Try ImageReview instead

go.mod

@@ -2,7 +2,7 @@ module github.com/mikejoh/imagine
 
 go 1.23.2
 
-require k8s.io/api v0.31.2
+require k8s.io/api v0.31.3
 
 require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -17,7 +17,7 @@ require (
 	golang.org/x/text v0.16.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apimachinery v0.31.2 // indirect
+	k8s.io/apimachinery v0.31.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

go.sum

@@ -81,10 +81,10 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0=
-k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk=
-k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
-k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8=
+k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE=
+k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
+k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=

main.go

@@ -10,8 +10,7 @@ import (
 	"net/http"
 	"strings"
 
-	admission "k8s.io/api/admission/v1"
-	corev1 "k8s.io/api/core/v1"
+	imagepolicy "k8s.io/api/imagepolicy/v1alpha1"
 )
 
 type imagineOpts struct {
@@ -73,7 +72,7 @@ func imagineHandler(imageName string) http.HandlerFunc {
 			return
 		}
 
-		var admissionReview admission.AdmissionReview
+		var imageReview imagepolicy.ImageReview
 
 		body, err := io.ReadAll(r.Body)
 		if err != nil {
@@ -83,40 +82,23 @@ func imagineHandler(imageName string) http.HandlerFunc {
 		}
 
 		log.Printf("Raw JSON request body: %s", string(body))
-		if err := json.NewDecoder(r.Body).Decode(&admissionReview); err != nil {
+		if err := json.Unmarshal(body, &imageReview); err != nil {
 			log.Printf("Failed to decode request body: %v", err)
 			http.Error(w, "could not decode request body", http.StatusBadRequest)
 			return
 		}
 
-		if admissionReview.Request == nil {
-			log.Printf("AdmissionReview.Request is nil")
-			http.Error(w, "invalid admission review request", http.StatusBadRequest)
-			return
-		}
-
-		var pod corev1.Pod
-		if err := json.Unmarshal(admissionReview.Request.Object.Raw, &pod); err != nil {
-			log.Printf("Failed to decode pod spec: %v", err)
-			http.Error(w, "could not decode pod spec", http.StatusBadRequest)
-			return
-		}
-
-		// Check if the provided image name is in the Pod's containers
 		var allowed bool
-		for _, container := range pod.Spec.Containers {
-			if !strings.Contains(container.Image, imageName) {
+		for _, container := range imageReview.Spec.Containers {
+			if strings.Contains(container.Image, imageName) {
 				allowed = true
 				break
 			}
 		}
 
-		admissionResponse := admission.AdmissionResponse{
-			Allowed: allowed,
-		}
+		imageReview.Status.Allowed = allowed
 
-		admissionReview.Response = &admissionResponse
-		responseBytes, err := json.Marshal(admissionReview)
+		responseBytes, err := json.Marshal(imageReview)
 		if err != nil {
 			log.Printf("Failed to encode response: %v", err)
 			http.Error(w, "could not encode response", http.StatusInternalServerError)