orlando-cluster 0.1.0

A virtual actor framework in Rust, inspired by Microsoft Orleans.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

use std::collections::HashMap;
use std::sync::Mutex;
use std::time::SystemTime;

use async_trait::async_trait;
use orlando_core::{ClusterId, GrainId};

/// Tracks which cluster owns each grain activation globally.
/// Implementations must provide CAS semantics: only one cluster can own
/// a grain at a time. Concurrent registrations are resolved by first-writer-wins.
#[async_trait]
pub trait CrossClusterDirectory: Send + Sync + 'static {
    /// Look up which cluster owns a grain.
    async fn lookup(&self, grain_id: &GrainId) -> Result<Option<GrainOwnership>, DirectoryError>;

    /// CAS register. Returns actual owner (may differ from requested if another
    /// cluster won the race). The epoch is a monotonic fencing token — stale
    /// registrations with a lower epoch are rejected.
    async fn register(
        &self,
        grain_id: &GrainId,
        cluster_id: &ClusterId,
        epoch: u64,
    ) -> Result<GrainOwnership, DirectoryError>;

    /// Release ownership. Only the owning cluster can deregister.
    async fn deregister(
        &self,
        grain_id: &GrainId,
        cluster_id: &ClusterId,
    ) -> Result<(), DirectoryError>;

    /// Extend TTL for ownership. No-op for backends without TTL (e.g., PostgreSQL).
    async fn renew(
        &self,
        _grain_id: &GrainId,
        _cluster_id: &ClusterId,
    ) -> Result<(), DirectoryError> {
        Ok(())
    }

    /// Enumerate grains currently owned by a given cluster. Used by failover
    /// to discover which grains require promotion when a peer is declared dead.
    ///
    /// Default returns an empty list so existing implementors compile without
    /// modification; backends should override to enable failover support.
    async fn list_owned_by(
        &self,
        _cluster_id: &ClusterId,
    ) -> Result<Vec<(GrainId, GrainOwnership)>, DirectoryError> {
        Ok(Vec::new())
    }
}

/// Who owns a grain activation.
#[derive(Debug, Clone)]
pub struct GrainOwnership {
    pub cluster_id: ClusterId,
    pub epoch: u64,
    pub registered_at: SystemTime,
}

#[derive(Debug, thiserror::Error)]
#[non_exhaustive]
pub enum DirectoryError {
    #[error("directory backend unavailable: {0}")]
    Unavailable(String),
    #[error("stale epoch: current is {current}, requested {requested}")]
    StaleEpoch { current: u64, requested: u64 },
    #[error("directory backend error: {0}")]
    Backend(String),
}

/// In-memory implementation for testing and single-process multi-cluster setups.
#[derive(Debug, Default)]
pub struct InMemoryCrossClusterDirectory {
    entries: Mutex<HashMap<String, (GrainId, GrainOwnership)>>,
}

impl InMemoryCrossClusterDirectory {
    pub fn new() -> Self {
        Self::default()
    }

    fn key(grain_id: &GrainId) -> String {
        format!("{}/{}", grain_id.type_name, grain_id.key)
    }
}

#[async_trait]
impl CrossClusterDirectory for InMemoryCrossClusterDirectory {
    async fn lookup(&self, grain_id: &GrainId) -> Result<Option<GrainOwnership>, DirectoryError> {
        let entries = self
            .entries
            .lock()
            .map_err(|e| DirectoryError::Backend(e.to_string()))?;
        Ok(entries.get(&Self::key(grain_id)).map(|(_, o)| o.clone()))
    }

    async fn register(
        &self,
        grain_id: &GrainId,
        cluster_id: &ClusterId,
        epoch: u64,
    ) -> Result<GrainOwnership, DirectoryError> {
        let mut entries = self
            .entries
            .lock()
            .map_err(|e| DirectoryError::Backend(e.to_string()))?;
        let key = Self::key(grain_id);

        // CAS: first writer wins, but higher epoch can reclaim
        if let Some((_, existing)) = entries.get(&key) {
            if existing.cluster_id != *cluster_id && epoch <= existing.epoch {
                // Another cluster owns it at a higher or equal epoch
                return Ok(existing.clone());
            }
            if existing.cluster_id == *cluster_id && epoch <= existing.epoch {
                // We already own it at this or higher epoch
                return Ok(existing.clone());
            }
            // Higher epoch — allow re-registration (failover promotion)
        }

        let ownership = GrainOwnership {
            cluster_id: cluster_id.clone(),
            epoch,
            registered_at: SystemTime::now(),
        };
        entries.insert(key, (grain_id.clone(), ownership.clone()));
        Ok(ownership)
    }

    async fn deregister(
        &self,
        grain_id: &GrainId,
        cluster_id: &ClusterId,
    ) -> Result<(), DirectoryError> {
        let mut entries = self
            .entries
            .lock()
            .map_err(|e| DirectoryError::Backend(e.to_string()))?;
        let key = Self::key(grain_id);

        // Only the owning cluster can deregister
        if let Some((_, existing)) = entries.get(&key)
            && existing.cluster_id == *cluster_id
        {
            entries.remove(&key);
        }
        Ok(())
    }

    async fn list_owned_by(
        &self,
        cluster_id: &ClusterId,
    ) -> Result<Vec<(GrainId, GrainOwnership)>, DirectoryError> {
        let entries = self
            .entries
            .lock()
            .map_err(|e| DirectoryError::Backend(e.to_string()))?;
        Ok(entries
            .values()
            .filter(|(_, o)| o.cluster_id == *cluster_id)
            .cloned()
            .collect())
    }
}