xlsx_to_k8s_network_policy 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ac9cb890b2d2eba2e4b42ceaab0fa0694151b77c8d47315c7215ed1c72d6f581
+  data.tar.gz: dfb6e10fd68f634edfee4a100d6d2876c809d6bd915a49907cd59de05a84f374
+SHA512:
+  metadata.gz: 9f6e8d9ed965d98a13a9b07a9c0734f1df2553ccb8b976d2fae32d642b629f482b2969bf99c23dd1d10044a5265de0c8ca464ffe5f86c612ac714c7326ef461c
+  data.tar.gz: 57e1222d17672a34618533611ab0de5e4bffd59e791ad2137a26af4cdac4b2d6e65acc6af4bf0ec707860da7aacbe918f9b6bfac3b64d8df166a2ac96722ee03

data/Gemfile

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gem 'activesupport', '~> 5.1.4'
+gem 'roo', '~> 2.7.1'
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem 'bundler', '~> 1.16.1'
+  gem 'juwelier', '~> 2.1.0'
+  gem 'rdoc', '~> 6.0.1'
+  gem 'rspec', '~> 3.7'
+  gem 'rubocop', '~> 0.52.1'
+  gem 'shoulda', '~> 3.5.0'
+  gem 'simplecov', '~> 0.15.1'
+end

data/Gemfile.lock

@@ -0,0 +1,122 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.1.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ast (2.4.0)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    faraday (0.12.2)
+      multipart-post (>= 1.2, < 3)
+    git (1.3.0)
+    github_api (0.18.2)
+      addressable (~> 2.4)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8)
+      hashie (~> 3.5, >= 3.5.2)
+      oauth2 (~> 1.0)
+    hashie (3.5.7)
+    highline (1.7.10)
+    i18n (0.9.3)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    juwelier (2.1.3)
+      builder
+      bundler (>= 1.13)
+      git (>= 1.2.5)
+      github_api
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      rake
+      rdoc
+      semver
+    jwt (1.5.6)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    parallel (1.12.1)
+    parser (2.4.0.2)
+      ast (~> 2.3)
+    powerpack (0.1.1)
+    public_suffix (3.0.1)
+    rack (2.0.4)
+    rainbow (3.0.0)
+    rake (12.3.0)
+    rdoc (6.0.1)
+    roo (2.7.1)
+      nokogiri (~> 1)
+      rubyzip (~> 1.1, < 2.0.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rubocop (0.52.1)
+      parallel (~> 1.10)
+      parser (>= 2.4.0.2, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    rubyzip (1.2.1)
+    semver (1.0.1)
+    shoulda (3.5.0)
+      shoulda-context (~> 1.0, >= 1.0.1)
+      shoulda-matchers (>= 1.4.1, < 3.0)
+    shoulda-context (1.2.2)
+    shoulda-matchers (2.8.0)
+      activesupport (>= 3.0.0)
+    simplecov (0.15.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (~> 5.1.4)
+  bundler (~> 1.16.1)
+  juwelier (~> 2.1.0)
+  rdoc (~> 6.0.1)
+  roo (~> 2.7.1)
+  rspec (~> 3.7)
+  rubocop (~> 0.52.1)
+  shoulda (~> 3.5.0)
+  simplecov (~> 0.15.1)
+
+BUNDLED WITH
+   1.16.1

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2018 Alistair A. Israel
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,165 @@
+# xlsx_to_k8s_network_policy
+
+Converts an Excel (`.xlsx`) spreadsheet into a Kubernetes network policy resource definition YAML file.
+
+See [https://kubernetes.io/docs/concepts/services-networking/network-policies/](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+
+See test/fixtures/network_policy.xlsx, or [this Google sheet](https://docs.google.com/spreadsheets/d/e/2PACX-1vRj2xVTUJERb9oP9rBth1hbAef5XwXO5NrBUIK1HbryBFMhrE7J5YtXiWNUuxEnb3oB7kcJBKDWoIT2/pubhtml) for a sample Excel file.
+
+#### Sample Network Policy
+
+First, define a `Zones` sheet that contains the zones and their corresponding network CIDRs. Separate multiple CIDRs using commas. For example:
+
+|Zone          |CIDRs                     |
+|--------------|--------------------------|
+|Front End     |10.10.1.0/24, 10.10.2.0/24|
+|Back End      |10.11.0.0/24              |
+|Infrastructure|10.12.0.0/24              |
+
+Next, define a `ZoneToZone` sheet that defines the zone to zone network access. For example:
+
+|              |Front End|Back End|Infrastructure|
+|--------------|---------|--------|--------------|
+|Front End     |Y        |Y       |N             |
+|Back End      |         |Y       |Y             |
+|Infrastructure|         |        |Y             |
+
+This defines rules that allow intra-zone traffic for all zones, and one-way traffic from the `Front End` zone to the `Back End` zone, and from the `Back End` zone to the `Infrastructure` zone.
+
+
+#### Generated YAML
+
+That Excel file generates the following YAML file:
+
+```
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: front-end-zone
+spec:
+  podSelector:
+    matchLabels:
+      zone: front-end
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          zone: front-end
+    - ipBlock: 10.10.1.0/24
+    - ipBlock: 10.10.2.0/24
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          zone: front-end
+    - ipBlock: 10.10.1.0/24
+    - ipBlock: 10.10.2.0/24
+    - podSelector:
+        matchLabels:
+          zone: back-end
+    - ipBlock: 10.11.0.0/24
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: back-end-zone
+spec:
+  podSelector:
+    matchLabels:
+      zone: back-end
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          zone: back-end
+    - ipBlock: 10.11.0.0/24
+    - podSelector:
+        matchLabels:
+          zone: front-end
+    - ipBlock: 10.10.1.0/24
+    - ipBlock: 10.10.2.0/24
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          zone: back-end
+    - ipBlock: 10.11.0.0/24
+    - podSelector:
+        matchLabels:
+          zone: infrastructure
+    - ipBlock: 10.12.0.0/24
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: infrastructure-zone
+spec:
+  podSelector:
+    matchLabels:
+      zone: infrastructure
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          zone: infrastructure
+    - ipBlock: 10.12.0.0/24
+    - podSelector:
+        matchLabels:
+          zone: back-end
+    - ipBlock: 10.11.0.0/24
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          zone: infrastructure
+    - ipBlock: 10.12.0.0/24
+```
+
+### Installation
+
+This gem was developed using Ruby 2.5.0, but may work with earlier Ruby 2.x.
+
+```
+$ gem install xlsx_to_k8s_network_policy
+```
+
+### Usage
+
+```
+$ xlsx_to_k8s_network_policy network_policy.xlsx network_policy.yml
+```
+
+#### Contributing to `xlsx_to_k8s_network_policy`
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+#### Copyright
+
+Copyright (c) 2018 Alistair A. Israel. See LICENSE.txt for
+further details.

data/Rakefile

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  warn e.message
+  warn 'Run `bundle install` to install missing gems'
+  exit e.status_code
+end
+require 'rake'
+require 'juwelier'
+Juwelier::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = 'xlsx_to_k8s_network_policy'
+  gem.homepage = 'http://github.com/aisrael/xlsx_to_k8s_network_policy'
+  gem.license = 'MIT'
+  gem.summary = %(Generate Kubernetes Network Policy from Excel)
+  gem.description = %(Generate Kubernetes Network Policy YAML resource definitions from .xlsx Excel spreadsheets)
+  gem.email = 'aisrael@gmail.com'
+  gem.authors = ['Alistair A. Israel']
+  gem.files.exclude '.*'
+  gem.files.exclude 'test/**/*'
+  gem.files.exclude 'spec/**/*'
+
+  # dependencies defined in Gemfile
+end
+Juwelier::RubygemsDotOrgTasks.new
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+desc 'Code coverage detail'
+task :simplecov do
+  ENV['COVERAGE'] = 'true'
+  Rake::Task['test'].execute
+end
+
+task default: :test
+
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ''
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "xlsx_to_k8s_network_policy #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/bin/xlsx_to_k8s_network_policy

@@ -0,0 +1,43 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'xlsx_to_k8s_network_policy'
+
+if ARGV.size < 2
+  puts <<-USAGE
+    Usage:
+
+      xls_to_k8s_network_policy <path/to/document.xlsx> <path/to/output.yml>
+  USAGE
+  exit 1
+end
+
+XLSX_FILENAME = ARGV[0]
+unless File.exist?(XLSX_FILENAME) && File.readable?(XLSX_FILENAME)
+  warn %(File "#{XLSX_FILENAME}" does not exist or cannot be read!)
+  exit 1
+end
+
+unless File.file?(XLSX_FILENAME)
+  warn %(File "#{XLSX_FILENAME}" is not a regular file!)
+  exit 1
+end
+
+OUTPUT_FILENAME = ARGV[1]
+OUTPUT_DIR = File.dirname(OUTPUT_FILENAME)
+
+unless File.exist?(OUTPUT_DIR) &&
+       File.directory?(OUTPUT_DIR) &&
+       File.readable?(OUTPUT_DIR) &&
+       File.writable?(OUTPUT_DIR)
+  warn %(Directory "#{OUTPUT_DIR}" does not exist or cannot be read or written to!)
+  exit 1
+end
+
+if File.exist?(OUTPUT_FILENAME)
+  warn %(File "#{OUTPUT_FILENAME}" exists! Cowardly refusing to clobber output file.)
+  exit 1
+end
+
+network_policies = Reader.read(XLSX_FILENAME)
+Writer.write(network_policies, OUTPUT_FILENAME)

data/lib/xlsx_to_k8s_network_policy.rb

@@ -0,0 +1,365 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+require 'active_support/core_ext/hash'
+require 'roo'
+require 'yaml'
+
+# A base label selector
+class LabelSelector
+  # A `matchLabels` label selector
+  class MatchLabels < LabelSelector
+    attr_reader :labels
+    def initialize(labels = nil)
+      @labels = labels || {}
+    end
+
+    def []=(key, value)
+      @labels[key] = value
+    end
+
+    def as_hash
+      return {} if @labels.empty?
+      {
+        matchLabels: @labels
+      }
+    end
+  end
+  # TODO: MatchExpressions < LabelSelector
+  def ==(other)
+    other.class == self.class && other.labels == labels
+  end
+end
+
+# A `podSelector`
+class PodSelector
+  attr_reader :label_selector
+
+  def initialize(label_selector = nil)
+    @label_selector = label_selector || LabelSelector::MatchLabels.new
+  end
+
+  def []=(key, value)
+    @label_selector[key] = value
+  end
+
+  def as_hash
+    {
+      podSelector: label_selector.as_hash
+    }
+  end
+
+  def ==(other)
+    other.class == self.class && other.label_selector == label_selector
+  end
+end
+
+# The _real_ NetworkPolicy
+class NetworkPolicy
+  attr_reader :name
+  attr_reader :pod_selector
+  attr_reader :ingresses
+  attr_reader :egresses
+
+  def self.deny_all
+    NetworkPolicy.new('default-deny', PodSelector.new)
+  end
+
+  def initialize(name, pod_selector)
+    raise %(Invalid name "#{name}". Must consist of [a-z_-]+) unless /^[a-z_-]+$/ =~ name
+    @name = name
+    @pod_selector = pod_selector
+    @ingresses = []
+    @egresses = []
+  end
+
+  class NetworkPolicyPeer
+    # An {ipBlock: cidr} NetworkPolicyPeer
+    class IPBlock < NetworkPolicyPeer
+      attr_reader :cidr
+      def initialize(cidr = nil)
+        @cidr = cidr || []
+      end
+
+      def as_hash
+        {
+          ipBlock: cidr
+        }
+      end
+
+      def ==(other)
+        other.class == self.class && other.cidr == cidr
+      end
+    end
+
+    # A {podSelector: {...}} NetworkPolicyPeer
+    class PodSelectorNPP < NetworkPolicyPeer
+      attr_reader :pod_selector
+      def initialize(pod_selector)
+        @pod_selector = pod_selector
+      end
+      delegate :as_hash, to: :pod_selector
+      def ==(other)
+        other.class == self.class && other.pod_selector == pod_selector
+      end
+    end
+
+    # A {namespaceSelector: {...}} NetworkPolicyPeer
+    class NamespaceSelector < NetworkPolicyPeer
+      attr_reader :label_selector
+      def initialize(label_selector = nil)
+        @label_selector = label_selector || LabelSelector::MatchLabels.new
+      end
+
+      def []=(key, value)
+        @label_selector[key] = value
+      end
+
+      def as_hash
+        {
+          labelSelector: @label_selector.as_hash
+        }
+      end
+
+      def ==(other)
+        other.class == self.class && other.label_selector == label_selector
+      end
+    end
+  end
+
+  def add_pod_selector_ingress(pod_selector)
+    add_ingress(NetworkPolicyPeer::PodSelectorNPP.new(pod_selector))
+  end
+
+  def add_pod_selector_egress(pod_selector)
+    add_egress(NetworkPolicyPeer::PodSelectorNPP.new(pod_selector))
+  end
+
+  def add_cidr_ingress(cidr)
+    add_ingress(NetworkPolicyPeer::IPBlock.new(cidr))
+  end
+
+  def add_cidr_egress(cidr)
+    add_egress(NetworkPolicyPeer::IPBlock.new(cidr))
+  end
+
+  def add_ingress(ingress)
+    npp = case ingress
+          when PodSelector
+            NetworkPolicyPeer::PodSelectorNPP.new(ingress)
+          when NetworkPolicyPeer
+            ingress
+          else
+            raise "Don't know how to handle ingress of type #{ingress.class}!"
+          end
+    @ingresses << npp unless @ingresses.include?(npp)
+  end
+
+  def add_egress(egress)
+    npp = case egress
+          when PodSelector
+            NetworkPolicyPeer::PodSelectorNPP.new(egress)
+          when NetworkPolicyPeer
+            egress
+          else
+            raise "Don't know how to handle ingress of type #{egress.class}!"
+          end
+    @egresses << npp unless @egresses.include?(npp)
+  end
+
+  def as_hash
+    policy_types = []
+    policy_types << 'Ingress' if !@ingresses.empty? || @egresses.empty?
+    policy_types << 'Egress' if !@egresses.empty? || @ingresses.empty?
+    spec = pod_selector.as_hash
+    spec[:policyTypes] = policy_types
+    hash = {
+      apiVersion: 'networking.k8s.io/v1',
+      kind: 'NetworkPolicy',
+      metadata: {
+        name: name
+      },
+      spec: spec
+    }
+    add_ingress_and_egress(hash)
+    hash.deep_stringify_keys
+  end
+
+  private
+
+  def add_ingress_and_egress(hash)
+    unless @ingresses.empty?
+      hash[:spec][:ingress] = [
+        {
+          from: @ingresses.map(&:as_hash)
+        }
+      ]
+    end
+    return if @egresses.empty?
+    hash[:spec][:egress] = [
+      {
+        to: @egresses.map(&:as_hash)
+      }
+    ]
+  end
+end
+
+# A collection of `NetworkPolicy`s
+class NetworkPolicies
+  attr_reader :zones
+  attr_reader :policies
+
+  def initialize
+    @zones = {}
+    @policies = {}
+  end
+
+  def zone_names
+    @zones.values.map(&:name)
+  end
+
+  def add_zone(name, cidrs)
+    zone = Zone.new(name, cidrs)
+    @zones[name] = zone
+    @policies[zone] = zone.to_network_policy
+  end
+
+  def allow(from_zone_name, to_zone_name)
+    from_zone = @zones[from_zone_name]
+    raise "No zone named #{from_zone_name}!" unless from_zone
+    to_zone = @zones[to_zone_name]
+    raise "No zone named #{to_zone_name}!" unless to_zone
+    from_zone.add_ingress_rules_to(policies[to_zone])
+    to_zone.add_egress_rules_to(policies[from_zone])
+  end
+
+  def to_doc_hashes
+    docs = [NetworkPolicy.deny_all] + @policies.values
+    docs.map(&:as_hash)
+  end
+
+  # A Zone
+  class Zone
+    attr_reader :name, :cidrs
+    def initialize(name, cidrs)
+      @name = name
+      @cidrs = cidrs
+    end
+
+    def normalized_name
+      name.parameterize
+    end
+
+    def to_pod_selector
+      @pod_selector ||= begin
+        label_selector = LabelSelector::MatchLabels.new(zone: normalized_name)
+        PodSelector.new(label_selector)
+      end
+    end
+
+    def to_network_policy
+      np = NetworkPolicy.new("#{normalized_name}-zone", to_pod_selector)
+      add_ingress_rules_to(np)
+      add_egress_rules_to(np)
+      np
+    end
+
+    def add_ingress_rules_to(np)
+      np.add_pod_selector_ingress(to_pod_selector)
+      @cidrs.each do |cidr|
+        np.add_cidr_ingress(cidr)
+      end
+    end
+
+    def add_egress_rules_to(np)
+      np.add_pod_selector_egress(to_pod_selector)
+      @cidrs.each do |cidr|
+        np.add_cidr_egress(cidr)
+      end
+    end
+  end
+end
+
+# Reads an XLSX file and creates the NetworkPolicy
+class Reader
+  attr_reader :file
+
+  def self.read(file)
+    Reader.new(file).read
+  end
+
+  def initialize(file)
+    @file = file
+  end
+
+  def read
+    @xlsx = Roo::Spreadsheet.open('./test/fixtures/network_policy.xlsx')
+    @network_policy = NetworkPolicies.new
+    read_zones
+    read_rules
+    @network_policy
+  end
+
+  private
+
+  def read_zones
+    zones_sheet = @xlsx.sheet('Zones')
+    zones_sheet.each(name: 'Zone', cidrs: 'CIDRs') do |h|
+      next if h[:name] == 'Zone' && h[:cidrs] == 'CIDRs'
+      @network_policy.add_zone(h[:name], h[:cidrs].split(/\s*,\s*/))
+    end
+  end
+
+  def read_rules
+    rules_sheet = @xlsx.sheet_for('ZoneToZone')
+    column_zones = extract_column_zones(rules_sheet)
+    extract_rules(rules_sheet, column_zones)
+  end
+
+  def extract_rules(rules_sheet, column_zones)
+    rules_sheet.each_row(offset: 1) do |row|
+      from_zone = row[0].value
+      create_rules_from_row(column_zones, row, from_zone)
+    end
+  end
+
+  def create_rules_from_row(column_zones, row, from_zone)
+    column_zones.size.times do |i|
+      target = row.find do |cell|
+        cell.coordinate.column == i + 2
+      end
+      if target && target.value == 'Y'
+        to_zone = column_zones[i]
+        @network_policy.allow(from_zone, to_zone)
+      end
+    end
+  end
+
+  def extract_column_zones(rules_sheet)
+    first_row = rules_sheet.row(rules_sheet.first_row)
+    column_zones = first_row[1..-1]
+    column_zones.each do |to_name|
+      raise %(To zone "#{from_zone}" not found in zones) unless @network_policy.zone_names.include?(to_name)
+    end
+    column_zones
+  end
+end
+
+# Writes a NetworkPolicy to YAML
+class Writer
+  attr_reader :filename
+
+  def initialize(filename)
+    @filename = filename
+  end
+
+  def self.write(network_policy, filename)
+    Writer.new(filename).write(network_policy)
+  end
+
+  def write(network_policy)
+    File.open(filename, 'w') do |f|
+      f.write YAML.dump_stream(*network_policy.to_doc_hashes)
+    end
+  end
+end

data/xlsx_to_k8s_network_policy.gemspec

@@ -0,0 +1,74 @@
+# Generated by juwelier
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: xlsx_to_k8s_network_policy 0.1.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "xlsx_to_k8s_network_policy".freeze
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Alistair A. Israel".freeze]
+  s.date = "2018-02-08"
+  s.description = "Generate Kubernetes Network Policy YAML resource definitions from .xlsx Excel spreadsheets".freeze
+  s.email = "aisrael@gmail.com".freeze
+  s.executables = ["xlsx_to_k8s_network_policy".freeze]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "bin/xlsx_to_k8s_network_policy",
+    "lib/xlsx_to_k8s_network_policy.rb",
+    "xlsx_to_k8s_network_policy.gemspec"
+  ]
+  s.homepage = "http://github.com/aisrael/xlsx_to_k8s_network_policy".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.7.3".freeze
+  s.summary = "Generate Kubernetes Network Policy from Excel".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activesupport>.freeze, ["~> 5.1.4"])
+      s.add_runtime_dependency(%q<roo>.freeze, ["~> 2.7.1"])
+      s.add_development_dependency(%q<bundler>.freeze, ["~> 1.16.1"])
+      s.add_development_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+      s.add_development_dependency(%q<rdoc>.freeze, ["~> 6.0.1"])
+      s.add_development_dependency(%q<rspec>.freeze, ["~> 3.7"])
+      s.add_development_dependency(%q<rubocop>.freeze, ["~> 0.52.1"])
+      s.add_development_dependency(%q<shoulda>.freeze, ["~> 3.5.0"])
+      s.add_development_dependency(%q<simplecov>.freeze, ["~> 0.15.1"])
+    else
+      s.add_dependency(%q<activesupport>.freeze, ["~> 5.1.4"])
+      s.add_dependency(%q<roo>.freeze, ["~> 2.7.1"])
+      s.add_dependency(%q<bundler>.freeze, ["~> 1.16.1"])
+      s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+      s.add_dependency(%q<rdoc>.freeze, ["~> 6.0.1"])
+      s.add_dependency(%q<rspec>.freeze, ["~> 3.7"])
+      s.add_dependency(%q<rubocop>.freeze, ["~> 0.52.1"])
+      s.add_dependency(%q<shoulda>.freeze, ["~> 3.5.0"])
+      s.add_dependency(%q<simplecov>.freeze, ["~> 0.15.1"])
+    end
+  else
+    s.add_dependency(%q<activesupport>.freeze, ["~> 5.1.4"])
+    s.add_dependency(%q<roo>.freeze, ["~> 2.7.1"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 1.16.1"])
+    s.add_dependency(%q<juwelier>.freeze, ["~> 2.1.0"])
+    s.add_dependency(%q<rdoc>.freeze, ["~> 6.0.1"])
+    s.add_dependency(%q<rspec>.freeze, ["~> 3.7"])
+    s.add_dependency(%q<rubocop>.freeze, ["~> 0.52.1"])
+    s.add_dependency(%q<shoulda>.freeze, ["~> 3.5.0"])
+    s.add_dependency(%q<simplecov>.freeze, ["~> 0.15.1"])
+  end
+end
+

metadata

@@ -0,0 +1,182 @@
+--- !ruby/object:Gem::Specification
+name: xlsx_to_k8s_network_policy
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Alistair A. Israel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-02-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.4
+- !ruby/object:Gem::Dependency
+  name: roo
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.16.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.16.1
+- !ruby/object:Gem::Dependency
+  name: juwelier
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.0.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.52.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.52.1
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.15.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.15.1
+description: Generate Kubernetes Network Policy YAML resource definitions from .xlsx
+  Excel spreadsheets
+email: aisrael@gmail.com
+executables:
+- xlsx_to_k8s_network_policy
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- bin/xlsx_to_k8s_network_policy
+- lib/xlsx_to_k8s_network_policy.rb
+- xlsx_to_k8s_network_policy.gemspec
+homepage: http://github.com/aisrael/xlsx_to_k8s_network_policy
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Generate Kubernetes Network Policy from Excel
+test_files: []