RUST-585 Refactor Topology implementation to actor model

[patrickfreed]

RUST-585

This PR refactors the Topology implementation to follow an actor model (similar to the connection pool) rather than a lock based one, hopefully making the code easier to maintain and reason about.

[patrickfreed]

This was done to get some newer functionality in the sync::watch channel. It's not strictly necessary, but I figured there wasn't any risk in this, as I doubt any users have strict tokio dependency requirements.

[patrickfreed]

This will happen automatically now.

[patrickfreed]

I'm not sure why these changes surfaced this problem, but basically if a commitTransaction retry failed during connection acquisition with a retryable error, the txnNumber would never get set and the user would see an error. This now checks to see if there was a txnNumber from before and if not, gets a new one from the session.

[patrickfreed]

So this was actually unrelated, but it seems to be fixed now. Filed RUST-1274 to track this separately.

[kmahar]

should we backport this fix to 2.2?

[patrickfreed]

Yep, I added a comment to RUST-1274 as a reminder. Once this is merged I'll do the backport.

[patrickfreed]

this was abstracted to a common type in the runtime module for use with the topology worker

[patrickfreed]

this is included as part of the HelloReply so that the monitors can emit SDAM events instead of doing it in the handshaker or the common functions in the hello module.

[patrickfreed]

This type wasn't mentioned in the design, but it's a channel used to request topology checks. It was necessary to avoid having to go through the topology worker to request checks (the messages go straight to the monitors)

[patrickfreed]

this type was copy/pasted

[patrickfreed]

this struct was required, instead of just emitting events directly from handlers, to ensure no events were emitted after the last TopologyClosedEvent. I originally tried using TopologyWatcher to detect if the topology was still alive before emitting events (similar to the existing implementation), but that proved to be too racy.

this also has the added benefit of preventing users / us from blocking the TopologyWorker via our SdamEventHandler implementations.

[patrickfreed]

To summarize this file, we have the following types:

• Topology: a complete handle to the topology. Allows the executor to select servers, update the topology based on appliction errors, request monitor checks, and keep the worker task running. Does so via the other handle types.
• TopologyWorker: the aforementioned worker / actor task that process updates to the topology and publishes new states
• TopologyUpdater: used to send new server descriptions, application errors, and monitor errors to the topology. Accessed by the executor via Topology and directly by server monitors, SRV polling monitors, and connection pools
• TopologyWatcher: used to observe the latest published state of the topology. Used by the executor via Topology and by server monitors directly.
• TopologyCheckRequester: used by the executor to request immediate monitor checks when server selection fails
• SdamEventEmitter: used by the TopologyWorker and server monitors to publish SDAM events
• TopologyState: "plain old data" containing a topology description and a hashmap of the servers. These are published whenever the topology is updated

To summarize the ownership:

• Topology
  • TopologyUpdater
  • TopologyWatcher
  • TopologyCheckRequester
  • WorkerHandle
• TopologyWorker
  • SdamEventEmitter
• Server monitors
  • TopologyWatcher
  • TopologyUpdater
  • SdamEventEmitter
• SRV polling monitor
  • TopologyUpdater
• Connection pool
  • TopologyUpdater

[patrickfreed]

this is no longer needed now that we have the new handles

[abr-egn]

Is there a potential race condition here? i.e. if the update happens after the request_update call but before the wait_for_update call, will this be waiting until some unrelated future update?

[patrickfreed]

each iteration of the loop marks the topology as "seen" in the clone_latest call, so any update after that point (potentially before the request_update call actually) will be accounted for in wait_for_update.

[abr-egn]

Any particular reason this accepts a &dyn SdamEventHandler instead of a generic bound?

[patrickfreed]

We accept handlers in client options as Arc<dyn SdamEventHandler> so we can't get their concrete type from there.

[abr-egn]

I don't follow why this is needed.

[patrickfreed]

This is to ensure that any calls to wait_for_update on the returned TopologyWatcher will block until a new state is published and not return immediately.

[abr-egn]

I don't understand the usage of the receiver's "seen" flag. It's set in clone_latest but not borrow_latest or server_description?

[patrickfreed]

The "seen" flag determines whether the currently observed TopologtState would be considered "new" or not for the purposes of wait_for_update. If we've called clone_latest and then immediately call wait_for_update, it'll block. If we haven't, it'll return immediately.

Not setting it in borrow_latest and server_description was more of an ergonomic choice, since it would require those methods to be &mut self.

To make this a bit clearer, I renamed the methods to observe_latest (formerly clone_latest) and peek_latest (formerly borrow_latest). Let me know if you think these are more helpful / if there are better ones.

[abr-egn]

Much clearer, thank you :)

[abr-egn]

LGTM! Definitely much easier to follow, and thank you for explaining the bits I didn't get.

[abr-egn]

Much clearer, thank you :)

[kmahar]

few minor questions but besides those LGTM!

[kmahar]

should we backport this fix to 2.2?

[kmahar]

when does this return None? would that be an (I think unexpected case) where we somehow selected a server but the TopologyDescription doesn't contain it?

[patrickfreed]

Yeah, this would be really rare, but basically if a server were to be removed from the topology after we had selected it + checked out a connection from it (e.g. if a monitor check comes back that removes it from the topology). This can happen in the normal course of operations, so I think we need to handle it here. We could decide to return an error instead of defaulting to Unknown to try to prevent the operation from executing, but it's not entirely clear if that's what we want or not.

[kmahar]

ah that makes sense. I think considering it unknown makes sense then. thanks!

[kmahar]

was this failing with the lower timeout / any hypotheses as to why?

[patrickfreed]

Oh I think I changed this when I was debugging an earlier version of the test, changed back to 500.

[isabelatkinson]

looks good, just one question

[isabelatkinson]

any reason for keeping this around even though it's unused?

[patrickfreed]

Oh good catch, we actually do use this method in the connection pool, so this dead_code ignore can just be removed.

[patrickfreed]

To try to preserve the review comment / commit history, I did a regular merge commit to fix the merge conflicts. Will still squash it all down to a single commit at the end though.

[patrickfreed]

Oh good catch, we actually do use this method in the connection pool, so this dead_code ignore can just be removed.

[patrickfreed]

Oh I think I changed this when I was debugging an earlier version of the test, changed back to 500.

[patrickfreed]

Yeah, this would be really rare, but basically if a server were to be removed from the topology after we had selected it + checked out a connection from it (e.g. if a monitor check comes back that removes it from the topology). This can happen in the normal course of operations, so I think we need to handle it here. We could decide to return an error instead of defaulting to Unknown to try to prevent the operation from executing, but it's not entirely clear if that's what we want or not.

[patrickfreed]

Yep, I added a comment to RUST-1274 as a reminder. Once this is merged I'll do the backport.