Paul Gascou-Vaillancourtchanged title from Error 404 when editing pre-defined policies in Threat Monitoring to Error 404 when editing policies in Threat Monitoring
changed title from Error 404 when editing pre-defined policies in Threat Monitoring to Error 404 when editing policies in Threat Monitoring
@thiagocsf@lkerr I'm not sure how we want to prioritize this. This seems like a rather serious issue. I'm going to give this a severity2 and assign frontend and backend labels as it's not yet clear where this is coming from exactly.
Paul Gascou-Vaillancourtchanged title from Error 404 when editing policies in Threat Monitoring to Error 404 when editing Cilium policies in Threat Monitoring
changed title from Error 404 when editing policies in Threat Monitoring to Error 404 when editing Cilium policies in Threat Monitoring
After syncing up with @zmartins, it seems like we actually have two slightly different issues here:
One affects non-Cilium network policies: the backend code defaults to Cilium in a few places, which makes it impossible to edit custom network policies that have a kind different than Cilium. I'll create a new issue for this.
The other one seems to be affecting Cilium policies and still needs to be figured out. We might need an access to the production console in order to run a few queries to understand what's going on. Let's investigate in this issue.
I skipped refinement because Paul and Zamir have investigated, so we know roughly what the area of problem is. There's also the guideline to keep investigations for refinement under 1 hour.
@thiagocsf It would be helpful to document the findings of the investigation in this issue in case it's not @pgascouvaillancourt or @zmartins who pick up this bug.
@lkerr@thiagocsf I just wanted to clarify: this bug's cause is still unknown. Zamir and I did investigate over Zoom, and the outcome was that we have 2 different bugs causing 404s when editing policies:
One affects network policies that don't use the default kind (Cilium). Zamir has identified what's causing this, and we have documented what we know in a dedicated issue: #334185 (closed)
There seems to be another bug that causes 404s with any network policy. This should be tracked in the present issue. Unfortunately, we don't know much about this bug except that it exists, so there's not much detail we can add to this issue at this time.
This seems to be a problem due to the dots in the policy name. Rails does not accept dots for :id params by default as mentioned in Rails Guide
By default the :id parameter doesn't accept dots - this is because the dot is used as a separator for formatted routes. If you need to use a dot within an :id add a constraint which overrides this - for example id: /[^/]+/ allows anything except a slash.