make defacto public fields actually public #1526
Conversation
Created using spr 1.3.6-beta.1
ahl
left a comment
ahl
left a comment
There was a problem hiding this comment.
Does it follow that a field that is deserialized should be pub? I'm not sure that's always the case. For pagination in particular, I could argue that shielding users from this internal detail might be a feature?
| /// Consumers should use | ||
| /// [`RequestContext`][crate::handler::RequestContext::page_limit()] | ||
| /// to access this value. |
There was a problem hiding this comment.
what about this? I'm not sure I recall the rationale here; perhaps to preserve our ability to change things in the future?
There was a problem hiding this comment.
It's not possible to preserve the ability without a breaking change, since this is directly exposed in the HTTP endpoint.
There was a problem hiding this comment.
Mentioned elsewhere but so this is not lost: the reason this is not pub is because it is almost certainly the wrong thing for consumers to read it so it would be a footgun to expose it to them. They should be using page_limit(). (This field is the limit the user (untrusted) may have provided. page_limit() looks at this, but validates it (if specified) and provides a default (if not).)
| struct SerializedToken<PageSelector> { | ||
| v: PaginationVersion, | ||
| page_start: PageSelector, | ||
| pub v: PaginationVersion, | ||
| pub page_start: PageSelector, |
There was a problem hiding this comment.
I'm not sure I follow--this type isn't public, right?
There was a problem hiding this comment.
ah yeah this type isn't public, my bad
If there's no validation as part of deserializing, yes. Not having it be pub (or similar, e.g. a constructor) is misleading.
But it's not an internal detail, since it is exposed via the deserializer, in the JSON schema, etc. Making it private gives the misleading impression that it is an internal detail, which is exactly the problem here. |
|
I feel somewhere in the realm of ambivalence and indifference: I don't think this addresses any particular need which makes me inclined to leave it as-is (in particular in light of that comment). However I don't feel at all strongly so... 🤷 |
I don't follow this logic. What's wrong or misleading about having a I think it's rather misleading to make these In the specific case of |
|
Oh sorry, thought I linked the specific use case for this over here -- it's oxidecomputer/omicron#9723 where I had to go through
That does seem like a special case where it would be okay, but personally that's not how I'd write it. I'd not expose I do think this is out the window the moment a JSON schema is exposed, since that is part of the public API. |
|
Ah, I understand better and replied over on the Omicron issue. |
|
Closing in favor of #1528. |
sunshowers
deleted the
sunshowers/spr/make-defacto-public-fields-actually-public
branch
These fields are effectively public through the
Deserializeimpl -- make them public to align with this fact.I searched for
Deserialize(case-sensitive) in dropshot/src and these were the main ones I could find. There's alsoDeserializedConfigDropshotbut that isn'tpub.Closes #1525.