fix(kyaml/yaml): minor nil safety fix for RNode.Content etc #5985

joeycumines · 2025-09-17T11:45:24Z

The RNode.YNode method appears to make an effort to be "nil-safe". This change applies the same sort of behavior to a subset of other methods, e.g. RNode.Content, which access fields on the value returned by that method.

N.B. This change was originally prepared based on v5.4.2, as panics were observed when applying patches, using the kustomize command, indirectly, via skaffold. I didn't go as far as to determine what specifically was happening there, and whatever issue was present is notably resolved, as of v5.7.1.

With the above in mind, please close this PR if this change is not relevant or desirable 😄

…l-safe" This change is addressing observed panics within kustomize that obscure the actual failure. The primary observed problem case involves RNode.Content.

k8s-ci-robot · 2025-09-17T11:45:27Z

This PR has multiple commits, and the default merge method is: merge.
You can request commits to be squashed using the label: tide/merge-method-squash

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot · 2025-09-17T11:45:33Z

Welcome @joeycumines!

It looks like this is your first PR to kubernetes-sigs/kustomize 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/kustomize has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot · 2025-09-17T11:45:35Z

Hi @joeycumines. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

koba1t

Thanks for your contribution!
Changing to nil safe seems like an entirely welcome change.

I added a few review comments, please check that.

koba1t · 2025-09-29T02:52:25Z

kyaml/yaml/rnode.go


 // Content returns Node Content field.
 func (rn *RNode) Content() []*yaml.Node {
-	if rn == nil {


Please remain to check if rn == nil

@koba1t do you still want this check retained with the knowledge that:

// YNode returns the yaml.Node value. If the yaml.Node value is a DocumentNode, // YNode will return the DocumentNode Content entry instead of the DocumentNode. func (rn *RNode) YNode() *yaml.Node { if rn == nil || rn.value == nil { return nil }

will achieve the same?

I think so.

Additionally, Please add a test to check if rn == nil.

There is already a test for that @koba1t.

The test I already added has two cases, one of which is where rn == nil.

koba1t · 2025-09-29T02:55:30Z

kyaml/yaml/rnode.go

-	if rn.YNode().Kind != yaml.MappingNode {
-		return nil
+	if yNode := rn.YNode(); yNode != nil {
+		if yNode.Kind != yaml.MappingNode {


Please don't make the indent too deep here.
I think it's better to first store the value in the local variable of yNode and then check with if yNode == nil in an early-return format.

koba1t · 2025-09-29T02:55:54Z

kyaml/yaml/rnode.go

-	if rn == nil {
-		return nil
+	if yNode := rn.YNode(); yNode != nil {
+		return yNode.Content


Same.
I think it's better to first store the value in the local variable of yNode and then check with if yNode == nil in an early-return format.

koba1t · 2025-09-29T02:56:39Z

kyaml/yaml/rnode.go

-	elem, err := rn.Pipe(MatchElement(key, value))
-	if err != nil {
-		return nil
+	if yNode := rn.YNode(); yNode != nil {


koba1t · 2025-09-29T02:56:47Z

kyaml/yaml/rnode.go

-	elem, err := rn.Pipe(MatchElementList(keys, values))
-	if err != nil {
-		return nil
+	if yNode := rn.YNode(); yNode != nil {


koba1t · 2025-09-29T02:57:48Z

kyaml/yaml/rnode_test.go

+	// Both of these scenarios should cause rn.YNode() to return nil.
+	nodesToTest := [...]struct {
+		name string
+		rn   *RNode


Please add a test case that rn is nil

There is one :) it tests both:

{"nil *RNode receiver", nil}, {"RNode with nil internal node", &RNode{value: nil}},

joeycumines · 2025-10-06T02:00:40Z

@koba1t I've updated the style of the guards per your request, please re-review / see my replies to your other comments :)

koba1t · 2025-10-06T20:58:12Z

/ok-to-test

koba1t · 2025-11-03T02:22:09Z

Thank you. Your explanation helped me understand what this test is doing.

koba1t · 2025-11-03T02:22:31Z

/lgtm
/approve

k8s-ci-robot · 2025-11-03T02:22:45Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joeycumines, koba1t

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [koba1t]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

…es-sigs#5985) * Fix kyaml/yaml field access deref nil value for methods that look "nil-safe" This change is addressing observed panics within kustomize that obscure the actual failure. The primary observed problem case involves RNode.Content. * Fix test case * Fixes from review

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [kubernetes-sigs/kustomize](https://github.com/kubernetes-sigs/kustomize) | minor | `v5.7.1` -> `v5.8.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>kubernetes-sigs/kustomize (kubernetes-sigs/kustomize)</summary> ### [`v5.8.0`](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize/v5.8.0) [Compare Source](kubernetes-sigs/kustomize@kustomize/v5.7.1...kustomize/v5.8.0) ### Highlights ##### implements to replacements value in the structured data Now, We can edit yaml/json in yaml manifests with replacements transformer. See [#5679](kubernetes-sigs/kustomize#5679) ##### For example ```yaml ## source apiVersion: v1 kind: ConfigMap metadata: name: source-configmap data: HOSTNAME: www.example.com --- apiVersion: v1 kind: ConfigMap metadata: name: target-configmap data: config.json: |- {"config": { "id": "42", "hostname": "REPLACE_TARGET_HOSTNAME" }} ``` ```yaml ## replacement replacements: - source: kind: ConfigMap name: source-configmap fieldPath: data.HOSTNAME targets: - select: kind: ConfigMap name: target-configmap fieldPaths: - data.config\.json.config.hostname ``` ##### fix: Propagate Namespace correctly to Helm The long-standing bug where kustomize's namespace transformer did not pass namespaces to helmCharts has been fixed. See [#5940](kubernetes-sigs/kustomize#5940) ##### For example ```yaml ## define namespace namespace: any-namespace helmCharts: - name: minecraft repo: https://kubernetes-charts.storage.googleapis.com version: v1.2.0 # namespace: any-namespace ## propagates without additional namespace specific valuesFile: values.yaml ``` #### Feature [#5679](kubernetes-sigs/kustomize#5679): implements to replacements value in the structured data [#5863](kubernetes-sigs/kustomize#5863): Add regex support for Replacement selectors [#5930](kubernetes-sigs/kustomize#5930): feat: add PatchArgs API type to populate patch options #### fix [#5940](kubernetes-sigs/kustomize#5940): fix: Propagate Namespace correctly to Helm [#5971](kubernetes-sigs/kustomize#5971): fix: performance recession when propagating namespace to helm [#5942](kubernetes-sigs/kustomize#5942): fix fnplugin storagemounts validation [#5958](kubernetes-sigs/kustomize#5958): fix: make AbsorbAll conflict error more verbose [#5961](kubernetes-sigs/kustomize#5961): refactor: nested format string [#5967](kubernetes-sigs/kustomize#5967): Fix infinite loop in HTTP client by validating URLs before requests [#5985](kubernetes-sigs/kustomize#5985): fix(kyaml/yaml): minor nil safety fix for RNode.Content etc [#5991](kubernetes-sigs/kustomize#5991): Fix duplicate key error when adding multiple labels with --without-selector #### Dependencies [#5962](kubernetes-sigs/kustomize#5962): chore: update dependencies from security alert [#5959](kubernetes-sigs/kustomize#5959): update go 1.24.6 #### chore [#6007](kubernetes-sigs/kustomize#6007): Update kyaml to v0.21.0 [#6008](kubernetes-sigs/kustomize#6008): Update cmd/config to v0.21.0 [#6009](kubernetes-sigs/kustomize#6009): Update api to v0.21.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

…es-sigs#5985) * Fix kyaml/yaml field access deref nil value for methods that look "nil-safe" This change is addressing observed panics within kustomize that obscure the actual failure. The primary observed problem case involves RNode.Content. * Fix test case * Fixes from review

joeycumines added 2 commits September 17, 2025 21:05

Fix kyaml/yaml field access deref nil value for methods that look "ni…

f9b1b11

…l-safe" This change is addressing observed panics within kustomize that obscure the actual failure. The primary observed problem case involves RNode.Content.

Fix test case

cedb6f5

k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 17, 2025

k8s-ci-robot requested review from koba1t and varshaprasad96 September 17, 2025 11:45

k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 17, 2025

k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 17, 2025

koba1t requested changes Sep 29, 2025

View reviewed changes

joeycumines added 2 commits October 6, 2025 11:27

Merge remote-tracking branch 'upstream/master' into fix-panic-1

d4a22a0

Fixes from review

522ff9b

joeycumines requested a review from koba1t October 6, 2025 01:59

k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 6, 2025

koba1t added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Oct 6, 2025

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 6, 2025

k8s-ci-robot assigned koba1t Nov 3, 2025

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 3, 2025

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 3, 2025

k8s-ci-robot merged commit 8761791 into kubernetes-sigs:master Nov 3, 2025
11 checks passed

fix(kyaml/yaml): minor nil safety fix for RNode.Content etc #5985

fix(kyaml/yaml): minor nil safety fix for RNode.Content etc #5985

Conversation

joeycumines commented Sep 17, 2025

Uh oh!

k8s-ci-robot commented Sep 17, 2025

Uh oh!

k8s-ci-robot commented Sep 17, 2025

Uh oh!

k8s-ci-robot commented Sep 17, 2025

Uh oh!

koba1t left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

joeycumines commented Oct 6, 2025

Uh oh!

koba1t commented Oct 6, 2025

Uh oh!

koba1t commented Nov 3, 2025

Uh oh!

koba1t commented Nov 3, 2025

Uh oh!

k8s-ci-robot commented Nov 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants