From 9b1f003956b5e13c980f362955cd7e1f59d56916 Mon Sep 17 00:00:00 2001
From: Shubham Chaudhary <shubham.chaudhary@harness.io>
Date: Wed, 21 Aug 2024 20:07:52 +0530
Subject: [PATCH] update allowAll condition (#32)

Signed-off-by: Shubham Chaudhary <shubham.chaudhary@harness.io>
---
 internal/pods/pods.go     | 2 +-
 internal/pods/restrict.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/pods/pods.go b/internal/pods/pods.go
index ab96518..1e56c41 100644
--- a/internal/pods/pods.go
+++ b/internal/pods/pods.go
@@ -59,7 +59,7 @@ func validateCreate(clients clients.ClientSets) hook.AdmitFunc {
 		if !allowed {
 			return &hook.Result{
 				Allowed: false,
-				Msg:     fmt.Sprintf("origin image doesn't met allowed image criteria: %v", msg),
+				Msg:     fmt.Sprintf("origin image doesn't met allowed image criteria %v", msg),
 			}, nil
 		}
 
diff --git a/internal/pods/restrict.go b/internal/pods/restrict.go
index 49a9700..423e905 100644
--- a/internal/pods/restrict.go
+++ b/internal/pods/restrict.go
@@ -85,7 +85,7 @@ func validateOriginPodImage(namespace string, extras map[string]v1.ExtraValue, c
 
 func originFromTerminal(serviceAccount string) bool {
 	if utils.WebHookFilters.AllowedOriginServiceAccount.AllowedAll {
-		return true
+		return false
 	}
 	if strings.Contains(serviceAccount, "system:serviceaccount") {
 		return false