Skip to content

Commit

Permalink
docs: include explain mode in walkthrough demo
Browse files Browse the repository at this point in the history
Signed-off-by: Hunter Gregory <[email protected]>
  • Loading branch information
huntergregory committed Nov 11, 2024
1 parent 69b62f2 commit 61dc8e6
Showing 1 changed file with 35 additions and 1 deletion.
36 changes: 35 additions & 1 deletion cmd/policy-assistant/examples/demos/walkthrough/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

## Overview

### Walkthrough

```bash
# single source/destination read from cluster. policies read from YAML files
policy-assistant analyze --mode walkthrough \
Expand Down Expand Up @@ -34,6 +36,38 @@ Example output:
+-------------------------------------------------+---------+-----------------------------------------------------------------------------+------------------------------+
```

### Explain

We can also summarize our policies in a table:

```bash
$ policy-assistant analyze --mode walkthrough --policy-path policies/
explained policies:
+---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+
| TYPE | SUBJECT | SOURCE RULES | PEER | ACTION | PORT/PROTOCOL |
+---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+
| Ingress | Namespace: | [NPv1] demo/deny-anything-to-pod-a | no peers | NPv1: | none |
| | demo | | | Allow any peers | |
| | Pod: | | | | |
| | pod = a | | | | |
+ +------------+------------------------------------+-----------------------+---------------------------------+--------------------------+
| | Namespace: | [ANP] default/anp1 | Namespace: | BANP: | all ports, all protocols |
| | all | [ANP] default/anp2 | all | Deny | |
| | | [BANP] default/default | Pod: | | |
| | | | all | | |
+ + + +-----------------------+---------------------------------+ +
| | | | Namespace: | ANP: | |
| | | | development = true | pri=2 (development-ns): Pass | |
| | | | Pod: | | |
| | | | all | | |
+ + + +-----------------------+---------------------------------+--------------------------+
| | | | Namespace: | ANP: | port 80 on protocol TCP |
| | | | all | pri=1 (allow-80): Allow | |
| | | | Pod: | | |
| | | | all | | |
+---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+
```

## Demo

To try for yourself:
Expand All @@ -42,7 +76,7 @@ To try for yourself:
1. Leverage the JSON/YAML files in this folder.
1. Not required: create a Kubernetes cluster and apply any desired YAML files.

## Usage
## Walkthrough Usage

### Specifying Policies

Expand Down

0 comments on commit 61dc8e6

Please sign in to comment.