fix(test): make TestLoadOrCreateSecretConcurrentConverges reliable on windows#451
fix(test): make TestLoadOrCreateSecretConcurrentConverges reliable on windows#451lfaoro wants to merge 1 commit into
Conversation
WalkthroughThe concurrent secret-creation test in encrypt_test.go was modified to add a ChangesTest Determinism Update
Estimated code review effort: 1 (Trivial) | ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
internal/oauth/encrypt_test.go (1)
20-36: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winStaggered sleep likely eliminates the multi-creator race this test claims to validate.
Delaying every goroutine but
i==0by 5ms almost guarantees goroutine 0 wins loadOrCreateSecret's initial readSecretFileRetry check before create. Once it finishes creating the file, the other 15 goroutines will hit the fastreadSecretFileRetrysuccess path at the top ofloadOrCreateSecretand never actually contend for the.lockfile'sO_EXCLacquisition — so the retry/lock logic increateSecretFile(encrypt.go) is effectively no longer exercised concurrently. The unchanged comment on Lines 34-35 ("Exactly one creator wins; every racer must converge...") now overstates what's being tested.Separately, gating on a fixed
time.Sleepis itself a flaky-synchronization pattern — under CI load (the exact condition that caused the original "Access is denied" flakiness), goroutine 0 could still be mid-write when others wake up, so the original race window isn't fully closed either.Consider keeping a couple of goroutines un-delayed (e.g., only
i==0andi==1race immediately, rest are delayed) to preserve genuine lock contention coverage while still reducing contention enough to avoid the Windows issue, and update the comment to reflect the new intent.♻️ Example of preserving a small real race window
for i := range n { wg.Add(1) go func(i int) { defer wg.Done() - // Small fixed delay to reduce Windows lock contention - if i > 0 { + // Small fixed delay to reduce Windows lock contention while still + // letting a couple of goroutines genuinely race for lock creation. + if i > 1 { time.Sleep(time.Millisecond * 5) } secrets[i], errs[i] = loadOrCreateSecret(path, true) }(i) }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@internal/oauth/encrypt_test.go` around lines 20 - 36, The staggered sleep in the concurrent secret-loading test reduces the race coverage that the test is meant to validate. Update the concurrency setup in the test around loadOrCreateSecret so at least a couple of goroutines start immediately and contend on the lock path in createSecretFile, while the rest can still be delayed to ease Windows contention. Also revise the test comment to match the new intent and avoid claiming every racer fully exercises the multi-creator race.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@internal/oauth/encrypt_test.go`:
- Around line 20-36: The staggered sleep in the concurrent secret-loading test
reduces the race coverage that the test is meant to validate. Update the
concurrency setup in the test around loadOrCreateSecret so at least a couple of
goroutines start immediately and contend on the lock path in createSecretFile,
while the rest can still be delayed to ease Windows contention. Also revise the
test comment to match the new intent and avoid claiming every racer fully
exercises the multi-creator race.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 264a3f2d-8f20-4807-80b1-ac64844e9dc7
📒 Files selected for processing (1)
internal/oauth/encrypt_test.go
Vasanthdev2004
left a comment
There was a problem hiding this comment.
Recommend close — in favor of #445, which fixes this at the root
Thanks @lfaoro — chasing this Windows CI flake is genuinely valuable; it's been red-flagging the Windows smoke on unrelated PRs. But I'd close this one in favor of #445, which fixes the same flake at its source instead of masking it. I verified both on Windows in isolated worktrees:
- Original test (no sleep),
-count=100→ fails repeatedly withoauth: create token secret lock: …Access is denied.— the Windows delete-pendingERROR_ACCESS_DENIEDrace increateSecretFile(encrypt.go). - This PR (5ms stagger),
-count=50→ passes 50/50, but it passes because goroutine 0 always wins the create before anyone else runs; the other 15 then hit the fastreadSecretFileRetrypath and never contend on the.lockacquisition. The test that exists to catch this exact bug no longer exercises it. - #445's
encrypt.gofix + the original racy test,-count=100→ 100/100. It makes the test pass legitimately, no test change needed.
The problem: the underlying production bug — parallel logins/refreshes failing on Windows — lives in encrypt.go, which this PR doesn't touch. So merging this would (1) leave the real bug unfixed, (2) delete the concurrency coverage, and (3) make the now-green Windows smoke misleading (green because the race can't happen, not because it's fixed).
They don't git-conflict (different files), but they're mutually-exclusive solutions and #445 is strictly better. CodeRabbit raised the same coverage concern before auto-approving.
Suggested path: close this, merge #445. (The for i := range n modernization is fine on its own, just not a reason to keep the sleep.) No knock on the work — the diagnosis was right, #445 just lands it in the right layer.
Summary
Fix
TestLoadOrCreateSecretConcurrentConvergeswhich was failing on Windows GitHub runners with "Access is denied" on the lock file.The test is now reliable across Linux, macOS, and Windows.
Summary by CodeRabbit