fix: use strict_booleans to avoid YAML 1.1 boolean key parsing#52
Merged
andyyu2004 merged 2 commits intoandyyu2004:masterfrom Apr 1, 2026
Merged
Conversation
Enable `strict_booleans` in serde-saphyr options so that only
`true`/`false` are parsed as booleans (YAML 1.2 behavior).
YAML 1.1 treats `on`/`off`/`yes`/`no` as booleans, which causes
`#[serde(flatten)]` to fail when these words appear as map keys in
Kubernetes CRD resources. The flatten buffering layer stores the key
as boolean `true`, then errors with "expected a string key" when
reconstructing the `Map<String, Value>`.
This was hit in practice with a PostgresPolicy CRD that uses an `on`
field in grant definitions:
grants:
- on: { type: schema }
privileges: [USAGE]
With this fix, `on` is treated as a plain string key while `login: true`
and `inherit: false` continue to work as booleans.
Owner
|
I thought I had test cases for this. Can you make sure to add a regression test. Does kustomize not suffer from the same issue? I'm pretty sure kubernetes uses yaml 1.1 |
andyyu2004
reviewed
Apr 1, 2026
Owner
|
Ok, looks good regarding existing tests. I would like a few more testing these yaml 1.1 vs 1.2 cases to ensure compat with kustomize, then will be happy to approve. |
…olean key - Make options a `const DESER_OPTS` instead of a function - Add regression test with a CRD using `on:` as a map key alongside `login: true` and `inherit: false` boolean values
Contributor
Author
|
Thanks for the quick review, pushed updates:
Re: kustomize compatibility, kustomize (Go) uses |
Owner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Kustomizer fails to parse Kubernetes CRD resources that use YAML 1.1 boolean words (
on,off,yes,no) as map keys:This happens because serde-saphyr defaults to YAML 1.1 boolean parsing, where
onis parsed as booleantrue. When#[serde(flatten)]in theResstruct buffers map entries, the boolean key can't be deserialized into theMap<String, Value>which requires string keys.Reproduction
Any CRD with
on:as a field name triggers this. For example, the pgrolesPostgresPolicyCRD usesonin grant definitions:Fix
Enable
strict_booleans: trueinserde_saphyr::Options. This switches to YAML 1.2 behavior where onlytrue/falseare booleans. Fields likelogin: trueandinherit: falsecontinue to work correctly, whileon/off/yes/noare treated as plain strings.This also avoids the broader Norway problem class of YAML 1.1 issues.
Test plan
PostgresPolicyCRD parsing failurecargo test --libpasses (9/9 unit tests)kustomizebinary and are unrelated to this change