1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Merge pull request from JimBugwadia/fix_cosign_response_handling

handle Critical and critical in Cosign response payload
This commit is contained in:
Jim Bugwadia 2021-10-28 12:52:45 -07:00 committed by GitHub
commit 22c8231083
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -261,7 +261,7 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
log.V(4).Info("image verification response", "image", imgRef, "payload", jsonMap)
// The cosign response is in the JSON format:
// The expected response is in the JSON format:
// {
// "critical": {
// "identity": {
@ -274,7 +274,19 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
// },
// "optional": null
// }
critical := jsonMap["critical"].(map[string]interface{})
// some versions of Cosign seem to return "Critical" instead of "critical".
// check for both...
var critical map[string]interface{}
if jsonMap["critical"] != nil {
critical = jsonMap["critical"].(map[string]interface{})
} else if jsonMap["Critical"] != nil {
critical = jsonMap["Critical"].(map[string]interface{})
} else {
log.Info("unexpected image verification payload", "image", imgRef, "payload", jsonMap)
continue
}
if critical != nil {
typeStr := critical["type"].(string)
if typeStr == "cosign container image signature" {