From c767ab3131ab2cfdb987be787141ef0d7a4b28df Mon Sep 17 00:00:00 2001
From: Berk Dehrioglu <berk@giantswarm.io>
Date: Mon, 9 Oct 2023 19:33:16 +0300
Subject: [PATCH] add toggle value for PSS migration (#1741)

* add toggle value for PSS migration

* update nancy-ignore
---
 .nancy-ignore                          |  3 +++
 CHANGELOG.md                           |  4 ++++
 helm/azure-operator/templates/psp.yaml |  2 ++
 helm/azure-operator/values.schema.json | 13 +++++++++++++
 helm/azure-operator/values.yaml        |  4 ++++
 5 files changed, 26 insertions(+)

diff --git a/.nancy-ignore b/.nancy-ignore
index cb9874cc5d..dee4f12d1e 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -25,3 +25,6 @@ CVE-2023-29401
 
 # pkg:golang/google.golang.org/grpc@v1.50.1
 CVE-2023-32731
+
+#pkg:golang/golang.org/x/net@v0.9.0
+CVE-2023-3978 until=2023-11-30
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 316aa8ded9..bc77c74df5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add `global.podSecurityStandards.enforced` value for PSS migration.
+
 ## [8.2.0] - 2023-07-14
 
 ### Fixed
diff --git a/helm/azure-operator/templates/psp.yaml b/helm/azure-operator/templates/psp.yaml
index 942cd2a857..d4d9d0a449 100644
--- a/helm/azure-operator/templates/psp.yaml
+++ b/helm/azure-operator/templates/psp.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.global.podSecurityStandards.enforced }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -32,3 +33,4 @@ spec:
   hostNetwork: false
   hostIPC: false
   hostPID: false
+{{- end }}
diff --git a/helm/azure-operator/values.schema.json b/helm/azure-operator/values.schema.json
index fea1bab428..26d16e5e7d 100644
--- a/helm/azure-operator/values.schema.json
+++ b/helm/azure-operator/values.schema.json
@@ -310,6 +310,19 @@
                     }
                 }
             }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "podSecurityStandards": {
+                    "type": "object",
+                    "properties": {
+                        "enforced": {
+                            "type": "boolean"
+                        }
+                    }
+                }
+            }
         }
     }
 }
diff --git a/helm/azure-operator/values.yaml b/helm/azure-operator/values.yaml
index 4d63f683d6..470ea4e5d9 100644
--- a/helm/azure-operator/values.yaml
+++ b/helm/azure-operator/values.yaml
@@ -84,3 +84,7 @@ registry:
     token: ""
 verticalPodAutoscaler:
   enabled: true
+
+global:
+  podSecurityStandards:
+    enforced: false