From 61dc8e6f6f6874f0741939f34e5e5fac92bb7175 Mon Sep 17 00:00:00 2001 From: Hunter Gregory <42728408+huntergregory@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:33:43 -0800 Subject: [PATCH] docs: include explain mode in walkthrough demo Signed-off-by: Hunter Gregory <42728408+huntergregory@users.noreply.github.com> --- .../examples/demos/walkthrough/README.md | 36 ++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/cmd/policy-assistant/examples/demos/walkthrough/README.md b/cmd/policy-assistant/examples/demos/walkthrough/README.md index 1c3908c5..85c95a86 100644 --- a/cmd/policy-assistant/examples/demos/walkthrough/README.md +++ b/cmd/policy-assistant/examples/demos/walkthrough/README.md @@ -5,6 +5,8 @@ ## Overview +### Walkthrough + ```bash # single source/destination read from cluster. policies read from YAML files policy-assistant analyze --mode walkthrough \ @@ -34,6 +36,38 @@ Example output: +-------------------------------------------------+---------+-----------------------------------------------------------------------------+------------------------------+ ``` +### Explain + +We can also summarize our policies in a table: + +```bash +$ policy-assistant analyze --mode walkthrough --policy-path policies/ +explained policies: ++---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+ +| TYPE | SUBJECT | SOURCE RULES | PEER | ACTION | PORT/PROTOCOL | ++---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+ +| Ingress | Namespace: | [NPv1] demo/deny-anything-to-pod-a | no peers | NPv1: | none | +| | demo | | | Allow any peers | | +| | Pod: | | | | | +| | pod = a | | | | | ++ +------------+------------------------------------+-----------------------+---------------------------------+--------------------------+ +| | Namespace: | [ANP] default/anp1 | Namespace: | BANP: | all ports, all protocols | +| | all | [ANP] default/anp2 | all | Deny | | +| | | [BANP] default/default | Pod: | | | +| | | | all | | | ++ + + +-----------------------+---------------------------------+ + +| | | | Namespace: | ANP: | | +| | | | development = true | pri=2 (development-ns): Pass | | +| | | | Pod: | | | +| | | | all | | | ++ + + +-----------------------+---------------------------------+--------------------------+ +| | | | Namespace: | ANP: | port 80 on protocol TCP | +| | | | all | pri=1 (allow-80): Allow | | +| | | | Pod: | | | +| | | | all | | | ++---------+------------+------------------------------------+-----------------------+---------------------------------+--------------------------+ +``` + ## Demo To try for yourself: @@ -42,7 +76,7 @@ To try for yourself: 1. Leverage the JSON/YAML files in this folder. 1. Not required: create a Kubernetes cluster and apply any desired YAML files. -## Usage +## Walkthrough Usage ### Specifying Policies