Maybe make a test that shows that corrupting the "FieldsV1" isn't good

Actually this test is no longer testing what it did before.
All tests fail for the same reason, something is missing from the managedFields entry.
The manager name is not even covered by the reset anymore but still gets reset.

The test just makes sure a reset happens if anything is invalid.
The details are tested in the decoding tests. I'll simplify this one.

Changed the test quite a bit and it should actually do what it's supposed to do now.

I haven't look at internal yet, but can we get rid of the indirection here? I'd rather avoid having too many "DecodeManagedFields" functions if possible :-)

I looked at it for a bit, but I didn't want to move too much outside the internal package if not needed.
There are a few internal types and decoding functions right now, but in theory we could move everything I think.
We would be splitting up decoding and encoding though, or move encoding as well. But I'm not sure if I want to also expose encoding.
Have a look and tell me what you think, I can do it either way.

Yes, but somewhat unrelated, shouldn't we do something useful if the managedfields is invalid here?

Should we replace emptyManagedFieldsOnErr method with a decodeManagedFieldsOrEmpty, which could be used here?

Shouldn't we keep returning the error here if decoding fails (it is apply)?
What would we want to happen if live is corrupted?
It could only happen if somebody updates it and then applies would fail in the future. I'd say we then should prevent invalid managedFields from getting persisted, what this PR tries to at least make harder.

Right, if the managed fields are corrupted in the apiserver, then someone can't apply anymore. The right thing to do is to restart fresh I would say.

This always returns nil error, does it need to return that?

Yeah, I made it this way for ease of use so it can just wrap the function call for providing the same return values.
So no additional error check or anything is required.

That's good, thanks!