fix: prevent panic on nil APIResource in permission validator#26610
Merged
rumstead merged 1 commit intoargoproj:masterfrom Mar 18, 2026
Merged
fix: prevent panic on nil APIResource in permission validator#26610rumstead merged 1 commit intoargoproj:masterfrom
rumstead merged 1 commit intoargoproj:masterfrom
Conversation
❌ Preview Environment deleted from BunnyshellAvailable commands (reply to this comment):
|
loafoe
force-pushed
the
fix/nil-apiresource-panic-26608
branch
2 times, most recently
from
4810e24 to
5159d37
Compare
loafoe
force-pushed
the
fix/nil-apiresource-panic-26608
branch
from
5159d37 to
5a8c1eb
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #26610 +/- ##
==========================================
+ Coverage 63.15% 63.17% +0.02%
==========================================
Files 414 414
Lines 56444 56448 +4
==========================================
+ Hits 35645 35659 +14
+ Misses 17428 17422 -6
+ Partials 3371 3367 -4 ☔ View full report in Codecov by Sentry. |
loafoe
force-pushed
the
fix/nil-apiresource-panic-26608
branch
from
5a8c1eb to
5343207
Compare
ppapapetrou76
approved these changes
Feb 26, 2026
Contributor
ppapapetrou76
left a comment
ppapapetrou76
left a comment
There was a problem hiding this comment.
#LGTM 🏅 - thanks for addressing my comments
loafoe
force-pushed
the
fix/nil-apiresource-panic-26608
branch
5 times, most recently
from
5f5c615 to
c660449
Compare
Add a nil check for the APIResource parameter in the permission validator callback to prevent panic when API server connectivity is interrupted during sync operations. Extracted the function for testability. Added Unit Tests. Fixes argoproj#26608 Signed-off-by: Andy Lo-A-Foe <andy.loafoe@gmail.com>
loafoe
force-pushed
the
fix/nil-apiresource-panic-26608
branch
from
c660449 to
c5fa609
Compare
rumstead
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
APIResourceparameter in permission validator callback to prevent panic during API server connectivity issuesDetails
When syncing an application with
CreateNamespace=trueand the control-plane becomes temporarily unreachable (e.g., during k3s control plane refresh), the API resource discovery can fail in a way that results in a nil*metav1.APIResourcebeing passed to the permission validator callback. This causes a nil pointer dereference panic atcontroller/sync.go:311.The fix adds a defensive nil check that returns a meaningful error instead of panicking, allowing the sync to fail gracefully and be retried.
Test plan
Fixes #26608