From b8017fc63e21aef7d55ab7ceecf753e4a69f5779 Mon Sep 17 00:00:00 2001
From: Max Smythe <smythe@google.com>
Date: Tue, 23 Aug 2022 16:56:06 -0700
Subject: [PATCH] fix: Namespace should be nil for audited cluster-scoped
 resources

Signed-off-by: Max Smythe <smythe@google.com>
---
 pkg/audit/manager.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/audit/manager.go b/pkg/audit/manager.go
index 207ba621ac7..6baa65adaf9 100644
--- a/pkg/audit/manager.go
+++ b/pkg/audit/manager.go
@@ -507,17 +507,18 @@ func (am *Manager) reviewObjects(ctx context.Context, kind string, folderCount i
 				continue
 			}
 			objNs := objFile.GetNamespace()
-			ns := corev1.Namespace{}
+			var ns *corev1.Namespace
 			if objNs != "" {
-				ns, err = nsCache.Get(ctx, am.client, objNs)
+				nsRef, err := nsCache.Get(ctx, am.client, objNs)
 				if err != nil {
 					am.log.Error(err, "Unable to look up object namespace", "objNs", objNs)
 					continue
 				}
+				ns = &nsRef
 			}
 			augmentedObj := target.AugmentedUnstructured{
 				Object:    *objFile,
-				Namespace: &ns,
+				Namespace: ns,
 			}
 			resp, err := am.opa.Review(ctx, augmentedObj)
 			if err != nil {