fix: do not close sentinel when replica list is empty

[shahyash2609]

Summary

• Bug: replicaAddrss() in sentinel.go calls closeSentinel() when getReplicaAddrs returns an empty list without error. This tears down the sentinel connection (and its +switch-master pub/sub subscription), forcing a full sentinel rediscovery on every subsequent operation.
• Impact: On master-only sentinel setups (no replicas), this creates a continuous rediscovery loop — every dial triggers concurrent queries to all sentinel nodes, flooding logs and adding unnecessary latency.
• Fix: Return []string{}, nil instead of calling closeSentinel() when replicas are empty but there's no error. An empty replica list is a valid, stable state for master-only deployments. The sentinel connection must be preserved for ongoing master discovery and failover monitoring.

Root cause

In sentinel.go, function replicaAddrss():

} else {
    // No error and no replicas.
    _ = c.closeSentinel()  // ← BUG: destroys sentinel for a valid state
}

After closeSentinel(), c.sentinel is nil and c.pubsub is nil. The next call to MasterAddr() must perform full sentinel discovery (querying all sentinel nodes concurrently) because there's no cached sentinel client to use.

With replicas present this code path is never reached — replicaAddrs() returns the cached list and does an async refresh. The bug only manifests on master-only clusters.

Changes

File	Change
sentinel.go	Replace closeSentinel() with return []string{}, nil in the zero-replica branch
export_test.go	Add test helpers to inspect sentinelFailover internal state
sentinel_test.go	Add TestSentinelFailover_ReplicaAddrs_NoReplicas verifying sentinel survives repeated calls with zero replicas

Test plan

• TestSentinelFailover_ReplicaAddrs_NoReplicas — confirms sentinel stays alive after ReplicaAddrs returns empty list
• Existing sentinel tests continue to pass (no behavioral change for setups with replicas)
• Verified in production at Meesho on master-only sentinel clusters — rediscovery loop eliminated

🤖 Generated with Claude Code

---

Note

Medium Risk
Touches Sentinel failover connection lifecycle logic; while narrowly scoped, a mistake could cause stale Sentinel state or unnecessary reconnects in production.

Overview
Prevents sentinelFailover.replicaAddrs from calling closeSentinel() when Sentinel returns no replicas and no error, returning an empty list instead to preserve the Sentinel client/pubsub subscription for master discovery and failover monitoring.

Adds test-only helpers (HasSentinel, NewTestSentinelFailover, ReplicaAddrs) and a new unit/integration test TestSentinelFailover_ReplicaAddrs_NoReplicas that provisions a temporary master-only Sentinel monitor and asserts the Sentinel connection remains alive across repeated ReplicaAddrs calls.

^{Reviewed by Cursor Bugbot for commit 318995c. Bugbot is set up for automated code reviews on this repo. Configure here.}

[jit-ci]

Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset.

In case there are security findings, they will be communicated to you as a comment inside the PR.

Hope you’ll enjoy using Jit.

Questions? Comments? Want to learn more? Get in touch with us.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4620700cac

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep disconnected-replica fallback when no healthy replicas

Returning immediately on the zero-replica branch bypasses the useDisconnected path in sentinelFailover.replicaAddrs, so when FailoverOptions.UseDisconnectedReplicas is enabled and the cached sentinel reports only disconnected replicas, RandomReplicaAddr can no longer discover those replicas and will route reads to the master instead. This is a regression in failover behavior under degraded replication states because the second call (replicaAddrs(ctx, true)) now exits before reaching the loop that applies parseReplicaAddrs(..., useDisconnected).

Useful? React with 👍 / 👎.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Reviewed by Cursor Bugbot for commit a95c9f1. Configure here.}

[shahyash2609]

@ofekshenawa @ndyakov Can you please review this PR?

[ndyakov]

@shahyash2609 thank you for pinging us, will check it as soon as possible.

[shahyash2609]

Hi @ndyakov, Hope you are doing well.
Can you pleaes review this once you get time?