RUST-360 Streaming monitoring protocol

[patrickfreed]

RUST-360

This PR updates the driver to make use of the streaming monitoring protocol (described here), which allows the driver to accept topology updates that are pushed to it rather than polling the server regularly. This should allow the driver to more quickly recover from failover events.

[patrickfreed]

The monitors now handle emitting these events, so we don't need to pipe these event handlers down into the handshaker anymore.

[kmahar]

nice, this may make things easier for SDAM logging too 😇

[patrickfreed]

I updated the pool worker task to use a biased select!, which means that it will poll in a certain order. Specifically for this, I updated it to check for management requests (clearing, marking as ready, etc) before checking for check-out requests. This means that we don't actually have to wait for acknowledgment that the pool is ready before returning here, since we know that no check-out requests will be processed before this MarkAsReady is.

[patrickfreed]

As it turns out, this wasn't completely race-proof, so I reverted back to waiting for acknowledgment.

[patrickfreed]

this logic was moved into the monitor.

[patrickfreed]

this macro forces you to write something like

match a {
    SomeEnum::B => false,
    _ => true
}

as

!matches!(a, SomeEnum::B)

which I personally find less readable (super easy to miss that first !). What do you all think?

[patrickfreed]

This was rewritten to use a watch channel which is more appropriate for this type and also allowed us to use &self everywhere instead of &mut self. The functionality is otherwise unchanged.

[kmahar]

which is more appropriate for this type

could you explain the rationale for this? I've read the docs for both mpsc and watch and it's not super obvious to me why it makes more sene for the listener to be the "producer" rather than the "consumer" (the other way actually seems more intuitive to me)

[patrickfreed]

Sorry, yeah this comment is pretty vague. The main value is to be able to use the "closing" functionality on the sender half without taking a mutable reference. Also, the channel isn't actually used for sending any values, so watch not needing to allocate a buffer or anything under the hood is nice (watch channels are basically glorified RwLock<T>s with nice async semantics).

[kmahar]

ahh that all makes sense. thanks!

[patrickfreed]

Everything that modifies the topology now goes through the following steps:

1. clone the existing topology description
2. modify it in some way
3. pass it to update_topology

This cuts down on the one-off logic in these various methods and hopefully makes the worker easier to read / reason about.

[patrickfreed]

Per the spec, a "sharded" runOnRequirement should match both "sharded" and "sharded-replicaset" topologies. Since we were using direct equality, we may have been skipping some tests accidentally.

[patrickfreed]

This changes how this method works at a fundamental level, but I think in a way that makes much more sense. Before, it would collect events until an event was not received for the given timeout, so if there was a constant stream of events it would go on forever. The new version collects events for the given time and returns what it observed.

[patrickfreed]

Storing Arc<Server> here actually clones them for every receiver (aka TopologyWatcher), which led to a reference cycle wherein the Servers were never actually getting dropped because the monitors held watchers, but the monitors never exited because the Servers never dropped. Storing Weak pointers here fixes this.

One future area to explore would be to ditch Arc / Weak here altogether and just pass clones of Server around, but I didn't want to go too deep down the refactor rabbit hole.

2.3.0 (which has the Topology refactor) is not affected by this issue, but that's because the monitors exit once they detect the topology is dropped, which then causes the Servers to drop. They have no need for the Server to be alive in order to be dropped. This does highlight a separate issue, which is that monitors on 2.3.0 (and probably earlier) don't exit if a server is removed from the Topology. This is fixed now, however. (Filed RUST-1443 for it)

[patrickfreed]

This file has gotten kind of long and complicated, so once this PR is merged I think I'll go in and break it down into a few smaller ones. For the purposes of preserving the diff I didn't do that in this PR.

[patrickfreed]

I will say that I don't have a great mental model of how all of the components in the driver interact so I think the parts of the code that involve coordination/communication between different components have been difficult for me to review and provide meaningful input on, especially in cases where things have been refactored.

I'm going to try to spend some time reasoning through how it all fits together before doing another round of review, but in the meantime figured I would go ahead and give these comments.

Sounds good. And yeah, the various refactors + cross component nature is part of what made this difficult from the implementation side too. Would be happy to do a walkthrough of some of the changes over zoom if that would be helpful to reviewers. If not, no worries too.

[abr-egn]

If we do need to reintroduce it, we could avoid the timeout issue by reading the lazy_static in client initialization.

[abr-egn]

LGTM!

[kmahar]

I think this logic is wrong - if a user sets allow_invalid_hostnames to true, shouldn't verify_hostname be false?

[patrickfreed]

Oh good catch, yeah it is. Updated to use a match to make the logic clearer here. As a side note, I'm a little concerned this didn't trigger any test failures. Filed RUST-1467 for introducing test coverage for this.

[kmahar]

I know this is a copy-paste from below, but is this comment still accurate or can this also be openSSL now?

[patrickfreed]

fixed

[kmahar]

LGTM! great job with this 👏

[isabelatkinson]

looks like all the questions i had were asked & answered -- lgtm!