Skip to content

Commit

Permalink
fix: list active ReplicaSets in the given namespace (aquasecurity#804)
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Nov 10, 2021
1 parent 6a4a574 commit 6093bc4
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 9 deletions.
8 changes: 5 additions & 3 deletions pkg/kube/object.go
Original file line number Diff line number Diff line change
Expand Up @@ -452,9 +452,11 @@ func (o *ObjectResolver) getActiveReplicaSetByDeployment(ctx context.Context, ob
return "", fmt.Errorf("getting deployment %q: %w", object.Namespace+"/"+object.Name, err)
}
var rsList appsv1.ReplicaSetList
err = o.Client.List(ctx, &rsList, client.MatchingLabelsSelector{
Selector: labels.SelectorFromSet(deploy.Spec.Selector.MatchLabels),
})
err = o.Client.List(ctx, &rsList,
client.InNamespace(deploy.Namespace),
client.MatchingLabelsSelector{
Selector: labels.SelectorFromSet(deploy.Spec.Selector.MatchLabels),
})
if err != nil {
return "", fmt.Errorf("listing replicasets for deployment %q: %w", object.Name, err)
}
Expand Down
12 changes: 6 additions & 6 deletions pkg/plugin/conftest/plugin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,14 @@ func TestConfig_GetPoliciesByKind(t *testing.T) {
"conftest.library.utils.rego": "<REGO_B>",
"conftest.policy.access_to_host_pid.rego": "<REGO_C>",
"conftest.policy.cpu_not_limited.rego": "<REGO_D>",
"configmap_with_sensitive_data.rego": "<REGO_E>",
"configmap_with_secret_data.rego": "<REGO_F>",
"conftest.policy.configmap_with_sensitive_data.rego": "<REGO_E>",
"conftest.policy.configmap_with_secret_data.rego": "<REGO_F>",
"conftest.policy.object_without_recommended_labels.rego": "<REGO_G>",

"conftest.policy.access_to_host_pid.kinds": "Pod,ReplicaSet",
"conftest.policy.cpu_not_limited.kinds": "Workload",
"configmap_with_sensitive_data.kinds": "ConfigMap",
"configmap_with_secret_data.kinds": "ConfigMap",
"conftest.policy.configmap_with_sensitive_data.kinds": "ConfigMap",
"conftest.policy.configmap_with_secret_data.kinds": "ConfigMap",
"conftest.policy.object_without_recommended_labels.kinds": "*",

// This one should be skipped (no .rego suffix)
Expand All @@ -99,8 +99,8 @@ func TestConfig_GetPoliciesByKind(t *testing.T) {
"conftest.policy.object_without_recommended_labels.rego": "<REGO_G>",
}))
g.Expect(config.GetPoliciesByKind("ConfigMap")).To(Equal(map[string]string{
"configmap_with_sensitive_data.rego": "<REGO_E>",
"configmap_with_secret_data.rego": "<REGO_F>",
"conftest.policy.configmap_with_sensitive_data.rego": "<REGO_E>",
"conftest.policy.configmap_with_secret_data.rego": "<REGO_F>",
"conftest.policy.object_without_recommended_labels.rego": "<REGO_G>",
}))
})
Expand Down

0 comments on commit 6093bc4

Please sign in to comment.