[refactor] #3501: Rewrite macros for generating configuration

[mversic]

Description

Linked issue

Closes #3501 #3504

Benefits

Checklist

• I refactored the config
• I am addressing comments (25/50)
• Final re-review

[0x009922]

I like new approach - ConfigurationBuilder is clearer than ConfigurationProxy, and macro generates default fallback, allowing to define only required fields in the config, which solves:

• [suggestion] Make most of the configuration parameters optional #3501

[0x009922]

Peers traversal order determinism doesn't matter anymore?

[mversic]

good point. I'm not sure if the order was preserved in the previous impl. I have fixed it now

[0x009922]

Nvm, I was confused and messed HashSet with BTreeSet. The order doesn't matter for HashSet.

However, the method is called "deserialise unique trusted peers", so it does make sense to return a set, not a list.

[mversic]

order of peers is relevant for consensus so it should be a vector

[0x009922]

Okay, but what about uniqueness?

[mversic]

the body of the function throws an error if they are not unique

[mversic]

I should add validation for the setter method

[0x009922]

the body of the function throws an error if they are not unique

It's better when validation result is expressed as a type that cannot be created without that validation (parse-not-validate).

[appetrosyan]

This is not touched upon in the documentation. Semantically this is a Set. The functional programmer would say "add a transparent newtype with deduplication semantics and iter", like @0x009922 suggests.

The imperative programmer in me thinks "Just use vector, people working on consensus have to read the docs anyway". If you're feeling fancy, call it

type PeerSet = Vec<PeerId>

[0x009922]

Maybe, make this function #[cfg(test)] then?

[mversic]

unfortunately no because it's used in integration benches which are compiled into a different crate. cfg(test) only works for unit tests

[appetrosyan]

One workaround which I don't think we ever considered was separating tests by debug status. We're not currently running tests in release, and if we did, we shouldn't be using private API anyway.

[mversic]

One workaround which I don't think we ever considered was separating tests by debug status. We're not currently running tests in release, and if we did, we shouldn't be using private API anyway.

this might be a good idea. We could rely on debug_assertions to separate tests that test API that is kinda private

[0x009922]

You say that it doesn't mean that the field should exist in the final configuration. Instead, it means that the user should provide it anyway. In other words, such a field doesn't have a default value, and it can't be None in the final configuration.

So, now it works this way (as I understand):

#[derive(Configuration)]
struct Config {
  // has default value
  foo: u32,
  // this fields doesn't have a default value
  #[config(required)]
  bar: u32,

  // some field you want to be completely optional, even without a default value
  // not possible now?
  // baz: Option<u32>
}

impl Config {
  const DEFAULT_FOO: u32 = 512;
}

Expanded:

struct ConfigBuilder {
  foo: Option<u32>,
  bar: Option<u32>
}

struct ConfigBuilder {
  foo: u32,
  bar: u32
}

Compare with this:

#[derive(Configuration)]
struct Config {
  // this field is not required for the user to provide, because it has a default fallback
  #[config(default_value = "512")]
  foo: u32,

  // this field doesn't have a default fallback, so user should provide it in some way
  bar: u32,

  // neither a default-fallback-able field and a required field
  // not sure it is needed now though
  #[config(optional)]
  baz: u32
}

Expanded:

struct ConfigBuilder {
  foo: Option<u32>,
  bar: Option<u32>,
  baz: Option<u32>
}

struct Config {
  foo: u32,
  bar: u32,
  baz: Option<u32>
}

impl Config {
  const DEFAULT_FOO: u32 = 512;
}

impl ConfigBuilder {
  fn build(self) -> Result<Config> {
    Ok(Config {
      foo: self.foo.unwrap_or(Config::DEFAULT_FOO),
      bar: self.bar.ok_or_else(|| MissingField("bar"))?,
      baz: self.baz
    })
  }
}

In the second option:

• You don't have to manually specify DEFAULT_FOO - it is generated by macro from default_value attr.

• You have a default value specified right next (well, before) to the field itself

• You don't need to specify that the field is required: it is required by definition unless it doesn't have a default value.

• You can have a completely optional field. I am not sure that we need it now, but you can painlessly add it later.

• You have default fallback in ConfigBuilder::build(). Current way to have defaults is to merge ConfigBuilder::default() with ConfigBuilder::from_file() with ConfigBuilder::from_env() and then finally call .build():

  fn build(self) -> Result<Config> {
    Ok(Config {
      foo: self.foo.ok_or_else(|| MissingField("foo")?,
      // ...
    })
  }

  Imagine that foo has a default value. Thus, this error will never be thrown, semantically, right? Field with a default value could never be missing.

  However, if you simply merge ::from_file() with ::from_env() and then fallback to default in .build():

  fn build(self) -> Result<Config> {
    Ok(Config {
      foo: self.foo.unwrap_or(Config::DEFAULT_FOO),
      // ...
    })
  }

  you don't even need to check for the field existence, you simply fallback. This way more clearly expresses that a field with a default value could not throw a MissingField error.

[0x009922]

It seems that the final Configuration should not have any Nones, otherwise you will get a missing field error. Is it the case? Isn't it possible that the final configuration could have an empty field that is not defined neither by user and by defaults?

Also, it would be nice to refactor code so that fields with default values could never throw a MissingField on a static-level. See my root review comment with an explanation.

[appetrosyan]

These questions feel like they need to be phrased as tests.

One thing we found was useful was pair programming. You could contribute those directly to @mversic 's fork and expedite the invariant discussion.

[0x009922]

Also it might close:

• [suggestion] use defaults for unspecified config params #3461

[appetrosyan]

Relevant for #3528.

[appetrosyan]

Suggested change

	.expect("Valid");
	.unwrap();

[appetrosyan]

Suggested change

	.expect("Valid");
	.expect("Max transactions in block = 2 is sensible. Trusted peers could be not sensible, which is why this function should have Returned `Result`, but we might as well panic here. These are the only two required fields.");

[appetrosyan]

#3528 is to avoid this issue of having to justify all the values in the panic message, while retaining the strict guideline of only panicking in cases where the error is not recoverable or unreachable.

[appetrosyan]

API inconsistency. For trusted peers order either matters or it doesn't. Personally, just accept a PeerSet and make it a newtype builder with SmallVec backing.

[appetrosyan]

Suggested change

	.expect("This account ID should be valid");
	.expect("`account_id` is invalid, see https://hyperledger.github.io/iroha-2-docs/guide/rust.html#_4-registering-an-account. ");

Ideally this should point to an API doc, but that's blocked by #1639.

[appetrosyan]

Not actionable:
Ideally, point to API doc that shows which fields are required. The error message will tell us the rest.

[appetrosyan]

Consider use WsvConfiguration::*.

Unlike C++, Rust's imports are checked for conflicts and are scoped, so we can get away with shortening qualified paths more aggressively.

[appetrosyan]

Consider set_key_pair((public_key, private_key)). It saves one line, but in a lot of places.

[appetrosyan]

One workaround which I don't think we ever considered was separating tests by debug status. We're not currently running tests in release, and if we did, we shouldn't be using private API anyway.

[appetrosyan]

Fixing #3461 was a trivial one-line change. I would instead focus on getting good defaults.

[0x009922]

About optional fields. Now it is possible to define them as Option<..>. In the ConfigurationBuilder they become Option<Option<..>>. Could we avoid it?

[0x009922]

You said that this PR closes #3504, but this field is still in the user-facing configuration, and user still should not provide it. This field simply should not be in ConfigurationBuilder.

What does #[view(ignore)] means? Why isn't it specified under #[config(...)]?

[0x009922]

I think we can use config(nested) and move this boilerplate into the macro.

[0x009922]

default = "= "127.0.0.1:5555"" ?

[0x009922]

I would prefer const panic!. Also, for complex defaults you can define a separate const (AFAIU):

const DEFAULT_BLOCKS_PER_STORAGE: NonZeroU64 = match NonZeroU64::new(1000) {
  Some(x) => x,
  None => unreachable!()
};

// ...

#[config(default = "DEFAULT_BLOCKS_PER_STORAGE")]

[0x009922]

Suggested change

	pub fn override_with(&mut self, other: Self) -> &mut Self { #(
	pub fn merge(mut self, other: Self) -> Self { #(

[0x009922]

What about optional fields, which might be None in the final configuration?

[appetrosyan]

Not actual.