Merge pull request #167 from projectsyn/fix/bgp-resourcegen

simu · web-flow · commit 2b7101afdde0 · 2025-07-04T08:49:56.000+02:00
Correctly handle nulled BGP resource configuration entries
diff --git a/component/bgp-control-plane.jsonnet b/component/bgp-control-plane.jsonnet
@@ -48,73 +48,76 @@ local CiliumBGPNodeConfigOverride(name) =
   };
 
 local validate_auth_secret(name, config) =
-  local data = std.get(config, 'data', {});
-  local sdata = std.get(config, 'stringData', {});
-  assert
-    std.objectHas(data, 'password') || std.objectHas(sdata, 'password')
-    : "Cilium BGP auth secret `%s` doesn't have key `password`" % name;
-  config {
-    metadata+: {
-      namespace: params.cilium_helm_values.bgpControlPlane.secretsNamespace.name,
-    },
-  };
+  if config != null then
+    local data = std.get(config, 'data', {});
+    local sdata = std.get(config, 'stringData', {});
+    assert
+      std.objectHas(data, 'password') || std.objectHas(sdata, 'password')
+      : "Cilium BGP auth secret `%s` doesn't have key `password`" % name;
+    config {
+      metadata+: {
+        namespace: params.cilium_helm_values.bgpControlPlane.secretsNamespace.name,
+      },
+    };
 
 local authsecrets = com.generateResources(
   std.mapWithKey(validate_auth_secret, params.bgp.auth_secrets),
   kube.Secret
 );
 
 local render_peer_config(name, config) =
-  local auth_secret_names = [ o.metadata.name for o in authsecrets ];
-  local validate_peer_config(pconfig) =
-    local secretname = std.get(pconfig.spec, 'authSecretRef');
-    assert
-      secretname == null || std.member(auth_secret_names, secretname)
-      : "CiliumBGPPeerConfig `%s` references auth secret `%s` which doesn't exist"
-        % [ name, secretname ];
-    pconfig;
-  validate_peer_config({
-    metadata+: std.get(config, 'metadata', {}),
-    spec: {
-      families: std.objectValues(std.get(config, 'families', {})),
-    } + com.makeMergeable(std.get(config, 'spec', {})),
-  });
+  if config != null then
+    local auth_secret_names = [ o.metadata.name for o in authsecrets ];
+    local validate_peer_config(pconfig) =
+      local secretname = std.get(pconfig.spec, 'authSecretRef');
+      assert
+        secretname == null || std.member(auth_secret_names, secretname)
+        : "CiliumBGPPeerConfig `%s` references auth secret `%s` which doesn't exist"
+          % [ name, secretname ];
+      pconfig;
+    validate_peer_config({
+      metadata+: std.get(config, 'metadata', {}),
+      spec: {
+        families: std.objectValues(std.get(config, 'families', {})),
+      } + com.makeMergeable(std.get(config, 'spec', {})),
+    });
 
 local bgppeerconfigs = com.generateResources(
   std.mapWithKey(render_peer_config, params.bgp.peer_configs),
   CiliumBGPPeerConfig
 );
 
 local render_cluster_config(name, config) =
-  local peerConfigNames = [ o.metadata.name for o in bgppeerconfigs ];
-  local validate_peer_config(iname, pconfig) =
-    local pcfgname = std.get(pconfig, 'peerConfigRef', { name: '' }).name;
-    assert
-      std.member(peerConfigNames, pcfgname)
-      : 'Peer `%s` in BGP instance `%s` in CiliumBGPClusterConfig `%s` ' %
-        [ pconfig.name, iname, name ]
-        + "references CiliumBGPPeerConfig `%s` which doesn't exist" %
-          [ pcfgname ];
-    pconfig;
-  local render_instance(name, iconfig) =
-    local cfg = iconfig {
-      name: name,
-      peers: [
-        validate_peer_config(name, iconfig.peers[pname] { name: pname })
-        for pname in std.objectFields(iconfig.peers)
-      ],
+  if config != null then
+    local peerConfigNames = [ o.metadata.name for o in bgppeerconfigs ];
+    local validate_peer_config(iname, pconfig) =
+      local pcfgname = std.get(pconfig, 'peerConfigRef', { name: '' }).name;
+      assert
+        std.member(peerConfigNames, pcfgname)
+        : 'Peer `%s` in BGP instance `%s` in CiliumBGPClusterConfig `%s` ' %
+          [ pconfig.name, iname, name ]
+          + "references CiliumBGPPeerConfig `%s` which doesn't exist" %
+            [ pcfgname ];
+      pconfig;
+    local render_instance(name, iconfig) =
+      local cfg = iconfig {
+        name: name,
+        peers: [
+          validate_peer_config(name, iconfig.peers[pname] { name: pname })
+          for pname in std.objectFields(iconfig.peers)
+        ],
+      };
+      cfg;
+    {
+      metadata+: std.get(config, 'metadata', {}),
+      spec: {
+        nodeSelector: std.get(config, 'nodeSelector', {}),
+        bgpInstances: std.objectValues(std.mapWithKey(
+          render_instance,
+          config.bgpInstances
+        )),
+      } + com.makeMergeable(std.get(config, 'spec', {})),
     };
-    cfg;
-  {
-    metadata+: std.get(config, 'metadata', {}),
-    spec: {
-      nodeSelector: std.get(config, 'nodeSelector', {}),
-      bgpInstances: std.objectValues(std.mapWithKey(
-        render_instance,
-        config.bgpInstances
-      )),
-    } + com.makeMergeable(std.get(config, 'spec', {})),
-  };
 
 local bgpclusterconfigs = com.generateResources(
   std.mapWithKey(render_cluster_config, params.bgp.cluster_configs),
@@ -123,12 +126,13 @@ local bgpclusterconfigs = com.generateResources(
 
 
 local render_advertisement(name, config) =
-  {
-    metadata+: std.get(config, 'metadata', {}),
-    spec: {
-      advertisements: std.objectValues(std.get(config, 'advertisements', {})),
-    },
-  };
+  if config != null then
+    {
+      metadata+: std.get(config, 'metadata', {}),
+      spec: {
+        advertisements: std.objectValues(std.get(config, 'advertisements', {})),
+      },
+    };
 
 local bgpadvertisements = com.generateResources(
   std.mapWithKey(render_advertisement, params.bgp.advertisements),
diff --git a/tests/bgp-control-plane.yml b/tests/bgp-control-plane.yml
@@ -30,6 +30,7 @@ parameters:
                   peerASN: 64512
                   peerConfigRef:
                     name: lb-services
+        test: null
       peer_configs:
         lb-services:
           spec:
@@ -43,6 +44,7 @@ parameters:
               advertisements:
                 matchLabels:
                   cilium.syn.tools/advertise: bgp
+        test: null
       advertisements:
         lb-services:
           metadata:
@@ -57,13 +59,15 @@ parameters:
               selector:
                 matchLabels:
                   syn.tools/load-balancer-class: cilium
+        test: null
       auth_secrets:
         test:
           data:
             password: foobar
         test2:
           stringData:
             password: foobar
+        foo: null
       loadbalancer_ip_pools:
         lb-services:
           blocks:
