Skip to content

fix: prevent empty defaults/overrides dicts in policy spec#880

Open
crstrn13 wants to merge 2 commits intomainfrom
fix/policy-defaults-overrides-context
Open

fix: prevent empty defaults/overrides dicts in policy spec#880
crstrn13 wants to merge 2 commits intomainfrom
fix/policy-defaults-overrides-context

Conversation

@crstrn13
Copy link
Contributor

@crstrn13 crstrn13 commented Mar 5, 2026
edited
Loading

Description

  • Fixed a bug in AuthPolicy where accessing defaults or overrides properties would immediately create empty dicts in the spec, even when no rules were added
  • Changed the implementation to use lazy initialization with string markers instead of eager dict creation
  • This prevents empty defaults: {} or overrides: {} sections from appearing in committed AuthPolicy specs

Changes

Bug Fix

  • Modified defaults and overrides properties to use string markers ("defaults", "overrides") instead of immediately calling setdefault()
  • Updated auth_section property to check for string markers and only create the dict when actually needed
  • Updated strategy() method to handle string markers and create the section dict on-demand
  • Added inline comments explaining the lazy initialization pattern

Technical Details

The previous implementation would create empty dicts when accessing properties:

self.spec_section = self.model.spec.setdefault("defaults", {})  # Creates empty dict immediately

New implementation uses lazy initialization:
self.spec_section = "defaults" # Just a marker, no dict created yet

The actual dict is only created when auth_section or strategy() is called to add actual configuration.

Verification steps

No test files were modified. Existing tests verify the fix:

Test defaults/overrides exclusivity rules

poetry run pytest -vv testsuite/tests/singlecluster/defaults/test_rules_exclusivity.py testsuite/tests/singlecluster/overrides/test_rules_exclusivity.py

Test that defaults/overrides functionality still works

poetry run pytest -vv testsuite/tests/singlecluster/defaults/ testsuite/tests/singlecluster/overrides/

@crstrn13 crstrn13 self-assigned this Mar 5, 2026
@crstrn13 crstrn13 added the bug Something isn't working label Mar 5, 2026
@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 5, 2026

/make kuadrant

1 similar comment
@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 5, 2026

/make kuadrant

@crstrn13 crstrn13 marked this pull request as draft March 5, 2026 17:36
@github-actions
Copy link

github-actions bot commented Mar 5, 2026

Test run has started (make kuadrant) and can be found here

@github-actions
Copy link

github-actions bot commented Mar 5, 2026

Test run has started (make kuadrant) and can be found here

@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 6, 2026

/make kuadrant

@crstrn13 crstrn13 force-pushed the fix/policy-defaults-overrides-context branch from ed40602 to db55b43 Compare March 6, 2026 08:31
@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 6, 2026

/make kuadrant

@github-actions
Copy link

github-actions bot commented Mar 6, 2026

Test run has started (make kuadrant) and can be found here

@crstrn13 crstrn13 marked this pull request as ready for review March 6, 2026 09:33
@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 6, 2026

/make kuadrant

1 similar comment
@crstrn13
Copy link
Contributor Author

crstrn13 commented Mar 6, 2026

/make kuadrant

@github-actions
Copy link

github-actions bot commented Mar 6, 2026

Test run has started (make kuadrant) and can be found here

emmaaroche
emmaaroche previously approved these changes Mar 10, 2026
View reviewed changes
Copy link
Contributor

@emmaaroche emmaaroche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

silvi-t
silvi-t reviewed Mar 10, 2026
View reviewed changes
silvi-t
silvi-t reviewed Mar 10, 2026
View reviewed changes
silvi-t
silvi-t reviewed Mar 10, 2026
View reviewed changes
averevki
averevki reviewed Mar 10, 2026
View reviewed changes
@crstrn13 crstrn13 force-pushed the fix/policy-defaults-overrides-context branch 2 times, most recently from 190a6de to 15ef176 Compare March 14, 2026 11:03
@crstrn13
easy fix
f14e9ad 
Signed-off-by: Alexander Cristurean <acristur@redhat.com>
@crstrn13 crstrn13 force-pushed the fix/policy-defaults-overrides-context branch from bafe6fd to f14e9ad Compare March 14, 2026 22:15
@crstrn13
fix: also added rlp.
36f7ece 
Signed-off-by: Alexander Cristurean <acristur@redhat.com>
averevki
averevki reviewed Mar 17, 2026
View reviewed changes
testsuite/kuadrant/policy/authorization/auth_policy.py
Comment on lines +58 to +62
if isinstance(self.spec_section, str):
# String marker - create the section now
section = self.model.spec.setdefault(self.spec_section, {})
else:
section = self.spec_section
Copy link
Contributor

@averevki averevki Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if isinstance(self.spec_section, str):
# String marker - create the section now
section = self.model.spec.setdefault(self.spec_section, {})
else:
section = self.spec_section
section = self.spec_section
if isinstance(self.spec_section, str):
# String marker - create the section now
section = self.model.spec.setdefault(self.spec_section, {})

better code flow 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@averevki averevki averevki left review comments

@azgabur azgabur Awaiting requested review from azgabur

@silvi-t silvi-t Awaiting requested review from silvi-t

@emmaaroche emmaaroche Awaiting requested review from emmaaroche

At least 2 approving reviews are required to merge this pull request.

Assignees

@crstrn13 crstrn13

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@crstrn13 @averevki @silvi-t @emmaaroche