fix: report failure if network policy doesn't match any pods

Before, there was no failure reported by the netpol analyzer, if the matcher on the policy doesn't match any pods. Signed-off-by: Patrick Pichler <git@patrickpichler.dev>
2025-09-16 07:09:33 +00:00 · 2023-04-25 12:59:24 +02:00
parent d4dcc7a399
commit 8adde6bf87
1 changed files with 16 additions and 16 deletions
--- a/pkg/analyzer/netpol.go
+++ b/pkg/analyzer/netpol.go
@@ -54,23 +54,23 @@ func (NetworkPolicyAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error)
 					},
 				},
 			})
-			continue
-		}
-		// Check if policy is not applied to any pods
-		podList, err := util.GetPodListByLabels(a.Client.GetClient(), a.Namespace, policy.Spec.PodSelector.MatchLabels)
-		if err != nil {
-			return nil, err
-		}
-		if len(podList.Items) == 0 {
-			failures = append(failures, common.Failure{
-				Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
-				Sensitive: []common.Sensitive{
-					{
-						Unmasked: policy.Name,
-						Masked:   util.MaskString(policy.Name),
+		} else {
+			// Check if policy is not applied to any pods
+			podList, err := util.GetPodListByLabels(a.Client.GetClient(), a.Namespace, policy.Spec.PodSelector.MatchLabels)
+			if err != nil {
+				return nil, err
+			}
+			if len(podList.Items) == 0 {
+				failures = append(failures, common.Failure{
+					Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
+					Sensitive: []common.Sensitive{
+						{
+							Unmasked: policy.Name,
+							Masked:   util.MaskString(policy.Name),
+						},
 					},
-				},
-			})
+				})
+			}
 		}

 		if len(failures) > 0 {