Fixes Race Condition

[FriedJannik]

Description

Fixes a race condition in registry descriptor synchronization when GENERAL_AASREGISTRYINTEGRATION=true.

Concurrent POST /shells/{id}/submodel-refs requests could trigger parallel registry upserts for the same AAS descriptor. The previous SELECT/insert-style flow was vulnerable under PostgreSQL READ COMMITTED, allowing both transactions to observe a missing descriptor and then race on insert, causing duplicate key violations and a 500 response.

This change adds coverage for the concurrent submodel-reference creation flow and updates descriptor synchronization to serialize conflicting descriptor upserts by descriptor id. A similar overlapping upsert scope in the submodel registry was also guarded.

Changes

• Added an integration test for concurrent POST /shells/{id}/submodel-refs with registry synchronization enabled.
• Fixed AAS descriptor upsert behavior to avoid duplicate key races during concurrent registry sync.
• Updated AAS descriptor handling to update the main descriptor row in place and replace dependent descriptor details transactionally.
• Added transaction-scoped serialization for overlapping submodel descriptor upserts in the SM registry.
• Checked similar coupled API/DB descriptor synchronization paths for comparable race conditions.

Problem

With GENERAL_AASREGISTRYINTEGRATION=true, two parallel submodel-reference creations for the same shell could both call the AAS descriptor upsert path. Because the old implementation used a SELECT-before-INSERT pattern, PostgreSQL statement snapshots could allow both transactions to see no existing descriptor. One transaction would insert successfully, while the other failed with a duplicate key violation such as:

pq: duplicate key value violates unique constraint "aas_descriptor_id_key" (23505)

This surfaced as:

AASREPO-500-PostSubmodelReferenceAasRepository-InternalServerError-CreateSubmodelReferenceInAssetAdministrationShell

Solution

The AAS registry descriptor upsert now serializes concurrent work for the same descriptor id inside the transaction and updates existing descriptor rows instead of deleting/reinserting the root descriptor row. Dependent descriptor data is replaced transactionally so nested descriptor state stays consistent.

A similar race-prone submodel descriptor upsert path was also protected with transaction-scoped per-descriptor serialization.

Testing

• go test -v ./internal/common/descriptors ./internal/aasregistry/persistence ./internal/smregistry/persistence
• go vet ./internal/common/descriptors ./internal/aasregistry/persistence ./internal/smregistry/persistence ./internal/aasenvironment/integration_tests
• go test -v ./internal/aasenvironment/integration_tests
• go clean -testcache
• go test -v ./internal/submodelrepository/integration_tests

Notes

The new race test is concurrency-based, so the pre-fix failure is timing dependent. The test verifies the intended behavior: concurrent submodel-reference creation must not return 500 responses and must not lose created references.