[nexus] Make project creation unwind safe, add tests#2087
Conversation
| let (_authz_project, project) = | ||
| sagactx.lookup::<(authz::Project, db::model::Project)>("project")?; |
There was a problem hiding this comment.
| let (_authz_project, project) = | |
| sagactx.lookup::<(authz::Project, db::model::Project)>("project")?; | |
| let (.., project) = | |
| sagactx.lookup::<(authz::Project, db::model::Project)>("project")?; |
Would this work?
There was a problem hiding this comment.
They're functionally the same; I was just being explicit about "what is the unused value" in this case since deserialization is particularly important on the lookup function, which is generic based on the type parameters.
There was a problem hiding this comment.
Also, to be pedantic in the context of let binding:
let (.., foo) = ...means "destructure and bind one or more values to the anonymous "...", but only bind the last value tofoo"let (_, foo) = ...means "destructure and bind exactly one value to_, and bind the second value tofoo"let (_unused, foo) = ...means "destructure and bind exactly one value to_unused, and bind the second value tofoo"
Technically in cases (1) and (2), since the bind is anonymous, it also goes out of scope, and drop is called immediately on the unnamed values. In contrast, in (3), drop is only called on _unused when it actually goes out of scope.
However, I don't think authz::Project has a drop implementation, hence why this is the same.
So it's not exactly the same, but it's basically the same - I just used this for readability, since the types of values being pulled out of the sagactx.lookup are important to get right, and caller-specified.
plotnick
left a comment
There was a problem hiding this comment.
Left a (non-blocking) security related question, but otherwise looks great, especially the tests; verify_clean_slate is awesome and I'll be stealing that idea in the future.
Co-authored-by: Alex Plotnick <alex@oxidecomputer.com>
Part of #2052