Not able to create statefulset without storageclass with policy k8sallowedstorageclas is used

[Sarvindhreddy]

We have a specific requirement that though we have a k8sallowed storage class policy in place which checks for allowing only specific storage classes, we also want to allow if an user doesn't want to use a storage class at all. a current policy rule is blocking if the user doesn't specify a storage class/persistent volume.

we suspect the below code can be modified to give the option to the user whether to use allowed storage classes or not to use them at all.

# When storageclassname is not defined
violation[{"msg": msg}] {
    input.review.object.kind == "StatefulSet"
    # check storageclassname is not empty
    input_value := {i|i := input.review.object.spec[x[][_[][_[][y[]; x== "volumeClaimTemplates"; y=="storageClassName"}
    count(input_value) == 0
    msg := "[Code 005.allowed-storageclasses[]: storage class not defined is not allowed. Allowed storage classes: disk-ssd, disk-ssd-retain, disk-hdd.
    } 

it would be helpful if you could modify the above condition to allow when a user doesn't want a sc for stateful set.

[stale]

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.