Principle for treating configuration errors

[leventov]

This issue is about creating a policy, or principle, for treating wrong configuration.

There are two approaches: failure (raise an exception) or warn and continue operation if the nature of the configuration parameter permits this. Here: #7562 (comment) I proposed failure, but I'm ambivalent to whether this is right. Just warning also has an appeal, see "Define errors out of existence" idea here (or in a book "A Philosophy of Software Design"). So if somebody believes strongly in warning, I would support this policy.

The policy may be more detailed, prescribing failure or warning in different situations based on some criterion.

[drcrallen]

I don't believe there is a single best way to handle wrong configuration. I propose the severity of the reaction be related to the detectability and impact of the failure mode.

As a simple example, if I have a config option I know is coming in 0.16.0, and I put it in a config file for 0.15.0 knowing it will be ignored in that version, I expect the system to politely ignore the config. Likewise if a config option is deprecated in 0.15.0, and will be gone in 0.16.0, then the system should warn of the use of a deprecated option during the 0.15.0 transition release.

Part of the reason I am against outright failure on all configuration problems is that there are many ways configurations can be odd and not actually a problem, and possibly even intended.

I propose having an outright error only in cases where the system effectively says "You have not told me what to do and I have no reasonable default, or you have told me too many things to do and I can't reconcile them."

Examples of the first case are things like passing in arrays when single values are required (parsing). Examples of the second are when multiple things are defined for a singleton. But even then that is only if they can't be reconciled (ex: just take the last one sequentially in the properties file)

[leventov]

I propose having an outright error only in cases where the system effectively says "You have not told me what to do and I have no reasonable default, or you have told me too many things to do and I can't reconcile them."

Sounds reasonable to me.

Would you like to propose a PR with a file like dev/code-review/configuration.md where this principle is written down as a rule which can be referred to in answers to questions like this one: #7562 (comment), or discovered by developers directly?