policy/api: don't write zero enableDefaultDeny field #35804
Conversation
|
/test |
|
/test |
c28f080 to
1174d99
Compare
|
/test |
1174d99 to
d6036f7
Compare
|
/test |
There was a problem hiding this comment.
The failing https://github.com/cilium/cilium/actions/runs/11825695933/job/33196483218#step:18:960 f02-agent-fqdn e2e test seems to be legitimate, it's persistent across re-runs.
I think we need to additionally protect access to the EnableDefaultDeny field with r.EnableDefaultDeny != nil checks now that it is a (potentially nil) pointer.
Before this change, marshalling policy to a struct caused the line
`... "enableDefaultDeny":{}, ...` to be written to json-marshalled
network policy. This later caused problems when using cilium-cli with
cluster versions that do not support the `enableDefaultDeny` field.
This can be replaced with a `omitzero` modifier on the json struct tag
once go1.24 is released. Until then, we can work around this with a
simple pointer instead.
Signed-off-by: Casey Callendrello <cdc@isovalent.com>
|
EnableDefaultDeny isn't a pointer, so it can't be nil. That's what got us in to this mess in the first place :-/. The CI failure is actually #35985, I just need to rebase. |
d6036f7 to
3cdcc16
Compare
|
/test |
Now I´m confused. Isn't this the other way around that it wasn't a pointer before and couldn't be
Ah, perfect. |
Right, this doesn't change the policy type, just the stub type we use for JSON marshalling. We never actually dereference the pointer. |
Ah, stub type was what confused me. Thanks for clarifying. |
Before this change, marshalling policy to a struct caused the line
... "enableDefaultDeny":{}, ...to be written to json-marshalled network policy. This later caused problems when using cilium-cli with cluster versions that do not support theenableDefaultDenyfield.This can be replaced with a
omitzeromodifier on the json struct tag once go1.24 is released. Until then, we can work around this with a simple pointer instead.