[LWMeta] TimeLock API changes

[Toemmsche]

General

Before this PR:
ConjureLockRequest uses set<ConjureLockDescriptor>
After this PR:

• Conjure excludeEmptyOptionals = true
• New field optional<ConjureLockRequestMetadata> in ConjureLockRequest
• ConjureLockRequest uses list<ConjureLockDescriptor> instead
• If metadata is empty after lock watch filtering, it is omitted

==COMMIT_MSG==
[LWMeta] Add metadata to ConjureLockRequest
==COMMIT_MSG==

Priority:
P1
Concerns / possible downsides (what feedback would you like?):
Looking at some serialized ConjureLockRequest objects, there is an argument to be made to simplify the ChangeMetadata format to always include the old and new value. The conjure encoding for union types is out of our control and - frankly - quite poor.

Is documentation needed?:
If we have documentation for the TimeLock API, yes!

Compatibility

Does this PR create any API breaks (e.g. at the Java or HTTP layers) - if so, do we have compatibility?:
Due to us not using --strictObjects and using excludeEmptyOptionals = true as of this PR, we have compatibility.
Does this PR change the persisted format of any data - if so, do we have forward and backward compatibility?:
No
The code in this PR may be part of a blue-green deploy. Can upgrades from previous versions safely coexist? (Consider restarts of blue or green nodes.):
Yes, as long as nodes on newer versions do no forward requests to nodes of older versions.
Does this PR rely on statements being true about other products at a deployment - if so, do we have correct product dependencies on these products (or other ways of verifying that these statements are true)?:
TBD
Does this PR need a schema migration?
no

Testing and Correctness

What, if any, assumptions are made about the current state of the world? If they change over time, how will we find out?:

What was existing testing like? What have you done to improve it?:
I have added tests to the existing LockWatchEventIntegrationTest to verify that metadata passed to TimeLock is visible to transactions.
If this PR contains complex concurrent or asynchronous code, is it correct? The onus is on the PR writer to demonstrate this.:
N/A
If this PR involves acquiring locks or other shared resources, how do we ensure that these are always released?:
N/A

Execution

Metrics for TimeLock are added in #6665
If this PR does not work as expected, how do I fix that state? Would rollback be straightforward?:
Yes
If the above plan is more complex than “recall and rollback”, please tag the support PoC here (if it is the end of the week, tag both the current and next PoC):

Scale

Would this PR be expected to pose a risk at scale? Think of the shopping product at our largest stack.:
This PR does introduce some additional conversions from List<LockDescriptor> to Set<LockDescriptor> and back. These are necessary to facilitate the index encoding format for metadata.
Would this PR be expected to perform a large number of database calls, and/or expensive database calls (e.g., row range scans, concurrent CAS)?:
No
Would this PR ever, with time and scale, become the wrong thing to do - and if so, how would we know that we need to do something differently?:
If the aforementioned conversions are performance bottlenecks, we should consider a separate endpoint for lock requests with metadata.

Development Process

Where should we start reviewing?:

If this PR is in excess of 500 lines excluding versions lock-files, why does it not make sense to split it?:
We exceed the 500 line threshold because of adding an old version of a conjure-generated class

[Toemmsche]

is this class still in use?

[Toemmsche]

This test is merely for compatibility + serializability checking so we don't have to test too many edge cases here. Anything related to actual index encoding (e.g. correctness checks) is handled by the conjure utilities.

[Toemmsche]

as discussed during the RFC review: This change is compatible on the wire

[Toemmsche]

Interestingly enough, even though https://github.com/palantir/conjure/blob/master/docs/spec/wire.md#42-servers-reject-unknown-fields dictates that servers must reject unknown fields, all conjure object builder are actually annotated with @JsonIgnoreProperties(ignoreUnknown = true) meaning that they ignore all unknown properties. If we trust the spec, this change would require a product dependency, but the generated conjure code says otherwise.

[Toemmsche]

Even though we are passing a list to field that expects a set, immutable types always build an immutable version of the container type anyways (to guarantee immutability)

[Toemmsche]

Refactor because we moved some code to the LockWatchIntegrationTestUtilities class

[Toemmsche]

This is pretty much duplicated from UpdateVisitors, but that class is in another test module. We could move it to a non-test module (ugly because test code now lives among production code) or move this test class over (but then we couldn't access LockWatchIntegrationTestUtilities). I am not too offended by this just being here.

[changelog-app]

Generate changelog in changelog/@unreleased

What do the change types mean?

• feature: A new feature of the service.
• improvement: An incremental improvement in the functionality or operation of the service.
• fix: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way.
• break: Has the potential to break consumers of this service's API, inclusive of both Palantir services
  and external consumers of the service's API (e.g. customer-written software or integrations).
• deprecation: Advertises the intention to remove service functionality without any change to the
  operation of the service itself.
• manualTask: Requires the possibility of manual intervention (running a script, eyeballing configuration,
  performing database surgery, ...) at the time of upgrade for it to succeed.
• migration: A fully automatic upgrade migration task with no engineer input required.

Note: only one type should be chosen.

How are new versions calculated?

• ❗The break and manual task changelog types will result in a major release!
• 🐛 The fix changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease.
• ✨ All others will result in a minor version release.

Type

• Feature
• Improvement
• Fix
• Break
• Deprecation
• Manual task
• Migration

Description

[LWMeta] Add metadata to ConjureLockRequest

Check the box to generate changelog(s)

• Generate changelog entry

[Sam-Kramer]

Looks good! mostly minor stuff

[Sam-Kramer]

Why are we now "copying" the request lock descriptors?

[Toemmsche]

Downstream methods like ClientLockDiagnosticCollector#collect require a set, but ConjureLockRequest.lockDescriptors is now a list. Since this class is deprecated, I don't think it is worth the effort to refactor all the downstream methods and immutable objects to accept lists. Also, having set semantics makes more sense in this context and we merely have to do the conversion because of the wire format.

[Toemmsche]

That said, we should use ImmutableSet.copyOf here

[Sam-Kramer]

(no action: https://docs.oracle.com/javase/8/docs/api/java/util/stream/package-summary.html#Ordering)

[Sam-Kramer]

Given our conversation around "dependency ordering", should we write a test proving that the old ConjureLockRequest will be able to handle metadata, whether or not it's specified? A bit ugly, as we'll need to copy the old conjure-generated file, but probably worth it to as our proof it won't break things

[Toemmsche]

Yeah I thought about this and found it acceptable in the LockEvent case since copying the class was trivial, but copying the generated class is a different beast. Given that we will not have product dependencies, though, I think it is acceptable.

[Sam-Kramer]

I don't think it's the worst thing in the world for us to have a copy in the test folder here of the old-generated class. Granted, this is something we probably want anyways, as we have an invariant here which we must maintain, albeit super hard to break (our new format must be serializable by the old format).

Even though this becomes out-dated after this PR, we still allow the upgrade path from a really old version of timelock to a really new version of timelock in the future, so it's useful we have this test to ensure we don't break anything until we checkpoint timelock.

[Toemmsche]

Sounds reasonable, I noticed that the test class is not really in the right module (should be co-located with timelock-api.yml), will move it

[Sam-Kramer]

this is fine, but I think you can also do Paths.get(BASE, jsonFileName + ".json")

[Toemmsche]

will backport this suggestion for related files

[Sam-Kramer]

Do we need to make this List mutable? Otherwise I saw let's opt for ImmutableList.

[Sam-Kramer]

🌶️

[Sam-Kramer]

Do we actually need this?

[Toemmsche]

We don't need to actually run a transaction, but we need the currentVersion (line below)

[Sam-Kramer]

nit: maybe a better name than dummyTxn

[Sam-Kramer]

Maybe worth just returning the Optional<LockRequestMetadata>, seeing as we only expect a single event anyways?

[Sam-Kramer]

lockAndGetEventMetadataFromLockWatchLog ?

[Sam-Kramer]

Do we want to be a bit more aggressive here with our testing?

[Toemmsche]

I think any test we add will already be mostly by some other test. But given that this is the ultimate integration test, I would be fine with replicating/bundling some of them here.

[Toemmsche]

I think a large-scale random test might make sense.

[Toemmsche]

Thinking about this more, I would rather use this class for advanced testing using actual transactions once we have the necessary changes in Atlas. The two tests are added don't really fit the purpose of this class, but are good sanity checks. Thoughts on this approach?

[Sam-Kramer]

I think that makes sense! Plus, this api is not really used anyways until that happens, so it's fine for this to merge beforehand.

[Toemmsche]

This is not necessary for correctness, but we should have this behavior for performance reasons

[Sam-Kramer]

Rather than ternary I personally bias towards

if(filteredLockMetadata.isEmpty()) {
   return Optional.empty();`
}
return Optional.of(...) 

BUT -- that said, I think ternary is also fine!

[Toemmsche]

I can get behind it

[Toemmsche]

This is copied from the latest develop , but I renamed it to avoid confusion

[Sam-Kramer]

Old is fine, but Legacy is a bit cleaner

[Sam-Kramer]

Maybe reframe the comment to be more specific on what this means, i.e. we exclude optionals during serialization rather than marking them as null.

[Sam-Kramer]

Sort of frustrating, as this is the ideal of as, so you can say "we expect the old and new conjure lock request to be identical as we do not serialize empty optionals".

[Sam-Kramer]

It might be worth removing the as and to return the assertThat, to allow for these types of cases.

[Toemmsche]

I think an improved comment is fine. Trying to get the assert here is especially ugly for assertSerializedEquals because we re-read the serialized form using a different mapper (so we can ignore any indentation differences).

[Sam-Kramer]

also only other style nit, is that we have arguments reversed from assertSerializedEquals. I'd expect assertDeserializedEquals(T object, String jsonFileName, Class<T> clazz)

[Toemmsche]

This was deliberate to maintain the convention that we do assertThat(actual).isEqualTo(expected). The deserialized JSON object is the actual value and the object is the expected value.

[Toemmsche]

In assertSerializedEquals, the JSON file is the expected value.

[Sam-Kramer]

ah, then that makes sense!

[Sam-Kramer]

As we know the size here, let's use builderWithExpectedSize.

[Sam-Kramer]

lgtm