changelog-app[bot]
commented
4 months ago Generate changelog in changelog-dir>`changelog/@unreleased`</changelog-dir
What do the change types mean?
- `feature`: A new feature of the service. - `improvement`: An incremental improvement in the functionality or operation of the service. - `fix`: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way. - `break`: Has the potential to break consumers of this service's API, inclusive of both Palantir services and external consumers of the service's API (e.g. customer-written software or integrations). - `deprecation`: Advertises the intention to remove service functionality without any change to the operation of the service itself. - `manualTask`: Requires the possibility of manual intervention (running a script, eyeballing configuration, performing database surgery, ...) at the time of upgrade for it to succeed. - `migration`: A fully automatic upgrade migration task with no engineer input required. _Note: only one type should be chosen._How are new versions calculated?
- ❗The `break` and `manual task` changelog types will result in a major release! - 🐛 The `fix` changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease. - ✨ All others will result in a minor version release.Type
Description
svc-autorelease
General
Before this PR: Certain transactions can benefit from not having every one of their gets being validated at read time and delaying the lock validation to the end of the transaction and commit validation.
For transactions that do not have any side effects which are outside of the scope of the transaction (remote calls, internal state changes) enabling this option should always be safe as the validation will still be done but at commit time instead of every get.
The main downside of disabling this check is for long running transaction as loosing a lock will only be detected at commit time which might be much later compared to when it actually happened.
After this PR:
==COMMIT_MSG== Users can disable lock validation for reads on a per transaction basis. ==COMMIT_MSG==
Priority: P2 (I suppose): in internal tests we had some promising results for several workflows and we'd like to have this option for a more targeted set of tests
Concerns / possible downsides (what feedback would you like?): How much documentation we need for this and how many warning do we need to put here?
Are there any edge cases that I might have missed?
Is documentation needed?:
Compatibility
Does this PR create any API breaks (e.g. at the Java or HTTP layers) - if so, do we have compatibility?: No
Does this PR change the persisted format of any data - if so, do we have forward and backward compatibility?: No
The code in this PR may be part of a blue-green deploy. Can upgrades from previous versions safely coexist? (Consider restarts of blue or green nodes.):
The question is more if it is safe to apply this option on the transaction, at that point B/G is safe.
Does this PR rely on statements being true about other products at a deployment - if so, do we have correct product dependencies on these products (or other ways of verifying that these statements are true)?: It's the other way round, so users of Atlas should be mindful when using this feature.
Does this PR need a schema migration? No
Testing and Correctness
What, if any, assumptions are made about the current state of the world? If they change over time, how will we find out?: Assuming that disabling lock validation is safe from the protocol perspective.
What was existing testing like? What have you done to improve it?: Added a few more tests for this specific case.
If this PR contains complex concurrent or asynchronous code, is it correct? The onus is on the PR writer to demonstrate this.: Doesn't contain it.
If this PR involves acquiring locks or other shared resources, how do we ensure that these are always released?: N/A
Execution
How would I tell this PR works in production? (Metrics, logs, etc.): We should be able to see improvements in transaction durations for workflows that enable this option.
Has the safety of all log arguments been decided correctly?: N/A
Will this change significantly affect our spending on metrics or logs?: No
How would I tell that this PR does not work in production? (monitors, etc.): Should have been caught before when we used the option to disable lock validation at the transaction manager level.
If this PR does not work as expected, how do I fix that state? Would rollback be straightforward?: Should be simple to revert in cases where we actually use it and it should be relatively easy to rollback. As far as corruption in external systems caused by misuse of this option it is up to the users of the library to come up with a way forward.
If the above plan is more complex than “recall and rollback”, please tag the support PoC here (if it is the end of the week, tag both the current and next PoC):
Scale
Would this PR be expected to pose a risk at scale? Think of the shopping product at our largest stack.: No
Would this PR be expected to perform a large number of database calls, and/or expensive database calls (e.g., row range scans, concurrent CAS)?: It reduces the number of calls
Would this PR ever, with time and scale, become the wrong thing to do - and if so, how would we know that we need to do something differently?: No obviously, maybe if there is a lot of misuse (maybe we want to emit some metric, etc,)
Development Process
Please tag any other people who should be aware of this PR: @jeremyk-91 @fsamuel-bs @LucasIME