test(envtest): fix race between test mutations and controller status flush

[bdchatham]

Summary

Fixes an intermittent flake in the envtest integration suite for TestSeiNode_StatefulSetRecreatedAfterDelete and TestSeiNode_StatefulSetImpostorReplaced (the `sts-recreated` and `sts-impostor` scenarios).

Diagnosis

Both tests issue two near-simultaneous mutations on the same SeiNode:

1. A destabilizing mutation — Delete(sts) for sts-recreated, or Status().Update forging a UID mismatch for sts-impostor.
2. A spec patch — bumping spec.overrides["chain.touch-counter"] to fire the SeiNode predicate deterministically.

The SeiNode reconciler uses optimistic locking for its status flush (internal/controller/node/controller.go:92):

```go
statusBase := client.MergeFromWithOptions(before, client.MergeFromWithOptimisticLock{})
```

When the spec patch in step (2) lands between the in-flight reconcile's Get and its Status.Patch, the patch fails with 409:

```
"flushing status: Operation cannot be fulfilled on seinodes.sei.io "sts-recreated":
the object has been modified; please apply your changes to the latest version and try again"
```

Controller-runtime re-queues on 409, but the exponential backoff occasionally stretches convergence past the 30s pollTimeout (helpers_test.go:26) — surfacing as a flake.

History

• 2026-05-26 — main run 26460706817 failed with this exact pattern after chore: bump sei-config to v0.0.16 #353 squash-merged into main. The PR itself (chore: bump sei-config to v0.0.16 #353) had passed test-integration in 3m51s; only the post-merge run on main caught the race.
• 2026-05-21 — main on commit 2cc9e8c0 also failed similarly.
• Otherwise green — low-single-digit % flake rate, consistent with timing-sensitive interleaves rather than a behavior regression.

Fix

Test-only. Insert a waitFor between the two mutations in each test:

sts-recreated

After Delete(sts), wait for the Owns watch to fire the deletion-observation reconcile — condition succeeds when the StatefulSet is briefly NotFound or has been recreated with a new UID. Both signal the Owns watch has already done its work, so the subsequent spec patch triggers a fresh reconcile rather than racing one in flight.

sts-impostor

After Status().Update forging the UID, wait for the forged value to be durable on the apiserver before issuing the spec patch. The re-Get round-trip also serves as a drain barrier against any reconcile the Status.Update may have woken (predicate configurations that don't filter status updates).

What this PR does not change

• No controller behavior change (the MergeFromWithOptimisticLock semantics stay — they're correct as defensive checks against stale-view writes).
• No timeout change (pollTimeout/pollInterval unchanged).
• Pure test-side ordering fix.

Validation

Local envtest unavailable on this machine (no etcd in /usr/local/kubebuilder/bin/). Compilation + vet clean. Relying on CI to validate; recommend at least one re-run after merge to confirm the flake is gone.

Refs

• Cross-discussed with chore: bump sei-config to v0.0.16 #353 (the merge that surfaced the flake) and the open chore: bump default controller image to 8b3f1749067b #354 (controller-image bump that's blocked on this).

[cursor]

PR Summary

Low Risk
Only envtest ordering in two integration tests; no runtime controller or API behavior changes.

Overview
Adds test-only synchronization in two SeiNode envtest cases so a follow-up spec.overrides patch does not race an in-flight reconcile’s optimistic-lock status write (409 flakes).

In TestSeiNode_StatefulSetRecreatedAfterDelete, after deleting the owned StatefulSet, the test now waitFors until deletion is observed (NotFound or recreated with a new UID) before bumping the spec.

In TestSeiNode_StatefulSetImpostorReplaced, after forging a bad UID via Status().Update, it waitFors until that status is visible on a fresh Get before the spec bump.

No production controller or timeout changes.

^{Reviewed by Cursor Bugbot for commit 44e8710. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes using default effort and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 44e8710. Configure here.}

[cursor]

Barrier passes immediately on NotFound, race unfixed

Medium Severity

The apierrors.IsNotFound(err) branch causes this barrier to pass on its very first poll, making it a no-op. testCli is a direct (non-cached) client, and the STS has no finalizers in envtest, so it's already gone from etcd when Delete returns. The IsNotFound branch always wins before the second branch (s.UID != originalUID) — which genuinely proves the controller finished its reconcile — can ever be reached. The Owns-watch-triggered reconcile is still async at that point, so the subsequent spec patch can still land between the controller's Get and its optimistic-locked flushStatus, producing the same 409 this barrier is meant to prevent.

 

^{Reviewed by Cursor Bugbot for commit 44e8710. Configure here.}

[cursor]

Impostor barrier trivially satisfied, risks new timeout

Medium Severity

Because testCli is a direct (non-cached) client and Status().Update is synchronous, this barrier's Get sees the forged UID on the very first poll and returns immediately — it never actually drains any reconcile woken by the status write. The original 409 race persists. Worse, if the predicate doesn't filter status-only updates and the controller is fast enough to process the forged UID before the first poll, it nils Status.StatefulSet (impostor-deletion branch), and the barrier's condition (UID == "00000000-…") can never become true again — introducing a new 30s timeout flake that didn't exist before.

 

^{Reviewed by Cursor Bugbot for commit 44e8710. Configure here.}