have the information to undo the (partially completed) action. That is why in ritx, the TM asks the function first for undo information before asking the function to perform its action.

  • ritx does not limit using the same function for undo

    In riundo, we must call the same function (passing the previously obtained undo data from the that function) to undo the information. This is sometimes slightly cumbersome. The undo action might be provided by other functions, but we still have to go through the same function first.

  • ritx can also implement undo/redo

    So there is no need for maintaining two specifications.

SPECIFICATION

This document describes the Rinci undo protocol. This protocol must be followed by functions that claim that they support undo (have their undo feature set to true). Such functions are from here on called undoable function (or just function, unless when ambiguous).

The protocol is basically the non-OO version of the command pattern, a design pattern most commonly used to implement undo/redo functionality. In this case, each function behaves like a command object. You pass a special argument -undo_action with the value of do and undo to execute or undo a command, respectively. For do and undo, the same set of arguments are passed.

Requirements

Function MUST check special argument -undo_action before it checks other arguments. Function MUST at least support the following undo action: do, undo. On unsupported/unknown undo action, function MUST return status 400, with message like "Unsupported undo action".

If -undo_action is not set, it means caller does not care about undo. Undoable function should execute as any normal function.

Performing 'do'

To indicate that we need undo, we call function by passing special argument -undo_action with the value of do. Function should perform its operation and save undo data along the way. If -undo_action is not passed or false/undef, function should assume that caller does not need undo later, so function need not save any undo data. After completing operation successfully, function should return status 200, the result, and undo data. Undo data is returned in the result metadata (the fourth element of result envelope), example:

[200, "OK", $result, {undo_data=>$undo_data}]

Undo data should be serializable so it is easy to be made persistent if necessary (e.g. by some undo/transaction manager).

Performing 'undo'

To perform an undo, caller must call the function again with the same previous arguments, except -undo_action should be set to undo and -undo_data set to undo data previously given by the function. Function should perform the undo operation using the undo data. Upon success, it must return status 200, the result, and an undo data (in other words, redo data, since it can be used to undo the undo operation).

Performing 'redo'

To perform redo, caller can call the function again with <-undo_action> set to undo and -undo_data set to the redo data given in the undo step. Or, alternatively, caller can just perform a normal do (see above).

An example:

$SPEC{setenv} = {
v => 1.1,
summary => 'Set environment variable',
args => {
name => {req=>1, schema=>'str*'},
value => {req=>1, schema=>'str*'},
},
features => {undo=>1},
};
sub setenv {
my %args = @_;
my $name = $args{name};
my $value = $args{value};
my $undo_action = $args{-undo_action} // '';
my $undo_data = $args{-undo_data};
my $old;
if ($undo_action) {
# save original value and existence state
$old = [exists($ENV{$name}), $ENV{$name}];
}
if ($undo_action eq 'undo') {
if ($undo_data->[0]) {
$ENV{$name} = $undo_data->[1];
} else {
delete $ENV{$name};
}
} else {
$ENV{$name} = $value;
}
[200, "OK", undef, $undo_action ? {undo_data=>$old} : {}];
}

The above example declares an undoable command setenv to set an environment variable (%ENV).

To perform command:

my $res = setenv(name=>"DEBUG", value=>1, -undo_action=>"do");
die "Failed: $res->[0] - $res->[1]" unless $res->[0] == 200;
my $undo_data = $res->[3]{undo_data};

To perform undo:

$res = setenv(name=>"DEBUG", value=>1,
-undo_action="undo", -undo_data=>$undo_data);
die "Can't undo: $res->[0] - $res->[1]" unless $res->[0] == 200;

After this undo, DEBUG environment variable will be set to original value. If it did not exist previously, it will be deleted.

To perform redo:

my $redo_data = $res->[3]{undo_data};
$res = setenv(name=>"DEBUG", value=>1,
-undo_action="undo", -undo_data=>$redo_data);

or you can just do:

$res = setenv(name=>"DEBUG", value=>1, -undo_action="do");

Saving undo data in external storage

Although the complete undo data can be returned by the function in the undo_data result metadata property, sometimes it is more efficient to just return a pointer to said undo data, while saving the actual undo data in some external storage.

For example, if a function deletes a big file and wants to save undo data, it is more efficient to move the file to trash directory and return its path as the undo data, instead of reading the whole file content and its metadata to memory and return it in undo_data result metadata.

Functions which require undo trash directory should specify this in its metadata, through the undo_trash_dir dependency clause. For example:

deps => {
...
trash_dir => 1,
}

When calling function, caller needs to provide path to undo trash directory via special argument -trash_dir, for example:

-trash_dir => "/home/.trash/2fe2f4ad-a494-0044-b2e0-94b2b338056e"

What about non-undoable actions?

Like in real life, not all actions are undoable. Examples of undoable/irreversible actions include wiping a file/directory (more generally speaking, any action to permanently delete/destroy something, without backing up the data first), sending an email (more generally speaking, any action that is sent to an external entity beyond our control, unless that external entity provides a way to undo the action).

An undoable function MUST NOT mix undoable and non-undoable actions. For example:

safe_delete(file=>'/path/to/file'); # puts file into Trash, undoable action
safe_delete(file=>'/path/to/file', permanent=>1); # deletes file, non-undoable

The safe_delete function above mixes undoable action (putting a file into Trash directory) and non-undoable action (permanently deleting a file without putting it in Trash). Without domain knowledge of the function, a caller cannot know whether a call will be undoable or not. This will also prevent the function from participating in a transaction, because transaction requires function call to always be undoable, for rollback purpose.

The solution is to separate non-undoable action in another function, for example:

trash(file=>'/path/to/file'); # undoable, can execute inside transaction
delete(file=>'/path/to/file'); # non-undoable, executes outside transaction
empty_trash(); # non-undoable, executes outside transaction

The non-undoable function is also non-transactional (it operates outside the scope of a transaction). But it can still be idempotent. And it can manipulate the transactions if it needs too. In the example, the empty_trash() function instructs the transaction manager to discard the trash() transactions, since after the trash is emptied, the trash() transactions cannot be undone anyway.

SEE ALSO

Related specifications: Rinci::Transaction

AUTHOR

Steven Haryanto <stevenharyanto@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2012 by Steven Haryanto.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.