On Fri, Mar 26, 2010 at 10:14:40AM -0300, Devan Goodwin wrote:
I've got concerns about the end result assuming we solve this problem. The purpose of this whole issue has been described to me as warehousing the data about what consumers we knew about instead of just deleting them.
The first thing that comes to mind is that this is probably not specific to consumers, arguably even more importantly we're going to want to maintain info about what entitlements were bound to those consumers, perhaps with some info about when and by whom. (which is totally new)
The second big issue is that given this is motivated by auditing like concerns, I can't understand why we'd want the choice between "mark inactive/terminated" and "actually delete" available to callers of the API, not even management applications should be able to circumvent it. Auditing seems like it should be handled internally and transparently. IMO delete should remain delete, that resource no longer exists at that location. Internally Candlepin would store whatever auditing/state information we need about the deleted resource, and perhaps this info would be accessible over an API call to a management application, but it's a new resource, not the old one.
If we just flag resources as inactive in their original location then we need to be vigilant about filtering out where inactive = true throughout the application. No doubt we can do this, it's just unplesant to consider a slew of inactive consumers and possibly entitlements living together for an unknown period of time, and quite likely a recipe for a lot of bugs down the road.
To me I think we should bite the bullet and ask ourselves the hard questions about what data we need to audit. We should solve this internally and transparently to the API, and we're then free to keep the API resource oriented and delete's meaning is clear.
This does bring up the real problem, the reason we don't want to use delete is for historical data. And yes I think you are right that auditing is probably the right way to solve the problem.
In a cube conversation (yay for open environments) [1], we talked about Approach 4, DELETING the relationship. The relationship that would need to be removed when terminating a consumer is the entitlement. When Justin suggested we delete the entitlement the feedback was then we'd lose the history. So as Devan stated above, why don't we log what happened with the entitlement 'deleted by foo on 2010/04/01 for unknown reasons', then delete the entitlement.
It would certainly make the API cleaner and solve the problem. So this take care of terminating a consumer's entitlement, then again, as Devan asked what else do we need to audit? Is there a list of historical data we'd like to maintain?
jesus