fixed issue #95

opaprocessor/processorhandler.go

@@ -112,7 +112,9 @@ func (opap *OPAProcessor) processFramework(framework *opapolicy.Framework) (*opa
 		if err != nil {
 			errs = fmt.Errorf("%v\n%s", errs, err.Error())
 		}
-		controlReports = append(controlReports, *controlReport)
+		if controlReport != nil {
+			controlReports = append(controlReports, *controlReport)
+		}
 	}
 	frameworkReport.ControlReports = controlReports
 	return &frameworkReport, errs
@@ -139,6 +141,9 @@ func (opap *OPAProcessor) processControl(control *opapolicy.Control) (*opapolicy
 			ruleReports = append(ruleReports, *ruleReport)
 		}
 	}
+	if len(ruleReports) == 0 {
+		return nil, nil
+	}
 	controlReport.RuleReports = ruleReports
 	return &controlReport, errs
 }

policyhandler/handlepullpolicies.go

@@ -18,14 +18,13 @@ func (policyHandler *PolicyHandler) GetPoliciesFromBackend(notification *opapoli
 		switch rule.Kind {
 		case opapolicy.KindFramework:
 			receivedFramework, recExceptionPolicies, err := policyHandler.getFrameworkPolicies(rule.Name)
-			if err != nil {
-				return nil, nil, fmt.Errorf("kind: %v, name: %s, error: %s", rule.Kind, rule.Name, err.Error())
-			}
 			if receivedFramework != nil {
 				frameworks = append(frameworks, *receivedFramework)
 				if recExceptionPolicies != nil {
 					exceptionPolicies = append(exceptionPolicies, recExceptionPolicies...)
 				}
+			} else if err != nil {
+				return nil, nil, fmt.Errorf("kind: %v, name: %s, error: %s", rule.Kind, rule.Name, err.Error())
 			}
 
 		default:

policyhandler/k8sresources.go

@@ -65,11 +65,8 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 
 	// set labels
 	listOptions := metav1.ListOptions{}
-	if excludedNamespaces != "" && k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
-		excludedNamespacesSlice := strings.Split(excludedNamespaces, ",")
-		for _, excludedNamespace := range excludedNamespacesSlice {
-			listOptions.FieldSelector += "metadata.namespace!=" + excludedNamespace + ","
-		}
+	if excludedNamespaces != "" {
+		setFieldSelector(&listOptions, resource, excludedNamespaces)
 	}
 	if len(labels) > 0 {
 		set := k8slabels.Set(labels)
@@ -93,3 +90,18 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 	return result.Items, nil
 
 }
+
+func setFieldSelector(listOptions *metav1.ListOptions, resource *schema.GroupVersionResource, excludedNamespaces string) {
+	fieldSelector := "metadata."
+	if resource.Resource == "namespaces" {
+		fieldSelector += "name"
+	} else if k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
+		fieldSelector += "namespace"
+	} else {
+		return
+	}
+	excludedNamespacesSlice := strings.Split(excludedNamespaces, ",")
+	for _, excludedNamespace := range excludedNamespacesSlice {
+		listOptions.FieldSelector += fmt.Sprintf("%s!=%s,", fieldSelector, excludedNamespace)
+	}
+}