-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Parameter validation features #807
Comments
Yes, absolutely, to both. We just ran out of time after getting the read-only parameters in.
I'm honestly not sure of the implementation, I'd have to look at it again. But generally these tests should happen and abort before the user callbacks are called. |
Yes, it makes sense. Enforcing the parameter type for already declared parameters should be straight forward. On the other hand, for what concerns The distinction can be done depending on whether the parameters are set using If these options should be configurable on a per-parameter basis, this may require some work.
|
Yeah, this makes sense to me.
I'm not sure it is worth special casing this, honestly. It requires a bunch more infrastructure and complexity (as you outline in the prose above). What's the use case you have in mind?
This point somewhat breaks the idea of parameters being used as a blackboard...
...though this point at least makes it configurable. What's the use case you are thinking of here? |
The idea is to have parameters ownership. Let's exclude for a moment the parameters blackboard case (which should be treated as a special case).
The use-case is only to preserver the parameters blackboard functionality |
I understand the current semantic of Having a parameter only read but not written using the service API and only it to be changed by the nodes C++/Python API should be something a node can already do. Maybe there are ways to make that easier / more convenient. But I don't think that should affect the existing concept of |
Before carefully reading the documentation, I was pretty confident that the node that owns a READ_ONLY parameter would have been able to modify it.
An issue that I see with the current concept of READ_ONLY is that, even if you know that a certain parameter will never be changed once you read it, you still don't know when it will be available or not. Besides this, in order to maintain this concept and to add the possibility of having parameters that are modified only by the owner node, it will be necessary to add a new flag or to change the READ_ONLY to a 3-states variable. |
The concept we're using as READ_ONLY is a programming limitation that doesn't allow changes to the parameter even locally.
All parameters are effectively already only allowed to be changed by the owner node. If a remote node requests changes the local node has the option to validates the changes before they are applied. If the local node determines them to be invalid for any reason the remote parameter set operation will fail and report that back to the requester. This doesn't need a new state as it's already that way. It would be possible to add this as another flag that would support declaring that there's no valid use case for external changes to a parameter and that they will all be rejected. But that's getting deep into the system deployment details and looks a lot more like the permissions provided by the security models rather than something that needs to be built into the parameter implementation themselves. I think that there's definitely some tooling and improvements that we can make to make it easier for nodes to validate incoming parameter requests and implement policies for those incoming requests. But I would suggest making sure that we try not to start building another layer of "permissions" into the core API.
This use case could easily happen with an external calibration tool/node and the calibration would most optimally be updated directly by the external node. Similarly, the developer/user might want to manually update the calibration parameter and it would be perfectly valid to do so. The node would accept it and all nodes monitoring it would get the updates. If you don't want random nodes updating this parameter that's getting into security and access control for which there are other tools.
This is another case where the user might want to change the mode of operation. If it's a parameter but you can't set it remotely, you'd have to create a special standalone service "change mode parameter" that will then do an end run around the default "change mode parameter" option is disabled. And proper validation is still important. It may be invalid to requested a transition from mode A to mode C without going through mode B first. Something like the requiring you to unset before you change types etc seems like a validation policy that could be somewhat generically applied with some convenience helper tools. But if that's clearly documented what value does it provide for that policy to be fully introspectable? And is that worth the extra complexity? |
@tfoote You are right that access control allows to do that, however access control also requires an additional layer of authentication and moreover, as far as I know, SROS2 has specific requirements for the DDS implementation in order to be used. I agree that instead of adding validation steps inside
The callback does not scale at all, assuming that I have more parameters. As you say, it is already the case that parameters are effectively changed only by the owner node (eventually after receiving a service request). In this scenario, I don't see the need for having some parameter constraints in the You recently added support for multiple validation callbacks.
Maybe we could enforce that every callback should check 1 and only 1 condition. This would reduce the code to something like
The lambda should be able to access the current ParameterValue and only has to return true or false. Then, how to return the result can be handled internally by |
Absolutely, and steps towards making it easier to configure / use / customize are highly appreciated.
These meta information are available to allow e.g. provide a user interface to change the parameter value. For numeric values the range enable to use a slider with known boundaries. |
To chime in, I believe much of the existing validation (type, ranges, read-only) that exists as fields within the I already files an issue ros2/rcl#481 in the rcl repository requesting support in the yaml parser, so in rclcpp For the case of a "parameter_blackboard", this feature would be crucial, so as to allow validation support and descriptions for parameters that are declared automatically. Moreover, additional validation criteria (like those mentioned in this ticket thread) added later into the |
There's an ongoing discussion of parameter type enforcement in ros2/ros2#720.
I think that having both "READ_ONLY" and "CONSTANT" parameters make sense.
I think that we should restrict when a parameter can be unset, I'm not sure if allowing only the parameter owner to do it is the right way.
I don't understand why that needs to be added. Can you further explain?
I think that being able to specify a descriptor from a parameters file is a good idea. |
I went through the Read Only Parameters PR #495 and I experimented a little with Parameters validation via
set_on_parameters_set_callback
.I think that there are 2 important features missing:
READ_ONLY
is too restrictive. The following use-cases should be also possible: a parameter can be modified, but it can't be deleted; a parameter can be modified only by the node that declared it.bool
I can't set it to a string or something else.Both these things can be already done with a custom callback in
set_on_parameters_set_callback
, but it's quite verbose and not well documented.Do you agree that these features should be present?
In case, should they be part of the
ParameterDescriptor
? I was reading about creating a custom structure for parameter constraints, but I haven't found a conclusion.The text was updated successfully, but these errors were encountered: