diff --git a/pkg/kube/object.go b/pkg/kube/object.go index f7decf795..3c8d35194 100644 --- a/pkg/kube/object.go +++ b/pkg/kube/object.go @@ -452,9 +452,11 @@ func (o *ObjectResolver) getActiveReplicaSetByDeployment(ctx context.Context, ob return "", fmt.Errorf("getting deployment %q: %w", object.Namespace+"/"+object.Name, err) } var rsList appsv1.ReplicaSetList - err = o.Client.List(ctx, &rsList, client.MatchingLabelsSelector{ - Selector: labels.SelectorFromSet(deploy.Spec.Selector.MatchLabels), - }) + err = o.Client.List(ctx, &rsList, + client.InNamespace(deploy.Namespace), + client.MatchingLabelsSelector{ + Selector: labels.SelectorFromSet(deploy.Spec.Selector.MatchLabels), + }) if err != nil { return "", fmt.Errorf("listing replicasets for deployment %q: %w", object.Name, err) } diff --git a/pkg/plugin/conftest/plugin_test.go b/pkg/plugin/conftest/plugin_test.go index fd7100da2..48ad6e089 100644 --- a/pkg/plugin/conftest/plugin_test.go +++ b/pkg/plugin/conftest/plugin_test.go @@ -76,14 +76,14 @@ func TestConfig_GetPoliciesByKind(t *testing.T) { "conftest.library.utils.rego": "", "conftest.policy.access_to_host_pid.rego": "", "conftest.policy.cpu_not_limited.rego": "", - "configmap_with_sensitive_data.rego": "", - "configmap_with_secret_data.rego": "", + "conftest.policy.configmap_with_sensitive_data.rego": "", + "conftest.policy.configmap_with_secret_data.rego": "", "conftest.policy.object_without_recommended_labels.rego": "", "conftest.policy.access_to_host_pid.kinds": "Pod,ReplicaSet", "conftest.policy.cpu_not_limited.kinds": "Workload", - "configmap_with_sensitive_data.kinds": "ConfigMap", - "configmap_with_secret_data.kinds": "ConfigMap", + "conftest.policy.configmap_with_sensitive_data.kinds": "ConfigMap", + "conftest.policy.configmap_with_secret_data.kinds": "ConfigMap", "conftest.policy.object_without_recommended_labels.kinds": "*", // This one should be skipped (no .rego suffix) @@ -99,8 +99,8 @@ func TestConfig_GetPoliciesByKind(t *testing.T) { "conftest.policy.object_without_recommended_labels.rego": "", })) g.Expect(config.GetPoliciesByKind("ConfigMap")).To(Equal(map[string]string{ - "configmap_with_sensitive_data.rego": "", - "configmap_with_secret_data.rego": "", + "conftest.policy.configmap_with_sensitive_data.rego": "", + "conftest.policy.configmap_with_secret_data.rego": "", "conftest.policy.object_without_recommended_labels.rego": "", })) })