Idempotent interaction Not Found

OpenDNSSEC can be a bit zealous when reporting errors of the kind "that was already done". For scripts, this can complicate situations where other contextual conditions force it to retry a command execution, and lead to more administrative effort around OpenDNSSEC.

Idempotence is an algebraic term which comes down to "the impotence of idem", or doing some things again may not be harmful, like painting red over a red wall. In operational terms, one could state that an operation may terminate without failure if a desired post-condition was already established. This specifically applies to the exit-code which is important to scripts; there may be nothing wrong with a warning or remark about the post-condition already having been established.

Idempotence is conceptually different from forcing things. For example, "rm -f xxx" will not complain if file "xxx" was already deleted, but also remain silent when "xxx" was a read-only file. For quite many operations, idempotence is harmless where forced behaviour is often potentially dangerous.

In OpenDNSSEC, idempotence could make sense in the following operations; please add a Comment if you can see more:

• removing zones/keys/...
• adding zones/keys/... (check that all settings match before returning OK)
• rollover requests
• ds-seen
• ds-unseen (for 2.0+)

For 1.x, please consider adding a --idempotent flag in all the places where it could help script authors. Without the flag, there would be no change in behaviour and with it the exit code may be more favourable when the post-condition applies at the onset of the command.

For 2.x, please consider making idempotence the default behaviour, in light of its harmless distinction from --force-xxx alternatives. When making this choice, it would be agreed that any remaining deviation from idempotence counts as a bug. If decided against idempotence as a default behaviour, please consider adding a --idempotent flag in all places where it could help script authors.