From babdab907897f94b25479abbd58432657d724728 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Fri, 17 May 2024 16:22:37 +0200
Subject: [PATCH] genpolicy: detect empty string in ns as default

In Kubernetes, the following values for namespace are equivalent and all refer to the default namespace:

- ` ` (namespace field missing)
- `namespace: ""` (namespace field is the empty string)
- `namespace: "default"`(namespace field has the explicit value `default`)

Genpolicy currently does not handle the empty string case correctly.

Signed-Off-By: Malte Poll <1780588+malt3@users.noreply.github.com>
---
 src/tools/genpolicy/src/policy.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
index 87b78adda6..e0bde0efb9 100644
--- a/src/tools/genpolicy/src/policy.rs
+++ b/src/tools/genpolicy/src/policy.rs
@@ -481,14 +481,14 @@ impl AgentPolicy {
         let mut root = c_settings.Root.clone();
         root.Readonly = yaml_container.read_only_root_filesystem();
 
-        let namespace = if let Some(ns) = resource.get_namespace() {
-            ns
-        } else {
-            self.config
+        let namespace = match resource.get_namespace() {
+            Some(ns) if !ns.is_empty() => ns,
+            _ => self
+                .config
                 .settings
                 .cluster_config
                 .default_namespace
-                .clone()
+                .clone(),
         };
 
         let use_host_network = resource.use_host_network();