Fixes#1617. The kustomize build was failing for overlays that reference
base configurations in parent directories (e.g., ../../base). This was
because krusty.MakeDefaultOptions() defaults to LoadRestrictionsRootOnly,
which prevents loading resources from outside the kustomize directory.
Changed LoadRestrictions to LoadRestrictionsNone to allow overlays to
properly resolve and merge base configurations during scanning.
Added tests to verify:
- Overlay directories can successfully load resources from base directories
- Base directories continue to work as before
- The merged configuration includes resources from both base and overlay
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
* support scanning scope
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update go mod
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update white list
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update go mod
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* scope empty return control should tested
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update rego scope for system test
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update test + mock
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* add comment
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update rego library
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update k8s-interface
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update opa utils - lots of file changes in this commit since armoapi-go bump up in opa-utils
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* move to temp k8s-interface - till PR in k8s-interface repo will approved
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update k8s-interface with released tag
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update go mod in httphandler
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* PR review corrections
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* change test name
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* scanning scope support for framework
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* test/mock adjustments after merge
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* add more informative log to the user
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update go.mod and go.sum of the http handler
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* remove framework just scanning scope not matched to framework config scope
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* add system tests to workflow
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* add system test to github workflow
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
---------
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
Signed-off-by: David Wertenteil <dwertent@armosec.io>
Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
Co-authored-by: David Wertenteil <dwertent@armosec.io>
