This pull request does not have a backport label. Could you fix it @michel-laterman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

I added some benchmarks, and ran them against main for comparison.
Note that while main has a RWMutex, it's only used in the updateBulkerMap func, but not in GetBulker, CreateAndGetBulker.
This PR also uses a sync.Map for remoteOutputConfigMap, and main does not.

Benchmarks were ran with go test -bench=Benchmark_CreateAndGetBulker -count 10 .

goos: darwin
goarch: arm64
pkg: github.com/elastic/fleet-server/v7/internal/pkg/bulk
cpu: Apple M3 Pro
                                              │  main.txt   │              sync.txt               │
                                              │   sec/op    │    sec/op     vs base               │
_CreateAndGetBulker/new_remote_bulker-12        44.62µ ± 7%   45.56µ ± 10%       ~ (p=0.529 n=10)
_CreateAndGetBulker/existing_remote_bulker-12   658.5n ± 3%   710.3n ±  6%  +7.86% (p=0.000 n=10)
_CreateAndGetBulker/changed_remote_bulker-12    46.27µ ± 9%   47.56µ ±  5%       ~ (p=0.529 n=10)
geomean                                         11.08µ        11.55µ        +4.22%

                                              │   main.txt   │              sync.txt               │
                                              │     B/op     │     B/op      vs base               │
_CreateAndGetBulker/new_remote_bulker-12        39.30Ki ± 0%   38.79Ki ± 0%  -1.30% (p=0.000 n=10)
_CreateAndGetBulker/existing_remote_bulker-12     591.0 ± 0%     623.0 ± 0%  +5.41% (p=0.000 n=10)
_CreateAndGetBulker/changed_remote_bulker-12    38.78Ki ± 1%   38.78Ki ± 1%       ~ (p=0.896 n=10)
geomean                                         9.582Ki        9.709Ki       +1.32%

                                              │  main.txt   │              sync.txt               │
                                              │  allocs/op  │  allocs/op   vs base                │
_CreateAndGetBulker/new_remote_bulker-12        1.033k ± 0%   1.039k ± 0%   +0.58% (p=0.000 n=10)
_CreateAndGetBulker/existing_remote_bulker-12    11.00 ± 0%    13.00 ± 0%  +18.18% (p=0.000 n=10)
_CreateAndGetBulker/changed_remote_bulker-12    1.038k ± 0%   1.042k ± 0%   +0.39% (p=0.000 n=10)
geomean                                          227.6         241.4        +6.07%

buildkite test this

My take on this is that this is a real bug, the GetBulkerMap() method introduced to support remote outputs isn't concurrency safe and really can't be unless you do something like this.

I don't like the use of sync.Map to solve this, primarily because it removes type safety in a codebase that I already find hard to follow with many levels of interface abstraction. I also don't see us satisfying the two criteria where sync.Map recommends its use: https://pkg.go.dev/sync#Map. I also don't like that it will encourage us to just randomly access the bulker everywhere but TBH that is kind of how it is designed to be used right now.

The Map type is optimized for two common use cases: (1) when the entry for a given key is only ever written once but read many times, as in caches that only grow, or (2) when multiple goroutines read, write, and overwrite entries for disjoint sets of keys. In these two cases, use of a Map may significantly reduce lock contention compared to a Go map paired with a separate Mutex or RWMutex.

We don't satisfy 1 because outputs can be changed, updated, and deleted. We don't satisfy 2 because the entire point of GetBulkerMap is to look at every key and not some non-overlapping set of keys.

It looks like we could solve this but just introducing a RWMutex for all the uses of bulkMap. There are several that are not mutex protected.

The GetBulkerMap method only has one use and it is to get the output name and client for each existing output. Rather than return a reference to the map, you can just hold a mutex to return a copy of those two things. Assuming the client is safe for concurrent access. GetBulkerMap shouldn't exist in its current form.

You could potentially rewrite the way the remote ES output healthcheck works to not need a concurrent map at all. The self monitor could listen on a channel for state updates from each attempt to interact with the remote ES update that could fail or something like that.

I'm not really worried about the performance implications of this after read the code involved. I think that was just a way to see if use of sync.Map was justified. I don't think it is for non-performance reasons (interfaces, ugh).

I'll reimplement the mutex and create an issue to discuss remote output health

Issue: #4185
I think we should remove remote health reporting from the policy self-monitor as it does nothing to the (fleet-server) status, but we can discuss it in the issue.

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
50.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube