From 4492325a0e661fad063199e0676347836dc37b76 Mon Sep 17 00:00:00 2001
From: Simone Tiraboschi <stirabos@redhat.com>
Date: Fri, 7 Oct 2022 18:12:03 +0200
Subject: [PATCH] [release-1.7] Enable PSA FG on Kubevirt (#2104)

Enable PSA FG on Kubevirt to be compatible with
k8s >= 1.24 and derivates with PSA in enforcing mode.

Once available also in older versions of Kubevirt,
we will have also to backport it to release-1.6
and release-1.7.

This is a manual cherry-pick of #2093

Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>

Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
---
 controllers/hyperconverged/hyperconverged_controller_test.go | 1 +
 controllers/operands/kubevirt.go                             | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/controllers/hyperconverged/hyperconverged_controller_test.go b/controllers/hyperconverged/hyperconverged_controller_test.go
index 508f555b6..49e793ff7 100644
--- a/controllers/hyperconverged/hyperconverged_controller_test.go
+++ b/controllers/hyperconverged/hyperconverged_controller_test.go
@@ -209,6 +209,7 @@ var _ = Describe("HyperconvergedController", func() {
 					"ExpandDisks",
 					"NUMA",
 					"WithHostPassthroughCPU",
+					"PSA",
 				}
 				// Get the KV
 				kvList := &kubevirtcorev1.KubeVirtList{}
diff --git a/controllers/operands/kubevirt.go b/controllers/operands/kubevirt.go
index 8624bafb9..cf423c3ba 100644
--- a/controllers/operands/kubevirt.go
+++ b/controllers/operands/kubevirt.go
@@ -91,6 +91,9 @@ const (
 
 	// Allow automatic numa mapping on VMs with dedicated CPUs, if requested
 	kvNUMA = "NUMA"
+
+	// enable Pod Security Admission handling
+	kvPSA = "PSA"
 )
 
 var (
@@ -107,6 +110,7 @@ var (
 		kvDownwardMetricsGate,
 		kvNUMA,
 		kvLiveMigrationGate,
+		kvPSA,
 	}
 
 	// holds a list of mandatory KubeVirt feature gates. Some of them are the hard coded feature gates and some of