comment fixes

Author: david-crespo

nexus/src/app/silo.rs

@@ -324,6 +324,16 @@ impl super::Nexus {
             .fetch()
             .await?;
 
+        // We could use a transaction here for these two queries, but it seems
+        // unnecessary. If the token delete succeeds but the session delete
+        // fails, the user will get an error response to the logout request,
+        // but it will have worked halfway. That is _slightly_ surprising if
+        // they expect the tokens to still be there after that, but at least
+        // the error makes clear they have to hit the endpoint again to be sure
+        // everything is gone. The half-deleted state doesn't break anything,
+        // either, except what it's supposed to break: the user's ability to
+        // authenticate with tokens.
+
         let authz_token_list =
             authz::SiloUserTokenList::new(authz_silo_user.clone());
         self.datastore()

nexus/tests/integration_tests/device_auth.rs

@@ -634,7 +634,7 @@ async fn test_admin_logout_deletes_tokens_and_sessions(
 ) {
     let testctx = &cptestctx.external_client;
 
-    // create a user have a user ID on hand to use in the authn_as
+    // create users so we can have user IDs to pass to authn_as
     let silo_url = "/v1/system/silos/test-suite-silo";
     let test_suite_silo: views::Silo = object_get(testctx, silo_url).await;
     let user1 = create_local_user(