refactored privilege pss logic (#181)

* refactored privilege pss logic

Signed-off-by: Ved Ratan <[email protected]>

pkg/adapter/nimbus-kyverno/processor/kcpbuilder.go

@@ -60,9 +60,6 @@ func clusterEscapeToHost(cnp *v1alpha1.ClusterNimbusPolicy, rule v1alpha1.Rule)
 		case "restricted":
 			psa_level = api.LevelRestricted
 
-		case "privileged":
-			psa_level = api.LevelPrivileged
-
 		default:
 			psa_level = api.LevelBaseline
 		}
@@ -131,7 +128,7 @@ func clusterEscapeToHost(cnp *v1alpha1.ClusterNimbusPolicy, rule v1alpha1.Rule)
 			Background: &background,
 			Rules: []kyvernov1.Rule{
 				{
-					Name: "restricted",
+					Name: "pod-security-standard",
 					MatchResources: kyvernov1.MatchResources{
 						Any: matchFilters,
 					},

pkg/adapter/nimbus-kyverno/processor/kpbuilder.go

@@ -59,10 +59,7 @@ func escapeToHost(np *v1alpha1.NimbusPolicy, rule v1alpha1.Rule) kyvernov1.Polic
 		switch rule.Params["psa_level"][0] {
 		case "restricted":
 			psa_level = api.LevelRestricted
-
-		case "privileged":
-			psa_level = api.LevelPrivileged
-
+
 		default:
 			psa_level = api.LevelBaseline
 		}
@@ -76,7 +73,7 @@ func escapeToHost(np *v1alpha1.NimbusPolicy, rule v1alpha1.Rule) kyvernov1.Polic
 			Background: &background,
 			Rules: []kyvernov1.Rule{
 				{
-					Name: "restricted",
+					Name: "pod-security-standard",
 					MatchResources: kyvernov1.MatchResources{
 						Any: kyvernov1.ResourceFilters{
 							kyvernov1.ResourceFilter{

tests/e2e/escape-to-host-clusterscoped-matchall/cluster-kyverno-policy.yaml

@@ -40,7 +40,7 @@ spec:
               app: nginx
       resources: {}
     mutate: {}
-    name: restricted
+    name: pod-security-standard 
     skipBackgroundRequests: true
     validate:
       podSecurity:

tests/e2e/escape-to-host/kyverno-policy.yaml

@@ -31,7 +31,7 @@ spec:
               app: nginx
       resources: {}
     mutate: {}
-    name: restricted
+    name: pod-security-standard
     skipBackgroundRequests: true
     validate:
       podSecurity: