httpserver: make /-/reload handler cancellation-safe

[kimjune01]

Summary

• Fix race condition in the /-/reload HTTP handler where a cancelled client request could leave the reload channel in a stuck state
• Use select with context.Done() to detect client disconnection before sending on the reload channel
• Drain the error channel on cancellation to prevent goroutine leaks

Fixes #5103

Test plan

• New tests verify reload handler behavior under normal conditions and client cancellation
• Existing httpserver tests pass unchanged

Summary by CodeRabbit

• Bug Fixes

  • Improved reload endpoint reliability with better handling of client disconnections and request timeouts.

• Tests

  • Added comprehensive reload handler tests covering success, error handling, and cancellation scenarios.

[coderabbitai]

📝 Walkthrough

Walkthrough

The /-/reload POST handler is hardened against client disconnection deadlocks. A buffered error channel replaces the unsafe unbuffered approach, and context-aware select statements protect both the enqueue and result-receive checkpoints. Four new tests validate the handler behavior across success, error, and cancellation scenarios.

Changes

Reload Handler Cancellation Safety

Layer / File(s)	Summary
Handler cancellation-safety implementation httpserver/httpserver.go	Handler creates a buffered errc and uses two select statements: one to send the channel to reloadCh (aborting with HTTP 422 on context cancellation) and one to receive the result (also aborting with HTTP 422 if context is done). The unsafe defer close(errc) is removed.
Test coverage for reload scenarios httpserver/httpserver_test.go	Imports context, errors, and time. Four tests verify: successful reload returning 200 OK, error propagation returning 500, client disconnect before enqueue returning 422, and client disconnect during reload allowing buffered send without blocking.

Sequence Diagram

sequenceDiagram
  participant Client
  participant Handler
  participant ReloadQueue as reloadCh
  participant Reloader
  Client->>Handler: POST /-/reload
  Handler->>Handler: Create buffered errc chan
  alt Context done before send
    Handler-->>Client: 422 UnprocessableEntity
  else Send errc to queue
    Handler->>ReloadQueue: Send errc
    ReloadQueue->>Reloader: Receive errc
    alt Reloader completes
      Reloader->>Handler: Send result on errc
      Handler-->>Client: 200 OK (nil) or 500 (error)
    else Context done during reload
      Client-xHandler: Context cancelled
      Handler-->>Client: 422 UnprocessableEntity
    end
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: making the /-/reload handler safe for cancellation.
Description check	✅ Passed	The description covers the problem, solution, test plan, and issue reference, matching the template requirements for a bugfix with tests.
Linked Issues check	✅ Passed	The code changes directly address all objectives from issue #5103: using buffered channel, removing unsafe defer close, adding context-aware select statements, and comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes are focused on fixing the /-/reload handler cancellation issue and adding corresponding tests; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@httpserver/httpserver_test.go`:
- Around line 34-40: The tests spawn goroutines that call require.* (which calls
t.FailNow) — replace these with assert.* or move the assertions out of the
goroutine: capture the httptest.ResponseRecorder (w) and any response values
inside the goroutine, send them on a channel or close(done) and then after
<-done perform require.Equal(t, http.StatusOK, w.Code) in the main test
goroutine; update the four occurrences referencing the done channel,
router.ServeHTTP, httptest.NewRequest and httptest.NewRecorder so assertions run
in the test goroutine or use assert.* inside the goroutine instead.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 40886f45-c83a-456b-a48c-5b6f09629879

📥 Commits

Reviewing files that changed from the base of the PR and between 7806d6e and 508c0b3.

📒 Files selected for processing (2)

• httpserver/httpserver.go
• httpserver/httpserver_test.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

testify require FailNow from goroutine other than test goroutine

💡 Result:

In Go’s testing and in stretchr/testify, you must not call require.* / t.FailNow (which it uses under the hood) from a goroutine other than the goroutine running the test. Evidence: - Go’s testing.T.FailNow documentation says FailNow “must be called from the goroutine running the test or benchmark function, not from other goroutines created during the test.” It calls runtime.Goexit in the current goroutine, so it only stops that goroutine, not the whole test. [1] - testify’s require package documentation states that require “terminate current test” and “must be called from the goroutine running the test or benchmark function, not from other goroutines created during the test.” [2] What to do instead: - Use assert.* inside goroutines (it records an error via t.Errorf-style behavior rather than invoking FailNow). This is the common workaround suggested in testify discussions: “use assert in goroutines, not require.” [3] - Or funnel the result back to the main test goroutine (e.g., via a channel) and perform require/assert in that main goroutine, so FailNow happens on the correct goroutine. [4] Why this matters: - If require calls t.FailNow from the wrong goroutine, runtime.Goexit will exit only that goroutine, so the expected assertion/termination semantics for the test can break (and can even lead to hangs in some patterns). [5][6]

Citations:

• 1: https://go.dev/issue/24678
• 2: https://pkg.go.dev/github.com/stretchr/testify/require
• 3: How to handle failed expectations inside of a goroutine? stretchr/testify#772
• 4: Calling Called() in a goroutine can result in a call to t.FailNow() stretchr/testify#1701
• 5: Eventually hangs on failed/aborted condition stretchr/testify#1810
• 6: panic: test executed panic(nil) or runtime.Goexit stretchr/testify#573

---

🏁 Script executed:

# Check the actual test file at the mentioned line ranges
cat -n httpserver/httpserver_test.go | sed -n '30,70p'

Repository: prometheus/alertmanager

Length of output: 1246

---

🏁 Script executed:

# Also check the other two ranges
cat -n httpserver/httpserver_test.go | sed -n '82,125p'

Repository: prometheus/alertmanager

Length of output: 1618

---

Use assert.* or move assertions outside goroutines.

require.* calls t.FailNow(), which per Go's testing documentation must be called from the goroutine running the test—calling it from another goroutine exits only that goroutine via runtime.Goexit(), leaving the test in a misleading state instead of properly failing.

All four new tests have this issue (lines 34–40, 58–65, 86–92, 115–121). Fix by either:

1. Moving assertions outside the goroutine and capturing response objects in the main goroutine after <-done, or
2. Using assert.* inside the goroutines to record failures without violating the threading contract.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@httpserver/httpserver_test.go` around lines 34 - 40, The tests spawn
goroutines that call require.* (which calls t.FailNow) — replace these with
assert.* or move the assertions out of the goroutine: capture the
httptest.ResponseRecorder (w) and any response values inside the goroutine, send
them on a channel or close(done) and then after <-done perform require.Equal(t,
http.StatusOK, w.Code) in the main test goroutine; update the four occurrences
referencing the done channel, router.ServeHTTP, httptest.NewRequest and
httptest.NewRecorder so assertions run in the test goroutine or use assert.*
inside the goroutine instead.