diff --git a/go.mod b/go.mod index 425d0b2..cb96640 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/mikejoh/imagine go 1.23.2 -require k8s.io/api v0.31.2 +require k8s.io/api v0.31.3 require ( github.com/fxamacker/cbor/v2 v2.7.0 // indirect @@ -17,7 +17,7 @@ require ( golang.org/x/text v0.16.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apimachinery v0.31.2 // indirect + k8s.io/apimachinery v0.31.3 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index ae93c83..598dc66 100644 --- a/go.sum +++ b/go.sum @@ -81,10 +81,10 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= diff --git a/main.go b/main.go index d8e3c89..0be732d 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,7 @@ import ( "net/http" "strings" - admission "k8s.io/api/admission/v1" - corev1 "k8s.io/api/core/v1" + imagepolicy "k8s.io/api/imagepolicy/v1alpha1" ) type imagineOpts struct { @@ -73,7 +72,7 @@ func imagineHandler(imageName string) http.HandlerFunc { return } - var admissionReview admission.AdmissionReview + var imageReview imagepolicy.ImageReview body, err := io.ReadAll(r.Body) if err != nil { @@ -83,40 +82,23 @@ func imagineHandler(imageName string) http.HandlerFunc { } log.Printf("Raw JSON request body: %s", string(body)) - if err := json.NewDecoder(r.Body).Decode(&admissionReview); err != nil { + if err := json.Unmarshal(body, &imageReview); err != nil { log.Printf("Failed to decode request body: %v", err) http.Error(w, "could not decode request body", http.StatusBadRequest) return } - if admissionReview.Request == nil { - log.Printf("AdmissionReview.Request is nil") - http.Error(w, "invalid admission review request", http.StatusBadRequest) - return - } - - var pod corev1.Pod - if err := json.Unmarshal(admissionReview.Request.Object.Raw, &pod); err != nil { - log.Printf("Failed to decode pod spec: %v", err) - http.Error(w, "could not decode pod spec", http.StatusBadRequest) - return - } - - // Check if the provided image name is in the Pod's containers var allowed bool - for _, container := range pod.Spec.Containers { - if !strings.Contains(container.Image, imageName) { + for _, container := range imageReview.Spec.Containers { + if strings.Contains(container.Image, imageName) { allowed = true break } } - admissionResponse := admission.AdmissionResponse{ - Allowed: allowed, - } + imageReview.Status.Allowed = allowed - admissionReview.Response = &admissionResponse - responseBytes, err := json.Marshal(admissionReview) + responseBytes, err := json.Marshal(imageReview) if err != nil { log.Printf("Failed to encode response: %v", err) http.Error(w, "could not encode response", http.StatusInternalServerError)