Conversation
- Replace go.uber.org/mock with github.com/vektra/mockery/v2 for mock generation
- Update Makefile: replace mockgen target with mockery
- Update go:generate directive in pkg/nftables/firewall.go
- Regenerate mocks using mockery (now uses github.com/stretchr/testify/mock)
- Update test imports and mock usage from gomock API to testify/mock API
Mock API changes:
- Mock class: MockFQDNCache -> FQDNCache
- Constructor: NewMockFQDNCache(ctrl) -> NewFQDNCache(t)
- Matchers: gomock.Any() -> mock.Anything
- Expectations: .EXPECT().Method() -> .On("Method")
The test was using mock.Anything for both GetSetsForFQDN calls, causing both expectations to match every call and return the same values. Now matches on the actual FQDNSelector values (MatchName and MatchPattern) to properly test the different return values for IPv4 and IPv6 sets.
- pkg/dns/dnscache.go: Added Lock()/Unlock() around updateDNSServerAddr() write, and RLock()/RUnlock() around dnsServerAddr read in loadDataFromDNSServer() - pkg/dns/dns_proxy_handler.go: Added sync.RWMutex to DNSProxyHandler, locked dnsServerAddr writes in UpdateDNSServerAddr() and reads in getDataFromDNS()
Add concurrent access tests that detect data races using go test -race. Tests cover concurrent updateIPEntry with getSetsForRendering, getSetNameForRegex, getSetNameForFQDN, writeStateToConfigmap, and updateDNSServerAddr, plus a multiple-readers test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
The lock for dnsServerAddr is technically correct, but the dnsServerAddr gets literally never updated. (It's either the hard-coded default for regular clusters, or the partition-service proxy address for network-isolated clusters, which will never change). |
Contributor
|
Please wait til #213 is merged |
Contributor
|
I ran the test code against the buggy 2.4.0 version, and it would have successfully crashed (and therefore detected) the race condition 👍 |
Contributor
|
The loops in dnscache_test.go like this:
|
Contributor
Merged now |
mwennrich
approved these changes
Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
I made Claude write tests to detect race conditions by simulating DNS load scenarios.
It found two potential issues, that are also fixed in this PR:
I also checked if it would have found #211, by reverting the commit.