fix: report failure if network policy doesn't match any pods

Before, there was no failure reported by the netpol analyzer, if the
matcher on the policy doesn't match any pods.

Signed-off-by: Patrick Pichler <git@patrickpichler.dev>
This commit is contained in:
Patrick Pichler
2023-04-25 12:59:24 +02:00
committed by Patrick Pichler
parent d4dcc7a399
commit 8adde6bf87

View File

@@ -54,23 +54,23 @@ func (NetworkPolicyAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error)
},
},
})
continue
}
// Check if policy is not applied to any pods
podList, err := util.GetPodListByLabels(a.Client.GetClient(), a.Namespace, policy.Spec.PodSelector.MatchLabels)
if err != nil {
return nil, err
}
if len(podList.Items) == 0 {
failures = append(failures, common.Failure{
Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
Sensitive: []common.Sensitive{
{
Unmasked: policy.Name,
Masked: util.MaskString(policy.Name),
} else {
// Check if policy is not applied to any pods
podList, err := util.GetPodListByLabels(a.Client.GetClient(), a.Namespace, policy.Spec.PodSelector.MatchLabels)
if err != nil {
return nil, err
}
if len(podList.Items) == 0 {
failures = append(failures, common.Failure{
Text: fmt.Sprintf("Network policy is not applied to any pods: %s", policy.Name),
Sensitive: []common.Sensitive{
{
Unmasked: policy.Name,
Masked: util.MaskString(policy.Name),
},
},
},
})
})
}
}
if len(failures) > 0 {