Address race condition in TestGetIdentity

[bimmlerd]

Please read the commit message of the first commit to understand the race - second commit is a bit of cleanup.

Fixes: #30873
Fixes: #30255

[bimmlerd]

/test

[bimmlerd]

CI triage (WIP):

• Travis: Filed CI: controlplane: 'Timed out waiting for pre-existing resources to be received' #30892 and a PR to fix it for the control plane test failure.
• ci-integration: kvstore failure: Error: Timed out waiting to acquire the kvstore lock https://github.com/cilium/cilium/actions/runs/7990633467/job/21819875607#step:8:176.
• ci-integration: hive/job timeout: filed CI: ci-runtime: hive/job: TestTimer_ExitOnCloseFnCtx times out #30927 and fixing in job: avoid a race condition in TestTimer_ExitOnCloseFnCtx #30929

[margamanterola]

Minor comment nits

[tommyp1ckles]

nice writeup!

[bimmlerd]

/test

[bimmlerd]

CI triage ( 😞 )

• Travis hit CI: ci-runtime: hive/job: TestTimer_ExitOnCloseFnCtx times out #30927, will be fixed by job: avoid a race condition in TestTimer_ExitOnCloseFnCtx #30929 - rerunning for now.
• ci-runtime hit CI: Conformance Runtime (privileged): TestOps: "0" is not greater than "0" #30899 which I'm fixing in bandwidth: test: don't unlock OS thread too early #30932 - rerunning.
• ci-ginkgo:
  • E2E Test (1.29, f09-datapath-misc-2): looks like CI: Any test: terminating containers are not deleted after timeout #18447
  • E2E Test (1.26, f10-agent-hubble-bandwidth): filed CI: Conformance Ginkgo: E2E Test (1.26, f10-agent-hubble-bandwidth): "Failed to create gRPC client" warning #30934 - kind of useless warning logged by hubble-relay
• ci-runtime (2nd run): filed CI: pkg/alibabacloud/eni: ENISuite/TestPrepareIPAllocation is flaky #30935 - rerunning again.
• ci-runtime (3rd run) hit CI: Conformance Runtime (privileged): TestOps: "0" is not greater than "0" #30899 again
• ci-eks hit a weird sequence of events, where the context of an endpoint regeneration was cancelled which leads to some error logs - however, the agent recovered from these, so I'm unsure whether it was worth failing the test.
• ci-clustermesh:
  • Run connectivity test (4, disabled, ipv6, disabled, none, clustermesh, legacy, migration, 255): operator error log: level=error msg="Failed to update lock: Put \"https://[fc00:f853:ccd:e793::3]:6443/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/cilium-operator-resource-lock?timeout=5s\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)" subsys=klog (1 occurrences) seems similar to CI: multiple tests, level=error msg="Failed to update lock: etcdserver: request timed out" subsys=klog in operator logs #23047, but whatever- rerunning.
  • Run connectivity test (8, vxlan, dual, ipsec, iptables, clustermesh, cluster, cluster, 255) hit CI: Conformance E2E: client-egress-l7-named-port/pod-to-pod: command terminated with exit code 28 (timeout) #27762
  • the upgrade downgrade test hit CI: test-conn-disrupt-client failed due to interrupted traffic during upgrade/downgrade #28088 in https://github.com/cilium/cilium/actions/runs/8016451099/job/21898409307#step:42:53
• ci-upgrade-ipsec: level=error msg="Failed to update lock: Operation cannot be fulfilled on leases.coordination.k8s.io \"cilium-operator-resource-lock\": the object has been modified; please apply your changes to the latest version and try again" subsys=klog (1 occurrences) in the operator logs again
• ci-eks (2nd run): same failure as above, seems to be a real thing?

[gandro]

There are some non-trivial conflicts on the v1.15 branch, and given this is about races I think it's probably better if I don't try to resolve them without context. Marking as "backport/author"