# Column Mutability

## Metadata

```
---
authors: Philip Lykke Carlsen <philip@hasura.io>
discussion:
   https://github.com/hasura/graphql-engine-mono/issues/2407
   https://github.com/hasura/graphql-engine-mono/pull/2507
---
```

## Description

Various features of databases influence the set of columns that should be
exposed under different circumstances. Examples of this include Identity Columns
and (DB) Generated Columns [^1].
[^1]: https://www.postgresql.org/docs/14/sql-createtable.html

This RFC proposes to add the basic, shared concept of _Column Mutability_ with
the goal of simplifying the implementation of features including those mentioned
above and similar, as well as improving code reuse, specifically for Schema
Generation.

### Problem

In order to motivate this proposal, we'll start with a historical summary a
previous effort of implementing support for handling identity columns.

Identity Columns were introduced as first class concept, present throughout the
different parts of the implementation that needed to adapt its behavior
depending on them.

What we didn't know at the time was that this would turn out to be awkward,
because identity columns in Postgresql and MSSQL have different semantics. And
because Postgres even has two variations of identity columns which need to be
treated differently. (More on this later)

The specific way in which this turned awkward was in the schema code. We want to
avoid duplicating this code, so that we produce consistent schemas across
backends. However, in order for this code to deal correctly with different
behaviors of different identity column variants it had to accept further
backend-specific customization options (or, hypothetically, be refactored).

Concretely, apart from case-switching on whether columns were identity columns
or not the code was amended with the (`class Backend b` type-level) feature flag
`type XOnConflict b`, indicating whether a backend would support
`_on_conflict`-based upserts. [^2]

[^2]: MSSQL would not support upserts, as a concession for us missing an
  implementation that would distinguish between what columns to insert and what
  columns to update owning to `_on_conflict` being part of `insert_` mutations.

Then came [issue #7557](https://github.com/hasura/graphql-engine/issues/7557),
and we realised the importance of distinguishing between `GENERATED BY DEFAULT AS
IDENTITY` and `GENERATED ALWAYS AS IDENTITY` identity columns in Postgres. [^3]

[^3]: `BY DEFAULT` may be inserted but not updated, while `ALWAYS` may neither.
  So now that the PG backend had a concept of id cols it would interpret them the
  same way as in MSSQL (which are more similar to the PG `ALWAYS` kind), meaning
  one user's insert mutations on a table with a `GENERATED BY DEFAULT` identity
  col suddenly stopped working, because the id col was elided from the schema!

To summarize, it seems our approach to modelling identity columns was
inappropriate: We introduced a single _Identity Column_ modelling concept which
had to cover for the various idiosyncratic variants between (and within!)
databases, and as a result the shared schema generation code needed to know
about different backends' idiosyncracies.

### Why is it important?

At the level of concrete features our product should support, Identity columns
are already something our customers rely on (as evidenced by issue #7557). On Postgresql,
Identity Columns are even the recommended successor to `SERIAL` columns [^4].

[^4]: [Don't use serial](https://wiki.postgresql.org/wiki/Don%27t_Do_This#Don.27t_use_serial):
     > For new applications, identity columns should be used instead.
     >
     > Why not?
     > 
     > The serial types have some weird behaviors that make schema, dependency,
     > and permission management unnecessarily cumbersome.
   
Additionally, a generic type of generated columns (database backed rather than
GraphQL Engine backed) could also be an attractive feature to support, which
should be easy to build on top of this proposal.

On a more meta-feature level, faithfully exposing relational databases on
GraphQL is our bread and butter. Being able to develop new features confidently
with less effort is an important enabler of this.

Our ability to achieve this (and thus the quality of the finished product)
is affected by our choices of the abstractions that we use to express our solution.
Therefore it's important we pick those that enable us rather than hamper us.

### Success

This effort is a success once insert, update, and upsert mutations are implemented
using a backend-agnostic notion of column mutability, unaffected by backend-specific
concepts such as Identity Columns and Generated Columns.

## How

This specific proposal describes an implementation strategy and does not itself
have any user visible aspects. 

Implementing this proposal in a basic form amounts to three conceptually simple
things:

1. Amend the table metadata with column mutability information. E.g. by changing
   `Hasura.RQL.Types.Column.ColumnInfo` or
   `Hasura.RQL.Types.Table.TableCoreInfoG`. We should be able to record whether
   each column is insertable and updatable at the least.
2. Updating the schema generation code to respect this new metadata. Points of
   interest include update mutations, insert mutations, and insert with
   `on_conflict` (the `update_columns` field should only contain updatable
   columns).
3. Updating the permissions code to respect this new metadata. Column Update
   Permissions should apply to only updatable columns etc.

In the actual table metadata collection code we may initially just mark every
column as insertable and updatable, unless the work is in the context of
e.g. implementing identity columns.

### Effects and Interactions

This feature may be perfectly well confined to the server. It might be
interesting however to show or use the column mutability information in the
Console, for example to reflect to a user how HGE is understanding their
database schema.

### Alternatives

If you do not have a generic concept of column mutability, all features that
influence the set of columns exposed in certain situations will have to
themselves deal directly with those situations.

Examples of code in an implementation without generic column mutability:
* Schema generation needs to know and understand the concepts of Identity
  Columns, and Generated Columns. These work differently across backends, which
  hampers code reuse.
* Permissions need to know about Identity Columns, and Generated Columns,
  because Update Permissions don't make sense those columns. But only sometimes,
  and that in backend specific ways.

### Costs and Drawbacks

A drawback of using this approach over the alternatives is that, as a feature
implementer you need to know prior knowledge of the column mutability feature in
order to exploit it. Nothing prohibits you from implementing some feature in
parallel, that could have benefited from using it.

But then again, if not exploiting the column mutability feature, you would have
to know about all the relevant interactions of column mutability in order to
produce a well-rounded feature.

Another drawback is that this could potentially result in poor usability if it
turns out that some features need to be handled more specifically than just
including or excluding columns depending on their mutability affords.

A somewhat mild but illustrative example of this is a user wanting to update a
non-updatable column and being puzzled as to why this column is not present as a
field in the update mutation.

This concrete example could be remedied by annotating the metadata that
indicates mutability with a human-readable text describing the cause, which we
could then display in the console.

But care must be taken: In the (contrived) case that we wanted to, say, give
rich error messages in response only to update mutations that mention identity
columns but not those that mention generated columns, we would have encountered
a need that is not met by a generic column mutability concept. That would leave
us having to overload/pollute column mutability with data and logic for dealing
with non-universal edge cases, and we wouldn't have achieved anything.

### Unresolved Questions

> A place for authors to list out open questions
> Ideally, it would serve as a collection point for others to chime in during
> the review process to either identify their own questions or offer potential
> solutions

### Future Work / Out of Scope

As stated earlier, this RFC does not directly imply any application of its
ideas. Applications such as Identity Columns are treated separately.

Here is a first attempt at looking more closely at how Identity Columns would
use Column Mutability to fulfill its needs:

* In MSSQL.

  We have a couple of options for how we want to identity columns to work.

  ```
  IDENTITY(..), with SET IDENTITY_INSERT => not updatable, insertable
  ``` 
  (This variant will also require specific handling at SQL translation)

  ```
  IDENTITY(..), w/o  SET_IDENTITY_INSERT => not updatable, not insertable
  ```

* In Postgres

  Similarly to MSSQL, we need to choose how to handle one flavor of identity column:

  ```
  GENERATED ALWAYS AS IDENTITY, with OVERRIDING SYSTEM VALUE => not updatable, insertable
  ```
  (This variant will also require specific handling at SQL translation)

  ```
  GENERATED ALWAYS AS IDENTITY, w/o  OVERRIDING SYSTEM VALUE => not updatable, not insertable
  ```

  The third variant does not even register:
  ```
  GENERATED BY DEFAULT AS IDENTITY => updatable, insertable
  ```

* General Computed Columns, as supported by all of MSSQL, PG 14, and MySQL:
  `generated => not updatable, not insertable` 
  
Note: Careful inspection of the above suggests that the
upsert-via-insert+on_conflict schema should work for both MSSQL and Postgresql,
regardless of the flavors we choose to support. The only troublesome combination
is `updatable, not insertable` which is absent above. [^why-troublesome]

[^why-troublesome]: The reason `updatable, not insertable` is troublesome is that the values to be upserted are given as:
      ```
      insert_some_table(
        objects: [{ <values here> }],
          on_conflict: { update_columns: [<columns to be updated>], ...  }
      )
      ```
      We want to elide fields `not insertable` from the schema of `<values here>`,
      but that is also the place where values upserted go.

Also, for something completely different, it might be interesting to make column
mutability something a user can specify. This use case does however have some
overlap with the Columns Permissions feature.