ABR 18: More ETEs

[gsheasby]

Goals (and why):
Add further ETE tests, fixing a few problems along the way.
Notably:

• The restore workflow needs to use TimelockManagementService while the namespace is disabled. To achieve this, I added TimelockNamespaces.getIgnoringDisabled, to bypass the check in client creation. This means that other code paths using TMS would also work while the namespace is disabled; but since this interface only contains ping and fastForwardTimestamp, this should be safe (for reasonable timestamp values).
• In CoordinationServiceRecorder/CassandraRepairHelper, we use a KeyValueService instance. In the production codepath, these will be newly created, and thus we must use try-with-resources to avoid leaking resources. However, the ETE test codepath uses the KVS from the TransactionManager, which must not be closed. To fix this issue, I pulled out a little KvsRunner class.

==COMMIT_MSG==
Fixed an issue where the AtlasRestoreClient would be unable to perform necessary operations on timelock (fast forwarding the timestamp) during the restore process.
==COMMIT_MSG==

Implementation Description (bullets):

• Added ETE tests
• Fixed the exposed issues

Testing (What was existing testing like? What have you done to improve it?):

• New ETE tests

Concerns (what feedback would you like?): See the notable things above

Where should we start reviewing?: For maximum 🌶️ , KvsRunner + friends, followed by TimelockNamespaces.

Priority (whenever / two weeks / yesterday): this week

[changelog-app]

Generate changelog in changelog/@unreleased

Type

• Feature
• Improvement
• Fix
• Break
• Deprecation
• Manual task
• Migration

Description

Fixed an issue where the AtlasRestoreClient would be unable to perform necessary operations on timelock (fast forwarding the timestamp) during the restore process.

Check the box to generate changelog(s)

• Generate changelog entry

[gmaretic]

Mostly looks good, but i have a couple of concerns

[gmaretic]

maybe rename

[gsheasby]

TransactionManagerScopedKvsRunner?

[gmaretic]

I meant more agnostic and descriptive of behaviour/intent: SharedKvsRunner or even NonClosingKvsRunner?

[gmaretic]

Seems a bit excessive to create and close on every call -- unless we really only do it once. We should Ideally just make the service closeable and close the KVS on close if necessary

[gsheasby]

For a given namespace, the KVS is indeed created and fetched exactly once per backup or restore.

[gmaretic]

then gtg

[gmaretic]

This solves the correctness issue, but it potentially creates a client on every call and closes any of them. One way to fix it is just to have a separate ConcurrentMap for the ignoring services and not reuse the existing normal services.
Alternatively, and maybe better, we can keep the previous behaviour where an explicit disable still kills the existing service (because it does all the locks etc cleanup for us) and let the ignoring version create a new one but make sure that a get does a precondition check to verify it's not disabled after calling services.computeIfAbsent

[gsheasby]

Ah interesting - yeah, that would work. So we'd create a new service the first time we call getIgnoringDisabled, then future get calls with throw until the service is re-enabled.

[gmaretic]

It must go after we computeIfAbsent, to avoid race conditions where this passes, we disable and call getIgnoring and then this calls computeIfAbsent

[svc-autorelease]

Released 0.548.0