Skip to content

Fix policy attachment when ancestors slice is full #3698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Fix policy attachment when ancestors slice is full #3698

wants to merge 13 commits into from

Conversation

sarthyparty
Copy link
Contributor

@sarthyparty sarthyparty commented Aug 6, 2025
edited
Loading

Proposed changes

Problem: Multiple bugs when ancestor slice was full:

  • BackendTLSPolicy became invalid
  • NGF Policies would not partially attach policies to services when multiple ancestor refs were created from a single service but attach to the whole service
  • No condition was added to ancestor
  • No logs on controller

Solution: Added conditions to ancestor and logs to controller. I fixed BackendTLSPolicy to add attachments until ancestors became full and fixed NGF policies as well

Testing: Currently unit tests and manual tested

Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.

Closes #1987

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

@github-actions github-actions bot added the bug Something isn't working label Aug 6, 2025
@sarthyparty sarthyparty force-pushed the bug/handle-policy-ancestor branch from b5891a0 to 3041aa9 Compare August 7, 2025 20:15
@sarthyparty sarthyparty marked this pull request as ready for review August 11, 2025 19:41
@sarthyparty sarthyparty requested a review from a team as a code owner August 11, 2025 19:41
@sarthyparty sarthyparty force-pushed the bug/handle-policy-ancestor branch from e02c8bb to 624fd46 Compare August 11, 2025 19:41
sjberman
sjberman reviewed Aug 12, 2025
View reviewed changes
@sarthyparty sarthyparty requested a review from sjberman August 12, 2025 23:15
@sarthyparty sarthyparty force-pushed the bug/handle-policy-ancestor branch from a42533f to 5a0abd0 Compare August 12, 2025 23:16
@sarthyparty sarthyparty force-pushed the bug/handle-policy-ancestor branch from 5a0abd0 to ad62fba Compare August 13, 2025 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjberman sjberman Awaiting requested review from sjberman

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
bug Something isn't working
Projects
NGINX Gateway Fabric
Status: 🆕 New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle policy attachment when ancestor status slice is full
2 participants
@sarthyparty @sjberman