Add protection on namespace cache in case namespace is not created

[wxing1292]

What changed?
Add additional frequency check on namespace cache to reduce the impact if namespace is not registered.

Why?
Currently, if a namespace does not exists within cache, the logic will check if the namespace exists in DB and possibly perform a cache refreshment. If the namespace does not exists in DB, and caller keeps on calling server APIs, the DB will encounter huge API call volume.

How did you test it?
Existing tests

temporal|namespace-cache-protection ⇒ go test -count=20 -race go.temporal.io/server/common/cache
ok  	go.temporal.io/server/common/cache	89.144s

Potential risks
N/A

[alexshtin]

I think logic of this func should be changed. It is great that it returns (bool, error) now but bool should mean exist/not exist and error should indicate the error: persistence or throttling. I would return service.ResourceExhausted right from here and propagate it up to the caller. Caller should be able to differentiate if it is actual NotFound or "you are pinging me to fast".

[wxing1292]

but bool should mean exist/not exist

not really, bool means continue to check the cache & refresh the cache or not

[wxing1292]

and there is not guarantee the check DB see if the namespace exists logic will be exercised within this function

[alexshtin]

ok, then don't add this bool at all. Let it return serviceerror.NotFound or serviceerror.ResourceExhausted which will be propagated to the caller.

[wxing1292]

nop, that is not the purpose of this function

the purpose of this function is check whether to continue the path, i.e. check & potentially force refresh the cache.
the bool return value means whether to continue (either the domain exists, or somebody has already checked within short period of time and it is really likely cache can contain the target domain, but no guarantee)

[wxing1292]

the functionality (function in question) was originally introduced to solve the issue of
t = 0, cache got refreshed, to be refreshed again at t = 10
t = 1, new domain got registered
t = 2, caller just want to use the domain (from within cache)

the function in question (along with the following logic) will solve the above case

[wxing1292]

may be the function name should be changed?

[alexshtin]

Yes, change the name. If existsSomething() returns bool it usually means exists/doesn't exist.

Also you return NotFound at t=2 now, right? I think Unavailable suites better here (client should wait and try again w/o performing extra actions): https://pkg.go.dev/google.golang.org/grpc/codes (comment to FailedPrecondition Code = 8).

[wxing1292]

function name is changed

Unavailable means server fault, while in this case (namespace missing in cache) is client fault.
the only guarantee we have with customer is: if you namespace is in the DB, it is guaranteed to be in the cache after 10s + creation time

[alexshtin]

I think clients should not know about cache or any internal details. So if the statement is "namespace creation can take up to 10 seconds" then returning NotFound within those 10 seconds makes perfect sense.

[alexshtin]

Do you really need it one more time here?

[wxing1292]

yes, consider 1000 caller with 10 frontend host with namespace not registered.

on average, there will be ~ 100 concurrent call to this cache, so the line 514 line now := c.timeSource.Now() maybe called a while back.

[alexshtin]

Probably there is a better name for doContinue?