DRIVERS-1607: Snapshot reads on Secondaries

[BorisDog]

No description provided.

[BorisDog]

snapshot-sessions.yml will be added after json test version will be finalized.

[ShaneHarvey]

FYI we usually develop (and review) the yaml version because it's easier to read and supports comments and anchors to reduce the verbosity. Also the json file is auto-generated from the yaml.

[ajdavis]

I'm so happy that we're choosing the ClientSession API!

[ajdavis]

The server permits a snapshot read to begin with afterClusterTime so it's causally after some previous operation. Within a snapshot read, of course, you can't be causally consistent. This API doesn't expose the "begin a snapshot read causally after an operation" feature. That might be fine, and we could enhance the API later if it turns out that users want that feature. I want to confirm it's our intention to omit the feature now.

[jyemin]

Confirmed.

[BorisDog]

@jyemin @ajdavis
Making sure that we want drivers forbid requesting both causalConsistency and isSnapshot (need to add a test for that).
I lean to raising an error in such case in driver, as otherwise due to drivers possible implementation differences it could be that some would send both atClusterTime and afterClusterTime, and some only one of the fields. Which will result in inconsistent behavior.

[jyemin]

Let's start with making it an error. It's easier to go from error to not error than the other way around.

[benjirewis]

Just FYI, libmongoc defines mongoc_session_opt_t with a field flags that is an enum mongoc_session_flag_t. I'll add another variant for isSnapshot, and by nature of the enum, there will be no way to specify causalConsistency and isSnapshot simultaneously. I'll still throw an error if users try to, but worth noting that if other drivers use a similar enum, users won't be able to do this anyways.

[BorisDog]

@jyemin currently with test against secondaries only, should we duplicate the tests to run on primary as well?

[jyemin]

I think that would be more a test of the server than of drivers, so I don't think it's necessary. What do you think, @ajdavis?

[ajdavis]

Yeah, this is tested on the server in snapshot_reads.js, no need for drivers to do it.

[BorisDog]

Thanks

[alcaeus]

I don't think we need to call out a registry of specs here

Suggested change

	:Spec Title: Snapshot Reads Specification (See the registry of specs)
	:Spec Title: Snapshot Reads Specification

[BorisDog]

Not sure what's the convention here as this referral appears in causal-consistency.rst and driver-sessions.rst.
Removed for now.

[alcaeus]

I believe those are leftovers from the templates. I'll give the specs a quick look to clean these up. Thanks for pointing out other instances.

[alcaeus]

I forgot to mention this, but you should add a make target for session tests in the unified test runner Makefile. This ensures all unified session tests are checked against the schema during the CI build.

[BorisDog]

Great, thanks! Added, and will verify when yml tests are added.

[jyemin]

I think this should be:

topologies: [ "replicaset", "sharded-replicaset" ]

[BorisDog]

Thanks, fixed.

[jyemin]

I'm not clear what your intention is here. In the spec this option is not defined.

[BorisDog]

I've marked this test as optional, for drivers that can alter snapshotTimestamp field internally.

Not sure what's the best approach here: Mandate drivers to provide functionality to set snapshotTimestamp or extract this test as optional prose test.

[jyemin]

Let's add commandStartedEvent assertions to all the tests, demonstrating that atClusterTime is included when appropriate.

[BorisDog]

That's problematic as we don't have a way to obtain actual atClusterTime.

[BorisDog]

Done with $$exists.

[jyemin]

Is there really a need for all these session objects? Each test runs in isolation, so a new session instance is created for each test. So there is no re-use issues between tests. I suspect we can have just one session with an isSnapshot: true option.

[BorisDog]

No need, removed.

[jyemin]

I think it should be does not

[jyemin]

Now I think about it, it's not clear why we need this to be a public property if there is no way to initialize a new ClientSession with its value.

[BorisDog]

Sounds right, currently there is not need for snapshotTimestamp in public API. Removed.

As ClientSession.snapshotTimestamp is likely to be introduced later, drivers still need this field as part of ClientSession enitity as mentioned here.

[jyemin]

I'm not convinced its necessary to specify this, since retryable reads are only enabled via an allow-list anyway.

[BorisDog]

Thanks, removed.

[jyemin]

Check with others, but I think this whole section should move to the README.rst in the tests subdirectory.

[benjirewis]

I agree; seems like the normal place for prose tests.

[BorisDog]

Done.

[jyemin]

This only needs to be included for prose tests. You don't have to duplicate what's already specified in YAML.

[BorisDog]

Done. Thanks.

[benjirewis]

Barring tests with distinct (see my other comment), spec tests seem to pass in C. Will implement prose test and re-review.

[benjirewis]

Can we specify "causalConsistency": false here and on session1? causalConsistency is true by default which will cause an error with "isSnapshot": true.

[BorisDog]

The default causalConsistency value is "not supplied". So in that case it should be translated to !isSnapshot (now it's translated to true)?
I think drivers should account for this case, as we don't want mandate users to always specify "causalConsistency": false if snapshot session is requested.

[benjirewis]

I agree that specifying causalConsistency = false just for isSnapshot = true should not be a burden on the users.

But if a user (or a test) sets isSnapshot to true, drivers should set causalConsistency to false? I suppose I'm confused about when drivers should explicitly error because of simultaneously true isSnapshot and causalConsistency values, and when drivers should quietly switch one or the other off.

[BorisDog]

You are right, this point is not clear.
I suggest that causalConsistency defaults to true only if no snapshot where requested.

[benjirewis]

I cannot run this test and Mixed operation with snapshot in libmongoc since we don't have a dedicated distinct helper, so I can't verify that these work, but they look good to me.

[rstam]

LGTM

[ShaneHarvey]

readconcern -> read concern

[BorisDog]

Done.

[ShaneHarvey]

It's a bit confusing to have "MongoClient/MongoDatabase/MongoCollection changes" sections when there aren't any changes at all. Can we remove those sections? We could add one sentence to the rationale which says something like "This spec does not require any client, db, collection API changes."

[BorisDog]

I agree, we might not need even that cliet/db/collection section.
@rstam do you think we could skip those no-changes sections?

[BorisDog]

Changed.

[ShaneHarvey]

The name snapshotTimestamp is inconsistent with the other "time" properties, clusterTime, and operationTime. Can we rename it to snapshotTime?

[BorisDog]

Good point. snapshotTimestamp is not part of public API now, and in fact in C# it's called snapshotTime internally for this consistency reason.
@ajdavis do you have any objections to snapshotTime name?

[ShaneHarvey]

Hmm okay. This line gave me the impression that the snapshotTimestamp needs to be a public session property:

property snapshotTimestamp of the ClientSession object

Can you clarify that it must be private? Perhaps just saying "...private snapshotTime property..."

I still think it's more consistent to name it "snapshotTime" though.

[BorisDog]

Done.

[benjirewis]

LGTM given new changes to causal-consistency. Prose test looks good in libmongoc; just had a question about the set server parameter.

[benjirewis]

Does this need to be set? Why is this important for the new tests, and by "test execution time", do you mean how long it takes the spec + prose tests to run?

[BorisDog]

We want to ensure that the snapshot the test reads still exists on the server.
IIRC the default history is 10 seconds, which was not sufficient at least for .Net tests.
So drivers should be aware about this parameter and set it as needed.

[ShaneHarvey]

Why was 10 seconds not long enough? Are there snapshot reads tests that take longer than 10 seconds?

[BorisDog]

It was not sufficient when running in Debug mode.
Apparently it's 5 seconds and .Net tests in release are much quicker. So no changes to EG needed (at least in .Net)

I'd still suggest to track this parameter for such slower dubug mode runs. Not sure what's the best wording though, maybe:

The server minSnapshotHistoryWindowInSeconds parameter MAY be configured to match the tests execution time.

?

[ShaneHarvey]

Perhaps something like:
"Note that by default the server only keeps the snapshot alive for 10 seconds. Debugging a driver in the middle of a snapshot session may lead to SnapshotTooOld errors. Drivers can work around this issue by increasing the server's minSnapshotHistoryWindowInSeconds parameter, for example:

client.admin.command('setParameter', 1, minSnapshotHistoryWindowInSeconds=60)

[BorisDog]

Done.

[ShaneHarvey]

Hmm okay. This line gave me the impression that the snapshotTimestamp needs to be a public session property:

property snapshotTimestamp of the ClientSession object

Can you clarify that it must be private? Perhaps just saying "...private snapshotTime property..."

I still think it's more consistent to name it "snapshotTime" though.

[ShaneHarvey]

Can we rename isSnapshot to snapshot? Including is in the name doesn't add any meaning, it's just a filler word. It's also inconsistent with other boolean options in the driver api. For example causalConsistency isn't called isCausalConsistency or isCausallyConsistent.

[BorisDog]

Good point re. consistency. Renamed.

[ShaneHarvey]

FYI we usually develop (and review) the yaml version because it's easier to read and supports comments and anchors to reduce the verbosity. Also the json file is auto-generated from the yaml.

[ShaneHarvey]

Should be "python".

[BorisDog]

Fixed.

[ShaneHarvey]

Can we add a unified test for this? It could run the client.startSession operation with snapshot = true, causalConsistency = true arguments and assert that we raise a client-side error with isClientError: true.

[BorisDog]

That might be a good idea, but session entities creation stage does not have error validation, and we don't have startSession operation. Introducing startSession operation for all drivers instead of prose test seemed overkill in this case.
Is there any simple way to achieve that?

[ShaneHarvey]

and we don't have startSession operation.

The unified test runner allows us to call any method on the client including startSession. I don't think it's overkill but we don't need to do it in this PR. I'll open a drivers ticket for it.

Edit: or maybe this would require a "schemaVersion" bump in the unified test format. Still I think it's worthwhile to be able to call startSession within tests.

[ShaneHarvey]

When the driver starts a snapshot session but the server does not return the atClusterTime field the driver needs to raise a client side error indicating that server does not support snapshot reads. If we don't do this then snapshot reads can silently fail.

[ShaneHarvey]

False alarm. The problem was that my implementation neglected to set readConcern.level to ‘snapshot’. When the driver correctly sends ‘snapshot’ old servers will reject the request with this error:

{'operationTime': Timestamp(1624572085, 12), 'ok': 0.0, 'errmsg': 'read concern level snapshot is only valid in a transaction', 'code': 72, 'codeName': 'InvalidOptions', '$clusterTime': {'clusterTime': Timestamp(1624572085, 12), 'signature': {'hash': b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 'keyId': 0}}}

Can we add a unified test case that confirms that the server returns an error when drivers try to use a snapshot session? It should run on 3.6-4.4.

[ShaneHarvey]

The default was updated to 5 minutes in SERVER-47855 so this section is probably not needed at all anymore.

[BorisDog]

I think that it's still better to track minSnapshotHistoryWindowInSeconds parameter, for any future updates or longer debugger sessions.

[ShaneHarvey]

Can you add the .yml versions of the two new tests?:

 source/sessions/tests/unified/snapshot-sessions-not-supported-server-error.yml
 source/sessions/tests/unified/snapshot-sessions.yml

[ShaneHarvey]

LGTM

[BorisDog]

Rebased and merged here.

[jmikola]

FYI: "sessions" should also have been added to the all target above. See: #1026 (comment)