Add namespace check for workload connection in gateway rules

rules/exposure-to-internet-via-gateway-api/raw.rego

@@ -56,6 +56,11 @@ is_exposed_service(svc) {
     svc.spec.type == "LoadBalancer"
 }
 
+
+wl_connected_to_service(wl, svc) {
+    wl.metadata.namespace == svc.metadata.namespace
+}
+
 wl_connected_to_service(wl, svc) {
     count({x | svc.spec.selector[x] == wl.metadata.labels[x]}) == count(svc.spec.selector)
 }

rules/exposure-to-internet-via-istio-ingress/raw.rego

@@ -141,6 +141,11 @@ is_exposed_service(svc) {
     svc.spec.type == "LoadBalancer"
 }
 
+
+wl_connected_to_service(wl, svc) {
+    wl.metadata.namespace == svc.metadata.namespace
+}
+
 wl_connected_to_service(wl, svc) {
     count({x | svc.spec.selector[x] == wl.metadata.labels[x]}) == count(svc.spec.selector)
 }

rules/unauthenticated-service/raw.rego

@@ -34,6 +34,11 @@ has_unauthenticated_service(service_name, namespace, service_scan_result) if {
 	service_scan_result.spec.ports[_].authenticated == false
 }
 
+
+wl_connected_to_service(wl, svc) {
+    wl.metadata.namespace == svc.metadata.namespace
+}
+
 wl_connected_to_service(wl, svc) if {
 	count({x | svc.spec.selector[x] == wl.metadata.labels[x]}) == count(svc.spec.selector)
 }