From fa27575a0fabce390310aff055549741eeb6c2e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20PEREZ?= <kevin.perez@ca-gip.fr>
Date: Fri, 5 Jan 2024 10:01:15 +0100
Subject: [PATCH] final

---
 Readme.md                   | 4 ++++
 internal/utils/constants.go | 2 ++
 internal/utils/helpers.go   | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Readme.md b/Readme.md
index c2437c1..6fa3821 100755
--- a/Readme.md
+++ b/Readme.md
@@ -105,6 +105,10 @@ For specific exceptions, add another network policy.
 |  **CUSTOM_LABELS**                 | *Add custom labels to namespaces*    | `quota=managed,monitoring=true`  | `no   `     | -           |
 |  **DEFAULT_PERMISSION**            | *ClusterRole associated with default service account*    | `view`       | `no   `     | -           |
 |  **BLACKLIST**                     | *Ignore Project*                     | `my-project-dev`                 | `no   `     | -           |
+|  **PODSECURITYADMISSION_ENFORCEMENT**                     | *PodSecurityAdmission  Enforcement*                     | `restricted`                 | `no   `     | `baseline  `           |
+|  **PODSECURITYADMISSION_WARNING**                     | *PodSecurityAdmission Warning*                     | `restricted`                 | `no   `     | `restricted  `           |
+|  **PODSECURITYADMISSION_AUDIT**                     | *PodSecurityAdmission Audit*                     | `restricted`                 | `no   `     | `restricted  `           |
+|  **PRIVILEGED_NAMESPACES**                     | *Namespaces allowed to use privileged annotation*                     | `native-development`                 | `no   `     | -           |
 
 ## Versioning
  
diff --git a/internal/utils/constants.go b/internal/utils/constants.go
index 97f7e85..1bdb74f 100644
--- a/internal/utils/constants.go
+++ b/internal/utils/constants.go
@@ -55,6 +55,8 @@ const (
 	PodSecurityAdmissionEnforcement = "baseline"
 	PodSecurityAdmissionWarning     = "restricted"
 	PodSecurityAdmissionAudit       = "restricted"
+
+	PodSecurityPrivileged = "privileged"
 )
 
 var BlacklistedNamespaces = []string{
diff --git a/internal/utils/helpers.go b/internal/utils/helpers.go
index b81a16b..cfb86c4 100644
--- a/internal/utils/helpers.go
+++ b/internal/utils/helpers.go
@@ -53,8 +53,8 @@ func Union(a map[string]string, b map[string]string) map[string]string {
 func IsInPrivilegedNamespacesList(namespace string) string {
 	for _, nsItem := range Config.PrivilegedNamespaces {
 		if strings.Contains(nsItem, namespace) {
-			Log.Info().Msgf("Namespace %v is labeled as privileged", namespace)
-			return "privileged"
+			Log.Warn().Msgf("Namespace %v is labeled as privileged", namespace)
+			return PodSecurityPrivileged
 		}
 	}
 	return Config.PodSecurityAdmissionEnforcement