/
psa-validation.go
44 lines (39 loc) · 1.7 KB
/
psa-validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package validation
import "k8s.io/utils/strings/slices"
const (
// EnforceLabel is a that governs the PSS that is enforced for a namespace
EnforceLabel = "pod-security.kubernetes.io/enforce"
// EnforceVersionLabel is a label that governs the PSS version that is enforced for a namespace
EnforceVersionLabel = "pod-security.kubernetes.io/enforce-version"
// AuditLabel is a label that governs the PSS that is used for auditing a namespace
AuditLabel = "pod-security.kubernetes.io/audit"
// AuditVersionLabel is a label that governs the PSS version that is used for auditing a namespace
AuditVersionLabel = "pod-security.kubernetes.io/audit-version"
// WarnLabel is a label that governs the PSS that is used for warning about PSA violations in a namespace
WarnLabel = "pod-security.kubernetes.io/warn"
// WarnVersionLabel is a label that governs the PSS version that is used for warning about PSA violations in a namespace
WarnVersionLabel = "pod-security.kubernetes.io/warn-version"
)
var psaLabels = []string{
EnforceLabel, EnforceVersionLabel, AuditLabel, AuditVersionLabel, WarnLabel, WarnVersionLabel,
}
// IsUpdatingPSAConfig will indicate whether or not the labels being passed in
// are attempting to update PSA-related configuration.
func IsUpdatingPSAConfig(old map[string]string, new map[string]string) bool {
for _, label := range psaLabels {
if old[label] != new[label] {
return true
}
}
return false
}
// IsCreatingPSAConfig will indicate whether or not the labels being passed in
// are attempting to create PSA-related configuration.
func IsCreatingPSAConfig(new map[string]string) bool {
for label := range new {
if slices.Contains(psaLabels, label) {
return true
}
}
return false
}