Part of https://discourse.jujucharms.com/t/read-before-contributing/47, an opinionated guide by William Reade
User operations must be simple and valid
What does that imply? First of all, it implies that user actions need to
be simple and easy to validate. Deploy a service, add a machine, run
an action, upgrade a charm: all these things can and should be
represented as the simplest possible record of user intent. That’s the
easy bit – so long as we’re careful with mgo/txn, individual user
operations either happen or don’t.
Screwing that bit up will break your feature from the word go, though,
so please keep it in mind. You must validate the changes sent by the
client, but you must not depend on the client for any further input or
clarification, because
EVERYTHING FAILS
and if you rely on the client sticking around to complete some process
you will end up stuck with inconsistent data in some paying client’s
production DB, and you will have a Very Bad Day, replete with
opportunities to make it Much Much Worse.
Those days are almost as fun as they sound.