Fork me on GitHub
#clojure
<
2020-01-13
>
Ashwin Bhaskar09:01:46

Has anyone used migratus with postgres where in a migration has multiple ddl statements in the same migration file? This is my migration file

CREATE INDEX foo ON baz USING GIN(col1); -- GIN Index (array)
--;;
CREATE INDEX foo1 ON baz USING GIN(col2); -- GIN Index (array)
--;;
CREATE INDEX foo2 ON baz USING GIN(col3); -- GIN Index (array)
--;;
I have done as this link suggests - https://github.com/yogthos/migratus#multiple-statements, i.e add --;; after each statement. But I get this error
Execution error (PSQLException) at org.postgresql.jdbc.BatchResultHandler/handleCommandStatus (BatchResultHandler.java:92).
Too many update results were returned.

p-himik10:01:19

I use migratus, and --;; works fine for me. One suggestion - maybe CREATE INDEX with GIN returns more than one row? If so, you can try wrapping each statement in DO:

DO
$$
    BEGIN
    [... your statement here ...]
    END
$$;
Even if that doesn't work, it's helpful when you need to execute some function that returns something but you only needs its side-effects.

kwladyka14:01:27

So far I found https://flywaydb.org/ the best for migrations. There is Clojure wrapper. But I was checking possibilites last time 1-2 years ago.

kwladyka14:01:35

Anything new worth to try?

p-himik14:01:50

I'm perfectly fine with migratus so far. It's pretty simple, allows SQL and CLJ migrations.

Ashwin Bhaskar03:01:39

@U2FRKM4TW you were right. Create Index with GIN was returning multiple rows. Wrapping each statement in DO did the trick. Thank you:)

👍 4
roklenarcic18:01:33

I’m using selmer templates… is there a way to pull a value out of hashmap based on another variable? In most templating laguages you can do something like this some_obj.my_map[keyvar]

roklenarcic18:01:16

so like my_map.keyvar but the value of keyvar should be used instead of the name

seancorfield18:01:28

@roklenarcic Pretty sure we ended up writing our own "getter" for that situation... let me check...

seancorfield18:01:42

Yeah, we wrote a get filter

(selmer-f/add-filter! :get (fn [m k] (get m k)))
and use it like this:
{{params.children|get:@page.pageId}}
so it deferences page.pageId and uses that value as the key within params.children -- looking at it, I think we are only using it in resources, not filters, and we have additional code to dereference values in resources (any arg beginning with @) so I don't think the above is sufficient on its own...

Eduardo Mata18:01:25

hello y'all. Everytime I run my jar file I get this obnoxious warning. I know they are harmless but I don't like them. How can I remove then

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.xnio.nio.NioXnio$2 (file:/home/stlalo/Workstation/com.bayzyen.ingest/target/com.bayzyen.ingest.jar) to constructor sun.nio.ch.EPollSelectorProvider()
WARNING: Please consider reporting this to the maintainers of org.xnio.nio.NioXnio$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

seancorfield18:01:30

You can't, until that library you are using is updated to be more compatible with Java 9+

seancorfield18:01:05

@contact904 You may want to check if there's a more up-to-date version of the library you're using...

Alex Miller (Clojure team)18:01:16

you could try --illegal-access=deny - this actually provides more feedback to the Clojure reflector and it will look up the chain, possibly finding a public interface that does not violate the module constraints

Jakob Riishede Møller19:01:47

Hi I am new to Clojure In https://clojure.org/reference/java_interop#typehints it says "Normally, one should avoid the use of type hints until there is a known performance bottleneck." In what way can it be a bad idea to use type hints? I am considering using them everywhere - why should I not? I'm thinking that if type hints were required, it would be possible to improve IDE support.

Alex Miller (Clojure team)19:01:55

just the general, "why say stuff you don't have to"

Alex Miller (Clojure team)19:01:58

I don't know the detailed status of whether various tools leverage type hints for completion etc

Jakob Riishede Møller19:01:46

Well, maybe they do, but not statically

Jakob Riishede Møller19:01:46

I think it is misleading to write that something should be avoided if the reason is in fact: you don't have to - sorry

bfabry19:01:51

"your code will be more difficult to read for the community or experienced clojurists that you hire"

👍 8
Jakob Riishede Møller19:01:04

Well - maybe I should look for another language :face_with_rolling_eyes:

Alex Miller (Clojure team)19:01:44

I think new Clojure users tend to over-hint and this more speaks to that? Also, hints are just that, and if they are wrong, the code can still work reflectively, so in that, maybe unusual, case it's like having old comments that are no longer in sync with the code

👍 4
Alex Miller (Clojure team)19:01:07

I tend to usually write my code to be warning free as well, and that's certainly not a bad thing

Jakob Riishede Møller19:01:34

I would like warnings and error to be shown

vemv23:01:19

*warn-on-reflection* true and *unchecked-math* :warn-on-boxed can be handy. Personally I run them only in CI, informatively.

Alex Miller (Clojure team)19:01:19

there are some very good linters now that can be integrated into your toolchain, like joker or clj-kondo

Jakob Riishede Møller19:01:30

I have looked at Elm too - apparently they guarantee that you will NEVER experience run time errors because that language has quite the opposite attitude regarding type hints

bfabry19:01:01

a guarantee for no runtime errors is impressive

Jakob Riishede Møller19:01:29

I have tried to force a runtime error - I could not

Jakob Riishede Møller19:01:46

(when there were no static errors)

Jakob Riishede Møller19:01:58

Actually, I am impressed by Clojure and most of the documentation, but this seems like a weakness

seancorfield19:01:34

It's a trade off. Languages like Elm and Haskell take a very different approach to Clojure. Some folks like static types, some don't.

Jakob Riishede Møller19:01:01

Why don't you like static types?

borkdude19:01:17

fwiw clj-kondo does use type hints to statically warn you about mistakes like (defn foo [^long x]) (foo "not-a-long")

bfabry19:01:50

it's provably impossible for a language to be able to statically prevent all possible errors. that said, static typing certainly does prevent some class of errors. clojure is a dynamic language and the people who write it and most of those who use it believe that the class of errors prevented by static typing is usually not worth the cost of static typing. we all respectfully agree to disagree, basically. it's definitely worth every programmer's time to try both styles extensively to see how they feel about it

☝️ 8
seancorfield19:01:54

This discussion should probably move to #other-languages if we're going to wander off from discussing Clojure itself...

👍 8
borkdude19:01:01

I'm not saying that you should litter your code with type hints, but if they're there, why not use 'em

borkdude19:01:42

@jakob.riishede.moller Probably an interesting talk to watch: Maybe not, by Rich Hickey, the author of Clojure. He explains a couple of "costs" of type systems, where they get in the way. It's not all black and white: type systems have benefits, but also costs.

👍 8
seancorfield19:01:49

@borkdude You're also welcome to come over to #other-languages to continue the discussion.

Luke Schubert19:01:04

is there anything resembling a security oriented static analysis tool for clojure?

ghadi20:01:47

@lkschubert8 what kind of things would you like to discover?

Luke Schubert20:01:55

really any of the owasp top ten

noisesmith20:01:26

clojure's use of macros make that sort of thing more complex it seems - I haven't seen an equivalent for the java tools personally

ghadi20:01:29

many of those aren't specific to Clojure: hit an HTTP endpoint maliciously and see what happens

noisesmith20:01:39

that's not static analysis though

ghadi20:01:18

there are known dependency vulnerability scanners for the Java ecosystem - can reuse those

ghadi20:01:44

they usually operate on a pom or a jar

seancorfield20:01:33

@ghadi Do they operate at the bytecode level? If so, you'd need AOT'd Clojure code, right?

noisesmith20:01:07

the dep analysis ones just check versions

ghadi20:01:32

the ones that operate at a bytecode level would be checking for SHA256(classfile) being in a naughty list

noisesmith20:01:33

there are source analysis tools but those don't use bytecode, they use java conventions and complain about code that doesn't follow them

ghadi20:01:56

so less useful for clojure, more useful for clojure pulling in e.g. a bad jackson version

4
ghadi20:01:33

one of the best security tools is clojure.test.check simple_smile

ghadi20:01:52

you can find all sorts of bad behavior in your code when using the right generator

Alex Miller (Clojure team)20:01:53

note that I've seen cases where these incorrectly flagged the wrong clojure dep too, so you have to double-check the feedback you get. I've filed some of that stuff back to Dependency Check and its been fixed since.

Alex Miller (Clojure team)20:01:27

there are no static analyzers that specifically check for Clojure violations of owasp type concerns afaik

ghadi20:01:17

(many OWASP things are external behavior tests)

Alex Miller (Clojure team)20:01:23

java source code analyzers don't do anything for Clojure. java bytecode analyzers (like FindBugs) usually create an enormous number of false positives and end up relatively worthless in value per time

💯 4
Alex Miller (Clojure team)20:01:53

an excellent talk on how OWASP applies to Clojure was given at EuroClojure a few years ago: https://www.youtube.com/watch?v=lRHPZXKQVLk

👍 4
Luke Schubert21:01:12

Thanks everyon. I'm going to dig through all of this, but it seems like I should be able to cover our needs.