From 048b18a50f29cebec321e6403b408d2bb4b14a73 Mon Sep 17 00:00:00 2001
From: Scott Hussey <sh8121@att.com>
Date: Thu, 20 Dec 2018 11:01:31 -0600
Subject: [PATCH] (calico) Add network policy safety valve

- If a rule set in the network policy override for the calico
  chart is empty, it causes the calico-settings job to fail. This
  safety valve should handle the empty list gracefully.

Change-Id: I4b8a39941f05a8eb86734ff129b2d73830883236
---
 calico/templates/bin/_calico-settings.sh.tpl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/calico/templates/bin/_calico-settings.sh.tpl b/calico/templates/bin/_calico-settings.sh.tpl
index 4a058984b..a5821d073 100644
--- a/calico/templates/bin/_calico-settings.sh.tpl
+++ b/calico/templates/bin/_calico-settings.sh.tpl
@@ -75,10 +75,15 @@ EOF
 # Priority: {{ $n }} objects
 {{- range $section, $data := $envAll.Values.networking.policy }}
 {{- if eq (toString $data.priority) (toString $n) }}
+{{/* add a safety check so we don't attempt to run calicoctl with an empty resource set */}}
+{{- if gt (len $data.rules) 0 }}
 # Section: {{ $section }} Priority: {{ $data.priority }} {{ $n }}
 $CTL apply -f - <<EOF
 {{ $data.rules | toYaml }}
 EOF
+{{- else }}
+echo "Skipping empty rules list."
+{{- end }}
 {{- end }}
 {{- end }}
 {{- end }}