docs: Updated documentation to be more readable

Dockerfile

@@ -1,8 +1,6 @@
 FROM --platform=linux/amd64 python:alpine
-  # checkov:skip=BC_VUL_1: Not using --extra-index-url in the pip install process
-WORKDIR /app
 
-LABEL TESTING="Value1"
+WORKDIR /app
 
 ENV PYTHONUNBUFFERED=1
 

README.md

@@ -12,6 +12,21 @@ Kubernetes CronJob to update automatically Prisma Cloud defender DaemonSet in a
 > * This process was tested on GCP Artifact Registry and Azure Container Registry.
 > <br></br>
 
+## Pre-requisites
+### Prisma Cloud SaaS Service Account
+In Prisma Cloud SaaS version go to **Settings** > **Access Control** > **Add** > **Permissions Group**. Here you must create a Permissions Group with View and Update for the Defenders Management permission and View for System permission. While you are creating a Permissions Group, the Defenders Management and System permissions can be found under **Assing Permissions** > **Compute** > **Manage** as in the following image:
+
+![Least Privileges Permissions Group - Prisma Cloud SaaS version](./images/saas-least-privileges.png)
+
+Once created this permissions group, you must create a role with access to On-Prem and Other Cloud Providers and its corresponding service account. The values of the access key and secret key of this service account must be the values assigned to *compute.username* and *compute.password* of the helm chart respectively.
+
+### Prisma Cloud self-hosted user
+If you are using the self-hosted version of Prisma Cloud, you must create a role with Read and Write for the Defenders Management permission, Read for System permission and no access to the Console IU. While you are creating a Role, the Collections and Tags permission can be found under the Manage tab as in the following image:
+
+![Least Privileges Role - Prisma Cloud self-hosted version](./images/self-hosted-least-privileges.png)
+
+Once created this role, you must create the belonging local user. The values of the username and password of this user must be the values assigned to *compute.username* and *compute.password* of the helm chart respectively.
+
 ## Installation
 ### 1. Build Image
 First you need to create your own Docker image. For that you'll need to download the following files:
@@ -36,11 +51,8 @@ For MacOS is recommended to add the flag *--platform=linux/amd64* to the build c
 $ docker build --platform=linux/amd64 -t ${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} .
 ```
 
-### 2. Install CronJob
-You can install either via helm or kubectl. Helm is recommended.
-
-#### Helm Method
-To install the CronJob via helm, first create a *values.yaml* file like the following:
+### 2. Setup Values file
+If using Helm as installation method (recommended) therefore create first create a *values.yaml* file like the following:
 
 ```yaml
 compute:
@@ -59,7 +71,7 @@ defender:
   collect_pod_labels: true
   monitor_service_accounts: true
 ```
-Substitute the variables for current values. The values of *compute.username* and *compute.password* are in plain text and the value *job.pull_secret_dockerconfigjson* in encoded in base 64 which is use to authenticate with the image registry.
+Substitute the variables for current values. The values of *compute.username* and *compute.password* are in plain text and the value *job.pull_secret_dockerconfigjson* in encoded in base 64 which is use to authenticate with the image registry to pull the updater image, but it is not required if there's an existing secret. 
 
 Instead of using the value *job.pull_secret_dockerconfigjson* for authentication, you can use the following values:
 ```yaml
@@ -69,13 +81,7 @@ job:
     username: REGISTRY_USERNAME
     password: REGISTRY_PASSWORD
 ```
-All these values in plain text.
-
-Once done install the helm chart using the following command:
 
-```bash
-$ helm upgrade --install -n twistlock -f values.yaml --create-namespace --repo https://paloaltonetworks.github.io/pcs-cwp-defender-updater twistlock-updater twistlock-updater
-```
 **Use Cases**
 * **OpenShift**<br>
 For OpenShift cluster please add the following values:
@@ -114,15 +120,15 @@ job:
   has_volume: false
 ```
 
-**Troubleshooting**<br>
-In case if the ```helm uninstall``` fails, run the next commands to delete chart:
-```bash
-$ helm uninstall twistlock-updater -n twistlock --no-hooks
-$ kubectl delete job twistlock-updater-delete -n twistlock
-```
+### 3. Install CronJob
+You can install either via helm or kubectl. Helm is recommended.
 
-For more parameters that the *values.yaml* file can support, please refer on this repository to the file *Chart/twistlock-updater-helm/values.yaml*.
+#### Helm Method
+Once setup your values file, install the helm chart using the following command:
 
+```bash
+$ helm upgrade --install -n twistlock -f values.yaml --create-namespace --repo https://paloaltonetworks.github.io/pcs-cwp-defender-updater twistlock-updater twistlock-updater
+```
 
 #### Kubectl Method
 As reference you could use the file *twistlock-updater.yaml* found on this repository. Just substitute the values of the variables **PRISMA_USERNAME**, **PRISMA_PASSWORD**, **DOCKER_CONFIG**, **IMAGE_NAME** and **COMPUTE_API_ENDPOINT** found on this file, adjust as needed (like removing the ConfigMap **daemonset-extra-config** from the document and it's mounted volume in the CronJob manifest) and apply such a file.
@@ -134,23 +140,11 @@ $ kubectl apply -f twistlock-updater.yaml
 The variables **PRISMA_USERNAME**, **PRISMA_PASSWORD** and **DOCKER_CONFIG** must be encoded in base64.
 
 
-## Least privilege permissions
-### Prisma Cloud SaaS version
-In order to grant the least privileges to a user or service account in the SaaS version of Prisma Cloud, you must create a Permissions Group with View and Update for the Defenders Management permission and View for System permission. While you are creating a Permissions Group, the Defenders Management and System permissions can be found under **Assing Permissions** > **Compute** > **Manage** as in the following image:
-
-![Least Privileges Permissions Group - Prisma Cloud SaaS version](./images/saas-least-privileges.png)
-
-Once created this permissions group, you must create a role and then the belonging user or service account.
-
->**NOTE**
-> * You must assing an account group to the role. Be sure to add the account groups of the accounts you need to modify. 
-> * Is recommended to use a service account and access key.
-> <br/><br/>
-
-### Prisma Cloud self-hosted version
-In order to grant the least privileges to a user in the self-hosted version of Prisma Cloud, you must create a role with Read and Write for the Defenders Management permission, Read for System permission and no access to the Console IU. While you are creating a Role, the Collections and Tags permission can be found under the Manage tab as in the following image:
-
-![Least Privileges Role - Prisma Cloud self-hosted version](./images/self-hosted-least-privileges.png)
-
-Once created this role, you must create the belonging user.
+**Troubleshooting**<br>
+In case if perfomed the installation via helm and you want to uninstall it but the ```helm uninstall``` fails, run the next commands to delete chart:
+```bash
+$ helm uninstall twistlock-updater -n twistlock --no-hooks
+$ kubectl delete job twistlock-updater-delete -n twistlock
+```
 
+For more parameters that the *values.yaml* file can support, please refer on this repository to the file *Chart/twistlock-updater-helm/values.yaml*.

SUPPORT.md

@@ -0,0 +1,4 @@
+# Community Supported
+This template/solution is released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (Prisma Cloud) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself.
+
+Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.

requirements.txt

@@ -1,2 +1,2 @@
-requests>=2.31.0
-kubernetes>=28.1.0
+requests==2.31.0
+kubernetes==28.1.0