Skip to content

fix: PolicyBinding status update loop on subject validation failures#59

Open
JoseSzycho wants to merge 2 commits intomainfrom
fix/spiral-updates
Open

fix: PolicyBinding status update loop on subject validation failures#59
JoseSzycho wants to merge 2 commits intomainfrom
fix/spiral-updates

Conversation

@JoseSzycho
Copy link
Contributor

@JoseSzycho JoseSzycho commented Nov 7, 2025

Description:

Root cause

  • When subjects were invalid (e.g., User not found), the subject validation helper set Ready=False and immediately wrote status.
  • Later in the same Reconcile pass, the main loop also set Ready (with a different, more generic message) and wrote status again.
  • Because oldStatus is captured once at the start of Reconcile, both writes looked like real changes. Each write emitted an update event, which re-enqueued the resource and caused another Reconcile. On the next pass, the helper would write its detailed Ready message again, and the main loop would overwrite it—creating a ping‑pong that never converged.

Changes

  • Subject validation helper now only sets SubjectValid=False in-memory (Reason=ValidationFailed); it no longer calls Status().Update.
  • The main Reconcile path is responsible for setting Ready=False and persisting status once for this failure path.

Impact

  • Eliminates redundant status writes and the resulting reconcile thrashing.
  • No functional changes to OpenFGA reconciliation.

@JoseSzycho JoseSzycho requested a review from scotwells November 7, 2025 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scotwells scotwells scotwells approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JoseSzycho @scotwells