Current state: Under Discussion
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Currently if a transactional producer hits a fatal exception, the caller usually catches the exception and handle it by invoking abortTransaction to abort the transaction, and then closing the producer, which makes sense and sounds clean. The tricky scenario is that abortTransaction is not a safe call when the producer is already in an error state, which means user has to do another try-catch with the first layer catch block, making the error handling pretty annoying. It is more appropriate and user-friendly to ensure that the producer client does not throw the same exception again while aborting transaction.
Our proposal is quite straightforward and simple. To avoid throwing the same exception twice, we would remember whether a fatal exception has already been thrown to the application level, so that in abortTransaction we will not throw it again, thus making the function safe to be called in an error state.
We shall modify the comments on abortTransaction and remove all exceptions except TimeoutException and InterruptException.
Suggested Coding Pattern
With this proposed change, users may use transactional APIs as follows.
Compatibility, Deprecation, and Migration Plan
Our proposed change can be considered as minor. In users' perspective, they have less exceptions to worry and handle when calling abortTransaction.
- Internally abort any ongoing transaction within `producer.close`, and comment on `abortTransaction` call to warn user not to do it manually.
- Similar to 1, but get a new `close(boolean abortTransaction)` API call in case some users want to handle transaction state by themselves.
- Introduce a new abort transaction API with a boolean flag indicating whether the producer is in error state, instead of throwing exceptions
- Introduce a public API `isInError` on producer for user to validate before doing any transactional API calls
The alternatives are rejected because they all require bigger changes.