From 363dec3a42b446f39cddce4a2918d40e4a1585e7 Mon Sep 17 00:00:00 2001
From: Arik Alon <alon.arik@gmail.com>
Date: Tue, 3 Mar 2026 20:27:13 +0200
Subject: [PATCH] remove patchType when no patch is available (invalid)

---
 enforcer/enforcer_main.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/enforcer/enforcer_main.py b/enforcer/enforcer_main.py
index fad8ea06..de26e05e 100644
--- a/enforcer/enforcer_main.py
+++ b/enforcer/enforcer_main.py
@@ -158,15 +158,18 @@ async def mutate(request: AdmissionReview):
 
         logger.debug("Pod patches %s", patches)
 
+        response = {
+            "uid": request.request.get("uid"),
+            "allowed": True,
+        }
+        if patches:
+            response["patchType"] = "JSONPatch"
+            response["patch"] = base64.b64encode(json.dumps(patches).encode()).decode()
+
         return {
             "apiVersion": "admission.k8s.io/v1",
             "kind": "AdmissionReview",
-            "response": {
-                "uid": request.request.get("uid"),
-                "allowed": True,
-                "patchType": "JSONPatch",
-                "patch": base64.b64encode(json.dumps(patches).encode()).decode() if patches else None
-            }
+            "response": response
         }
         
     except Exception as e: