Marshal missing UDT fields as null instead of failing

[sylwiaszunejko]

We can't return an error in case a field is added to the UDT, otherwise existing code would break by simply altering the UDT in the database. For extra fields at the end of the UDT put nulls to be in line with gocql, but also python-driver and java-driver.

In gocql it was fixed in scylladb/gocql@d2ed1bb

java-driver https://github.com/datastax/java-driver/blob/ef56d561d97adcae48e0e6e8807f334aedc0d783/core/src/main/java/com/datastax/oss/driver/internal/core/type/codec/UdtCodec.java#L86
python-driver: https://github.com/datastax/python-driver/blob/15d715f4e686032b02ce785eca1d176d2b25e32b/cassandra/cqltypes.py#L1036

[sylwiaszunejko]

@avelanarius ping

[dkropachev]

We definitely should have test for that

[dkropachev]

Should we consider unsafe flag ?

func (u udt) MarshalUDT(name string, info gocql.TypeInfo) ([]byte, error) {
	value, ok := u.field[name]
	if ok {
		return gocql.Marshal(info, value.Interface())
	}
	if u.unsafe {
		return nil, nil
	}
	return nil, fmt.Errorf("missing name %q in %s", name, u.value.Type())
}

[sylwiaszunejko]

@dkropachev AFAIK this would require a user to use query.Iter().Unsafe() instead of just query.Exec(), because in gocql implementation there is no unsafe equivalent. Wouldn't it be counterintuitive if in gocql we are able to do query.Exec() with udt with missing fields and it works, but in gocqlx we are required to use Unsafe()?

[dkropachev]

@sylwiaszunejko , 100% agree on that, but since Unsafe is there and does control this particular behavior we have to be consistent in the way it works.

[sylwiaszunejko]

To sum up after a discussion with @dkropachev:
There is a mechanism in gocqlx for ignoring missing UDT fields, but it requires a user to use query.Iter().Unsafe() instead of just query.Exec(), because in gocql implementation there is no Unsafe equivalent. So on one hand Unsafe is there and does control this particular behavior we have to be consistent in the way it works, but on the other hand we have to be consistent with gocql and if using UDTs with extra fields is supported there always not only when extra option specified, shouldn't it be also supported in gocqlx?
@mykaul do you have any thoughts on that? Because it looks like my fix doesn't take Unsafe mechanism in the consideration and that's probably not the best

[dkropachev]

To sum up after a discussion with @dkropachev: There is a mechanism in gocqlx for ignoring missing UDT fields, but it requires a user to use query.Iter().Unsafe() instead of just query.Exec(), because in gocql implementation there is no Unsafe equivalent. So on one hand Unsafe is there and does control this particular behavior we have to be consistent in the way it works, but on the other hand we have to be consistent with gocql and if using UDTs with extra fields is supported there always not only when extra option specified, shouldn't it be also supported in gocqlx? @mykaul do you have any thoughts on that? Because it looks like my fix doesn't take Unsafe mechanism in the consideration and that's probably not the best

I would propose to rename this attribute to Strict reversing it's meaning, making default to be false.
Only problem here is that we have to release new major for that, due to the compatibility issue.

[mykaul]

I'm in favor of consistency, even if it's the longer path (and complexity). The unsafe is not intuitive.

[dkropachev]

@mykaul , could you please rereview it, tests were added and more cases fixed.
Also new method was introduced to Queryx to control Unsafe flag on it's level instead of borrowing it from DefaultUnsafe

[mykaul]

Do we have an example (in gocqlx docs) for UDT usage?

[sylwiaszunejko]

@mykaul examples are here:

gocqlx/doc_test.go

Line 24 in a9ab270

func ExampleUDT() {

and

gocqlx/example_test.go

Line 445 in a9ab270

// This example shows how to add User Defined Type marshalling capabilities to

[wprzytula]

Why this change? Asterisks are valid Markdown itemizers as well AFAIK.

[dkropachev]

This one is gone, it is already in master, reason why it have changed is golangci-lint does not tollerate anything by - there.

[wprzytula]

Are we sure this is the semantics of unsafe that we want to have?
In Rust driver at least, we consider too many and too few fields in the CQL UDT compared to the go struct as two distinct cases. In Rust driver, strict forbids too many fields in CQL UDT, whereas default_if_missing is used for the case when a struct has a field that is not found in the CQL UDT metadata. WDYT? Should we cover it by a single lever here?

[dkropachev]

@wprzytula, i am totally in support of having all drivers as close as possible to each other. Let's have separate issue on that and address it in other PR

[wprzytula]

OTOH I have no idea how other drivers apart from Rust driver approach this.

[dkropachev]

We can start from these two

[wprzytula]

I'm strongly for the change from unsafe to strict, and making non-strict the default. This would be a breaking change, but one that I find justified.

[sylwiaszunejko]

I'm strongly for the change from unsafe to strict, and making non-strict the default. This would be a breaking change, but one that I find justified.

I agree, I would like to go with the strict approach.

@mykaul @avelanarius @roydahan Are we okay with making breaking change in that case?

[dkropachev]

I'm strongly for the change from unsafe to strict, and making non-strict the default. This would be a breaking change, but one that I find justified.

I agree, I would like to go with the strict approach.

@mykaul @avelanarius @roydahan Are we okay with making breaking change in that case?

Let's do that in separate PR.

[roydahan]

I'm fine with it, we can release a major and state that in the release notes.

[sylwiaszunejko]

Let's merge it and then we can replace unsafe with strict approach in the additional PR. Are you okay with that?
@wprzytula @roydahan @mykaul

[mmatczuk]

Interesting.

[mmatczuk]

I'd refrain from bumping the major version and only do that in case of major API breakage i.e. new API, preferably never.

Bumping it to v2 was a complete mess, every import line needs to be changed.
Not that it's hard, but it puts quite a lot of annoying work on customers.

[sylwiaszunejko]

@mmatczuk do you have any suggestion how to handle better the situation with Unsafe and how the default behavior around dealing with missing fields in UDTs differs in gocql and gocqlx?

[mmatczuk]

The change is LGTM.

[sylwiaszunejko]

I am not sure if I understand right, is it okay to do breaking change without major release?

[mmatczuk]

What I'm trying to say is that there is a cost of making /v3 it is not something to do lightly.
Consider what you need, maybe completely removing unsafe and releasing /v3 is a way to go.

[dkropachev]

What I'm trying to say is that there is a cost of making /v3 it is not something to do lightly. Consider what you need, maybe completely removing unsafe and releasing /v3 is a way to go.

Just want to point out that gocqlx recently switched to scylladb/gocql, which also contributes to necessity to bump major up.