readme prepared for publication

oEscal · oEscal · commit 2f1bb7ea4eb9 · 2025-12-11T21:53:08.000Z
Signed-off-by: oEscal &lt;pedroescaleira@hotmail.com&gt;
diff --git a/README.md b/README.md
@@ -1,23 +1,30 @@
-# knative-flow-tagging
-Extension to the Knative queue-proxy for flow tagging
+# PoliFlow Enforcer
 
+Extension to the Knative queue-proxy for enforcing rules defined by the PoliFlow Extractor.
 
 ## Instructions
 
-Knative Services must have the following metadata annotation to work with this plugin:
+The image can be built using the `build.sh` Bash script.
+However, before building, it is necessary to set the `KO_DOCKER_REPO` variable to the desired container registry to which the image will be pushed to.
+
+Then, the Kubernetes cluster where Knative Services protected by the Enforcer also needs some configurations.
+These can be automatically set by running the `patch.sh` script.
+Note, however, that the script will only run successfully if Knative is already installed in the cluster.
+Moreover, the script will also need a small modification to set the correct container registry (to the same set with `KO_DOCKER_REPO` in the `build.sh` script).
+
+Regarding the Enforcer usage, Knative Services must have the following metadata annotations to work with this plugin:
 ```yaml
 spec:
   template: 
     metadata:
       annotations:
         qpoption.knative.dev/flow-activate: enable
+        qpoption.knative.dev/flow-config-allowed_json_flows: |
+          <extracted allowed paths>
+        qpoption.knative.dev/flow-config-type: event
 ```
 
-Moreover, the workflow created using SonataFlow must allow the response headers to be sent as request headers in state transitions. To achieve that, the workflows must use this version of the `incubator-kie-kogito-runtimes` (not merged yet, as of 28 of July, 2025): https://github.com/apache/incubator-kie-kogito-runtimes/pull/3939.
-After applying this modification, the Knative functions within the workflow must also set the `returnHeaders` query parameter to `true`, like the following example:
-```yaml
-functions:
-  - name: authorization
-    type: custom
-    operation: knative:services.v1.serving.knative.dev/authorization?method=POST&failOnStatusError=false&returnHeaders=true
-```
+The plugin is activated for any service that has the annotation `qpoption.knative.dev/flow-activate` set to `enable`.
+Then, the allowed paths extracted by the PoliFlow Enforcer must be set (in JSON) as the value ot the `qpoption.knative.dev/flow-config-allowed_json_flows` annotation.
+Finally, `qpoption.knative.dev/flow-config-type` is an optional annotation that can be used to set the type of protected Knative Service.
+It accepts the values `function` (default) and `event`, used to define BaaS services (such as databases, that are called through callbacks within the workflow).
diff --git a/build.sh b/build.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
-export KO_DOCKER_REPO='ghcr.io/atnog/knative-flow-tagging'
+export KO_DOCKER_REPO='ghcr.io/atnog/poliflow-enforcer'
 
 ko build ./cmd/queue --tags=latest -B
diff --git a/patch.sh b/patch.sh
@@ -2,7 +2,7 @@
 
 kubectl patch configmap config-deployment -n knative-serving \
   --type merge \
-  -p '{"data":{"queue-sidecar-image":"ghcr.io/atnog/knative-flow-tagging/queue:latest"}}'
+  -p '{"data":{"queue-sidecar-image":"ghcr.io/atnog/poliflow-enforcer/queue:latest"}}'
 
 kubectl patch configmap config-features -n knative-serving \
   --type merge \
