mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00
Code Activity

handle Critical and critical in Cosign response payload

Browse source 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Jim Bugwadia 2021-10-28 10:58:55 -07:00
parent 4835157cc4
commit 3a166f1faf
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/cosign/cosign.go
View file

@ -261,7 +261,7 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
log.V(4).Info("image verification response", "image", imgRef, "payload", jsonMap)
// The cosign response is in the JSON format:
// The expected response is in the JSON format:
// {
// "critical": {
// "identity": {
@ -274,7 +274,19 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
// },
// "optional": null
// }
critical := jsonMap["critical"].(map[string]interface{})
// some versions of Cosign seem to return "Critical" instead of "critical".
// check for both...
var critical map[string]interface{}
if jsonMap["critical"] != nil {
critical = jsonMap["critical"].(map[string]interface{})
} else if jsonMap["Critical"] != nil {
critical = jsonMap["Critical"].(map[string]interface{})
} else {
log.Info("unexpected image verification payload", "image", imgRef, "payload", jsonMap)
continue
}
if critical != nil {
typeStr := critical["type"].(string)
if typeStr == "cosign container image signature" {