fixup: create relevant ns in fake cluster

Signed-off-by: Janelle Law <[email protected]>

Author: jan-law

pkg/dryrun/dryrun.go

@@ -690,7 +690,32 @@ func (d *DryRunner) readFromCluster(
 		return nil, errors.New("no object templates found in policy")
 	}
 
-	return resolveObjectTemplates(ctx, cfgPolicy, realClusterRec, tmplResolver)
+	// Copy relevant objects to inputResources
+	inputResources, err := resolveObjectTemplates(ctx, cfgPolicy, realClusterRec, tmplResolver)
+	if err != nil {
+		return nil, err
+	}
+
+	// Copy relevant namespaces to inputResources
+	relevantNamespaces, err := realClusterRec.SelectorReconciler.Get(
+		cfgPolicy.Namespace, cfgPolicy.Name, cfgPolicy.Spec.NamespaceSelector)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ns := range relevantNamespaces {
+		inputResources = append(inputResources, &unstructured.Unstructured{
+			Object: map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "Namespace",
+				"metadata": map[string]interface{}{
+					"name": ns,
+				},
+			},
+		})
+	}
+
+	return inputResources, nil
 }
 
 // FIXME some clients have write access to the cluster, but we want to restrict them to read-only?
@@ -777,7 +802,7 @@ func resolveObjectTemplatesRaw(
 	}
 
 	if !templates.HasTemplate(objRawBytes, "", true) {
-		err := json.Unmarshal(objRawBytes, &cfgPolicy.Spec.ObjectTemplates)
+		err := k8syaml.Unmarshal(objRawBytes, &cfgPolicy.Spec.ObjectTemplates)
 		if err != nil {
 			return fmt.Errorf("failed to parse object-templates-raw: %w", err)
 		}