Check if namespace already has psa labels set

cmd/migrate.go

@@ -72,6 +72,13 @@ var MigrateCmd = &cobra.Command{
 			os.Exit(1)
 		}
 		for _, namespace := range GetNamespaces().Items {
+			// Check if namespace already has psa labels
+			if NamespaceHasPSALabels(&namespace) {
+				log.Printf("The namespace %v already has PSA labels set. So skipping....\n", namespace.Name)
+				log.Printf("The following labels are currently set on the %v namespace.\n Labels: %#v\n",
+					namespace.Name, namespace.Labels)
+				continue
+			}
 			suggestions := make(map[string]bool)
 			pods := GetPodsByNamespace(namespace.Name).Items
 			if len(pods) == 0 {
@@ -82,6 +89,8 @@ var MigrateCmd = &cobra.Command{
 				level, err := pspmigrator.SuggestedPodSecurityStandard(&pod)
 				if err != nil {
 					fmt.Println("error occured checking the suggested pod security standard", err)
+					fmt.Println("Continuing with the next namespace due to error with ", namespace.Name)
+					continue
 				}
 				suggestions[string(level)] = true
 			}

cmd/root.go

@@ -26,12 +26,6 @@ import (
 	"k8s.io/client-go/util/homedir"
 
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
-	//
-	// Or uncomment to load specific auth plugins
-	_ "k8s.io/client-go/plugin/pkg/client/auth/azure"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/openstack"
 )
 
 var RootCmd = &cobra.Command{

cmd/utils.go

@@ -18,6 +18,7 @@ package cmd
 
 import (
 	"context"
+	"strings"
 
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -68,3 +69,12 @@ func ApplyPSSLevel(namespace *v1.Namespace, level psaApi.Level, control string)
 		panic(err.Error())
 	}
 }
+
+func NamespaceHasPSALabels(namespace *v1.Namespace) bool {
+	for k, _ := range namespace.Labels {
+		if strings.HasPrefix(k, "pod-security.kubernetes.io") {
+			return true
+		}
+	}
+	return false
+}