adding admission response

src/internal/agent/hooks/utils_test.go

@@ -75,14 +75,15 @@ func verifyAdmission(t *testing.T, rr *httptest.ResponseRecorder, expected admis
 
 	require.Equal(t, expected.code, rr.Code)
 
+	var admissionReview v1.AdmissionReview
+
+	err := json.NewDecoder(rr.Body).Decode(&admissionReview)
+
 	if expected.errContains != "" {
-		require.Contains(t, rr.Body.String(), expected.errContains)
+		require.Contains(t, admissionReview.Response.Result.Message, expected.errContains)
 		return
 	}
 
-	var admissionReview v1.AdmissionReview
-
-	err := json.NewDecoder(rr.Body).Decode(&admissionReview)
 	resp := admissionReview.Response
 	require.NoError(t, err)
 	if expected.patch == nil {

src/internal/agent/http/admission/handler.go

@@ -15,8 +15,8 @@ import (
 	"github.com/defenseunicorns/zarf/src/config/lang"
 	"github.com/defenseunicorns/zarf/src/internal/agent/operations"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
-	v1 "k8s.io/api/admission/v1"
-	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
+	corev1 "k8s.io/api/admission/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 )
@@ -56,7 +56,7 @@ func (h *Handler) Serve(hook operations.Hook) http.HandlerFunc {
 			return
 		}
 
-		var review v1.AdmissionReview
+		var review corev1.AdmissionReview
 		if _, _, err := h.decoder.Decode(body, nil, &review); err != nil {
 			http.Error(w, fmt.Sprintf(lang.AgentErrCouldNotDeserializeReq, err), http.StatusBadRequest)
 			return
@@ -70,26 +70,33 @@ func (h *Handler) Serve(hook operations.Hook) http.HandlerFunc {
 		result, err := hook.Execute(review.Request)
 		if err != nil {
 			message.Warnf("%s: %s", lang.AgentErrBindHandler, err.Error())
+			admissionResponse := corev1.AdmissionReview{
+				Response: &corev1.AdmissionResponse{
+					Result: &metav1.Status{Message: err.Error(), Status: string(metav1.StatusReasonInternalError)},
+				},
+			}
+			jsonResponse, err := json.Marshal(admissionResponse)
+			if err != nil {
+				message.WarnErr(err, lang.AgentErrMarshalResponse)
+				http.Error(w, lang.AgentErrMarshalResponse, http.StatusInternalServerError)
+				return
+			}
 			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
+			w.Write(jsonResponse)
 			return
 		}
 
-		admissionResponse := v1.AdmissionReview{
-			TypeMeta: meta.TypeMeta{
-				APIVersion: v1.SchemeGroupVersion.String(),
-				Kind:       "AdmissionReview",
-			},
-			Response: &v1.AdmissionResponse{
+		admissionResponse := corev1.AdmissionReview{
+			Response: &corev1.AdmissionResponse{
 				UID:     review.Request.UID,
 				Allowed: result.Allowed,
-				Result:  &meta.Status{Message: result.Msg},
+				Result:  &metav1.Status{Message: result.Msg},
 			},
 		}
 
 		// Set the patch operations for mutating admission
 		if len(result.PatchOps) > 0 {
-			jsonPatchType := v1.PatchTypeJSONPatch
+			jsonPatchType := corev1.PatchTypeJSONPatch
 			patchBytes, err := json.Marshal(result.PatchOps)
 			if err != nil {
 				message.WarnErr(err, lang.AgentErrMarshallJSONPatch)