docs(adr): ADR-044 Guidelines for updating proto defs (#9613)
<!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description This ADR is to be merged as "DRAFT" status for now, as the details for the "Bumping Protobuf Package Version" section have not been sorted out yet. This ADR comes from discussion with @webmaster128 and @robert-zaremba about proto updates strategy. We decided to go for an ADR to document our decision for v0.43, and for visibility for other chains doing proto upgrades. [rendered](https://github.com/cosmos/cosmos-sdk/blob/am/adr-044-protobuf/docs/architecture/adr-044-protobuf-updates-guidelines.md) Closes: #9477 ref: #9446 ref: #9445 <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [x] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [x] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [x] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
This commit is contained in:
Amaury
GitHub
parent
463c17ad88
commit
56589f1cc8
|
|
@ -77,3 +77,7 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing
|
|||
- [ADR 038: State Listening](./adr-038-state-listening.md)
|
||||
- [ADR 039: Epoched Staking](./adr-039-epoched-staking.md)
|
||||
- [ADR 040: Storage and SMT State Commitments](./adr-040-storage-and-smt-state-commitments.md)
|
||||
|
||||
### Draft
|
||||
|
||||
- [ADR 044: Guidelines for Updating Protobuf Definitions](./adr-044-protobuf-updates-guidelines.md)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,109 @@
|
|||
# ADR 044: Guidelines for Updating Protobuf Definitions
|
||||
|
||||
## Changelog
|
||||
|
||||
- 28.06.2021: Initial Draft
|
||||
|
||||
## Status
|
||||
|
||||
Draft
|
||||
|
||||
## Abstract
|
||||
|
||||
This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers.
|
||||
|
||||
## Context
|
||||
|
||||
The SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/master/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations.
|
||||
|
||||
When making changes to these Protobuf definitions, the SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example:
|
||||
|
||||
- Adding fields to `Msg`s. Adding fields is a not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node.
|
||||
- Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue.
|
||||
|
||||
Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions.
|
||||
|
||||
## Decision
|
||||
|
||||
We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions:
|
||||
|
||||
- `UNARY_RPC`: the SDK currently does not support streaming RPCs.
|
||||
- `COMMENT_FIELD`: the SDK allows fields with no comments.
|
||||
- `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix.
|
||||
- `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix.
|
||||
- `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility.
|
||||
|
||||
On top of Buf's recommendations we add the following guidelines that are specific to the SDK.
|
||||
|
||||
### Updating Protobuf Definition Without Bumping Version
|
||||
|
||||
#### 1. `Msg`s MUST NOT have new fields.
|
||||
|
||||
When processing `Msg`s, the SDK's antehandlers are strict and don't allow unknown fields in `Msg`s. This is checked by the unknown field rejection in the [`codec/unknownproto` package](https://github.com/cosmos/cosmos-sdk/blob/master/codec/unknownproto).
|
||||
|
||||
Now imagine a v0.43 node accepting a `MsgExample` transaction, and in v0.44 the chain developer decides to add a field to `MsgExample`. A client developer, which only manipulates Protobuf definitions, would see that `MsgExample` has a new field, and will populate it. However, sending the new `MsgExample` to an old v0.43 node would cause the v0.43 node to reject the `MsgExample` because of the unknown field. The expectation that the same Protobuf version can be used across multiple node versions MUST be guaranteed.
|
||||
|
||||
For this reason, module developers MUST NOT add new fields to existing `Msg`s.
|
||||
|
||||
It is worth mentioning that this does not limit adding fields to a `Msg`, but also to all nested structs and `Any`s inside a `Msg`.
|
||||
|
||||
#### 2. Non-`Msg`-related Protobuf definitions MAY have new fields.
|
||||
|
||||
On the other hand, module developers MAY add new fields to Protobuf definitions related to the `Query` service or to objects which are saved in the store. This recommendation follows the Protobuf specification, but is added in this document for clarity.
|
||||
|
||||
#### 3. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields.
|
||||
|
||||
Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version).
|
||||
|
||||
As an example, the SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically:
|
||||
|
||||
- The SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty.
|
||||
- The SDK now supports [governance split votes](./adr-037-gov-split-vote.md). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`.
|
||||
|
||||
#### 4. Fields MUST NOT be renamed.
|
||||
|
||||
Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI.
|
||||
|
||||
### Incrementing Protobuf Package Version
|
||||
|
||||
TODO, needs architecture review. Some topics:
|
||||
|
||||
- Bumping versions frequency
|
||||
- When bumping versions, should the SDK support both versions?
|
||||
- i.e. v1beta1 -> v1, should we have two folders in the SDK, and handlers for both versions?
|
||||
- mention ADR-023 Protobuf naming
|
||||
|
||||
## Consequences
|
||||
|
||||
> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future.
|
||||
|
||||
### Backwards Compatibility
|
||||
|
||||
> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright.
|
||||
|
||||
### Positive
|
||||
|
||||
- less pain to tool developers
|
||||
- more compatibility in the ecosystem
|
||||
- ...
|
||||
|
||||
### Negative
|
||||
|
||||
{negative consequences}
|
||||
|
||||
### Neutral
|
||||
|
||||
- more rigor in Protobuf review
|
||||
|
||||
## Further Discussions
|
||||
|
||||
This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it.
|
||||
|
||||
## Test Cases [optional]
|
||||
|
||||
Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable.
|
||||
|
||||
## References
|
||||
|
||||
- [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1
|
||||
- [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes
|
||||
Loading…
Reference in New Issue