[AtlasDB Proxy & DbKVS] Part 7: Allow Namespace Overrides for Oracle Connection Config

atlasdb-dbkvs-hikari/src/test/java/com/palantir/nexus/db/pool/config/OracleConnectionConfigTest.java

@@ -36,6 +36,7 @@ public class OracleConnectionConfigTest {
     private static final int PORT = 42;
     private static final MaskedValue PASSWORD = ImmutableMaskedValue.of("password");
     private static final String SID = "sid";
+    private static final String NAMESPACE = "namespace";
     private static final ServiceNameConfiguration SERVICE_NAME_CONFIGURATION = new ServiceNameConfiguration.Builder()
             .serviceName("serviceName")
             .namespaceOverride("namespaceOverride")

atlasdb-dbkvs/src/main/java/com/palantir/atlasdb/keyvalue/dbkvs/DbKeyValueServiceConfig.java

@@ -18,6 +18,7 @@
 import static com.palantir.logsafe.Preconditions.checkArgument;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonTypeName;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
@@ -44,9 +45,12 @@ public abstract class DbKeyValueServiceConfig implements KeyValueServiceConfig {
     @JsonIgnore
     @Value.Derived
     public Optional<String> namespace() {
-        return connection().namespace();
+        return namespaceOverride().or(() -> connection().namespace());
     }
 
+    @JsonProperty("namespace")
+    public abstract Optional<String> namespaceOverride();
+
     @Override
     public final String type() {
         return DbAtlasDbFactory.TYPE;

atlasdb-ete-tests/docker/conf/atlasdb-ete.timelock.dbkvs.yml

@@ -12,6 +12,7 @@ server:
 atlasdb:
   keyValueService:
     type: relational
+    namespace: globeete
     ddl:
       type: postgres
     connection:
@@ -22,7 +23,7 @@ atlasdb:
       dbLogin: palantir
       dbPassword: palantir
 
-  namespace: atlasete
+  namespace: globeete
 
 atlasDbRuntime:
   timelockRuntime:

changelog/@unreleased/pr-5942.v2.yml

@@ -0,0 +1,10 @@
+type: improvement
+improvement:
+  description: Users may now explicitly override the `namespace` of a DB key value
+    service configuration, which is usually the mechanism by which an individual AtlasDB
+    user identifies itself (e.g. to timelock and possibly to the underlying key-value-service).
+    This was previously automatically assumed to be the `sid` of the Oracle database
+    or `dbname` of the Postgres database; however, that is not actually the way an
+    individual AtlasDB user identifies itself in practice.
+  links:
+  - https://github.com/palantir/atlasdb/pull/5942

docs/source/configuration/key_value_service_configs/db_key_value_services_config.rst

@@ -0,0 +1,28 @@
+.. _db_key_value_services_config:
+
+===========================
+DB KVS Shared Configuration
+===========================
+
+.. note::
+   Please read the documentation for configuration of the specific flavour of DbKVS (Oracle or Postgres) that you are
+   using as well. This document discusses concepts that are shared across the relational key-value-service
+   configurations that we support.
+
+Namespaces
+----------
+
+.. danger::
+
+   Changing the namespace of an individual service, or explicitly specifying the namespace of a service that previously
+   did not have namespace overrides without taking suitable mitigating measures may result in
+   **SEVERE DATA CORRUPTION**! Please contact the AtlasDB team before attempting such a migration.
+
+*Namespaces* are a mechanism by which an AtlasDB application using a relational KVS may identify itself to TimeLock.
+This can be useful in situations where a DB instance is shared between services. This should be a unique value per
+user service, and must not be changed without a migration.
+
+By default, this is determined by the connection configuration. In Oracle this is determined from either the ``sid``
+or the ``serviceNameConfiguration``; in Postgres, this is determined from the ``dbName``. However, in cases where a
+single application needs to be responsible for multiple AtlasDB instances connecting to the same Oracle instance under
+the same user, setting ``namespace`` accordingly allows for interactions with TimeLock to be handled properly.

docs/source/configuration/key_value_service_configs/index.rst

@@ -11,6 +11,7 @@ The configurations for supported key value services can be found below.
    :titlesonly:
 
    cassandra_key_value_service_config
+   db_key_value_services_config
    postgres_key_value_service_config
    oracle_key_value_service_config
 

docs/source/configuration/key_value_service_configs/oracle_key_value_service_config.rst

@@ -46,6 +46,7 @@ A minimal AtlasDB configuration for running against Oracle will look like the be
           sid: palantir
           dbLogin: palantir
           dbPassword: palpal
+        namespace: myAppAtlas # must be unique per product
 
       leader:
         # This should be at least half the number of nodes in your cluster
@@ -69,9 +70,10 @@ For more details on the leader block, see :ref:`Leader Configuration <leader-con
 Configuration Parameters
 ========================
 
-The Oracle Configuration has 2 major blocks:
+The Oracle Configuration has 2 major blocks.
 
-The DDL Config Block:
+DDL parameters
+--------------
 
 .. list-table::
     :widths: 5 40 15

docs/source/configuration/key_value_service_configs/postgres_key_value_service_config.rst

@@ -33,6 +33,7 @@ A minimal AtlasDB configuration for running against postgres will look like :
   atlasdb:
     keyValueService:
       type: relational
+      namespace: myAppAtlas # must be unique per product
       ddl:
         type: postgres
       connection: