feat: make provider interface "stateless"; SDK maintains provider state

[chrfwow]

This PR

Providers no longer maintain their own state: the state for each provider is maintained in the SDK automatically, and updated according to the success/failures of lifecycle methods (init/shutdown) or events emitted from providers spontaneously.

Related Issues

#844

Please remove getState in implementing providers (the interface method has been marked as deprecated).

[chrfwow]

should there also be a method like emitFatalProviderError?

[toddbaert]

I would take the approach of just checking if the error is a Fatal error.

[chrfwow]

How can I do that? The ProviderEventDetails parameter does not have a field containing a potential error code. If I can get it from getEventMetadata(), what key is the error code associated with?

[toddbaert]

Good point. I think that's another thing we need to add. I might have missed it in the issue, but it's in the spec: https://openfeature.dev/specification/types#event-details

[chrfwow]

Is it queried like this?

String errorCode = details.getEventMetadata().getString("error code");
if("FATAL".equals(errorCode)){
    ...
}

I can't see how this should work from the documentation

[toddbaert]

I'm saying the event details should have a first class member representing the error code (not in the event data), if it's an error event.

[chrfwow]

Some of the tests had to be changed, as now an uninitialized provider will not allow the lookup of a value.

[toddbaert]

It might be better to use setProviderAndWait which will initialize the provider before continuing.

[toddbaert]

Thanks a lot for this! I will try to review tomorrow! 🙏

[codecov]

Codecov Report

Attention: Patch coverage is 84.61538% with 20 lines in your changes missing coverage. Please review.

Project coverage is 93.91%. Comparing base (dd8ba81) to head (6d199d9).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...n/java/dev/openfeature/sdk/ProviderRepository.java	76.05%	14 Missing and 3 partials ⚠️
...feature/sdk/providers/memory/InMemoryProvider.java	0.00%	2 Missing ⚠️
...v/openfeature/sdk/FeatureProviderStateManager.java	97.36%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #1096      +/-   ##
============================================
- Coverage     95.12%   93.91%   -1.22%     
- Complexity      401      430      +29     
============================================
  Files            39       40       +1     
  Lines           924     1019      +95     
  Branches         56       72      +16     
============================================
+ Hits            879      957      +78     
- Misses           24       39      +15     
- Partials         21       23       +2     

Flag	Coverage Δ
unittests	93.91% <84.61%> (-1.22%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[chrfwow]

The behaviour here is different than that of the OpenFeatureClient, which would not throw this GeneralError. Which bevaviour is the expected one?

[toddbaert]

See: https://github.com/open-feature/java-sdk/pull/1096/files/98c620f14a81a0fda47207eb9d912826a33ec446#r1752386247

We should be able to delete this code entirely since initialization is tracked in the SDK, but things should also work fine if we don't touch this class at all.

[aepfli]

so do you suggest to generate a Second deprecated InMemoryProvider to always ensure backwards compatibility and run the tests for both? or do you think that is overkill?

[toddbaert]

This implementation is logically correct, but this won't work retroactively with existing implementations (many of which can be found here, though there's others maintained by vendors, etc).

We need to do this in a non-breaking way, without breaking any existing contracts or behvaiors. In C#, I accomplished this by creating a new package-private ProviderState field on the provider which the SDK updates after it has successfully (or unsuccessfully) run the initialize method, and basically ignoring the previous provider state field.

This allows existing providers to work without breaking changes.

[liran2000]

@toddbaert I wonder if there can be some additional automated step to see if the sdk-contrib repository providers are not breaking, possibly as warning / non-mandatory. There is the InMemoryProvider on this repository which is a good sanity, maybe checking the other providers as well can help. Or is too much? What do you think ?

[toddbaert]

Inside the ProviderRespository, you will have to modify this private method to call the initialize function on the provider if it's not yet initialized or in the process of being initialized, then update a new package-private status member indicating readiness.

[toddbaert]

As a proof that nothing is breaking, you should be able to get away with making no changes to this provider.

[toddbaert]

Can you add a specific test for this? It relates to specification requirement 5.3.5, so you can use our @Specification annotation for tracking compliance.

[toddbaert]

Really good first pass! I've left some comments. The most important is here.

If you need more help or clarification, please reach out on slack.

[liran2000]

why this split is needed ?
without it, provider can implement shutdown() same as today and calling super.shutdown() in it.
providers which were implemented this way, can continue to work as is.
similar with initialize().

[liran2000]

rename to something like newTestEventsProvider() ?

[liran2000]

can use @SneakyThrows.
also at other places.

[beeme1mr]

^ Apparently, that's someones username 😄

[liran2000]

can use @SneakyThrows and remove try/catch ?

[liran2000]

why change the implementation and wait that much longer ?

[liran2000]

why would it return error after provider error event ?
any reference to this behavior ?

[chrfwow]

any reference to this behavior ?

No, but this is the current behaviour. See #1096 (comment) and the implementation

[guidobrei]

I have one request for change: I think the @Delegate annotation is a leftover from the Decorator approach and can be removed.

[guidobrei]

ProviderAccessor is exposed outside its defined visibility scope. OpenFeatureClient and the constructor are public, but the ProviderAccessor is package privet.

Today I learned... I would have expected the compiler to not allow such constructs.

[chrfwow]

How should I handle this? Should I make the constructor package private, as it is deprecated anyway?

[guidobrei]

I would add a package internal accessor to getProviderStateManager(String domain) in OpenFeatureAPI . Then you can access the state manager in the client and you can remove the ´ProviderAccessor` interface completely.

[toddbaert]

Done: 45e9ba2

[guidobrei]

We had some effort in parallel to handle evaluation errors without exceptions in #1095.

@toddbaert does this also apply to unexpected Provider states?

In general, how do we handle provider state here? If it's now managed by the SDK, does it only forward the evaluation calls to the provider, if it is in READY state, or in any state except NOT_READY and FATAL?

[chrfwow]

Currently we only forward calls if the provider is not in error (or fatal), which differs from the implementation of the InMemoryProvider, where they are only forwarded when the provider is READY. Is this what we want?

[toddbaert]

Currently we only forward calls if the provider is not in error (or fatal), which differs from the implementation of the InMemoryProvider, where they are only forwarded when the provider is READY. Is this what we want?

Yes, this is what we want. Some providers may be in an ERROR state, and still work in some sense (they may send error telemetry, or read from an out-of-date cache, or even try to reconnect before returning). The only states that should short-circuit are FATAL and NOT_READY. In these cases we can be sure the provider hasn't connected at all or is in such a bad state (FATAL) that it's pointless to even use and will never recover (perhaps a bad credential or something like that). This is defined in the spec (and implemented in other SDKs):

https://openfeature.dev/specification/sections/flag-evaluation#requirement-177
https://openfeature.dev/specification/sections/flag-evaluation#requirement-178

As far as throwing errors, yes - it would be better if we could instead return error resolutions but still run the error hooks, as we do in #1095 , to avoid the cost of creating the stack trace and exception.

[guidobrei]

I know I've requested this, but maybe it's better to not expose this on the public API surface unless someone requests it. We could also get rid of the additional code in the ProviderRepository that handles this request again.

Sorry for being too greedy 🙈

[guidobrei]

This overload would return a null state if the provider is not registered, which is what I would expect (or an exception?), but it's still different to the behavior of other getProviderState() overloads.

[toddbaert]

Yes I guess the only reason this was done was for this assertion which we can avoid. I agree we should remove these methods.

[toddbaert]

Done: 45e9ba2

[toddbaert]

We can instead get a client (even before we set the provider) and then check the Provider state there, so we can remove this public getProviderState as @guidobrei suggests.

[toddbaert]

Done: 45e9ba2

[toddbaert]

@chrfwow I think I agree with @guidobrei 's points. Thanks for being so patient with all these reviews! I think we're almost there but I think the last few changes seem small.

[toddbaert]

I pushed another changeset to resolve @guidobrei 's suggestions: 45e9ba2

[sonarqubecloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[toddbaert]

Thanks @chrfwow for all your help with this! It works great in the contrib repo so far.

[chrfwow]

It was a pleasure!