From e365519fe75b9299458127198ffa0e5cf90624a1 Mon Sep 17 00:00:00 2001 From: Uri Sarid Date: Wed, 23 Aug 2023 19:03:36 -0700 Subject: [PATCH] Update README.mdx More language tweaks. --- docs/shadow-vs-active-enforcement/README.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/shadow-vs-active-enforcement/README.mdx b/docs/shadow-vs-active-enforcement/README.mdx index 6140b579e..19107ce28 100644 --- a/docs/shadow-vs-active-enforcement/README.mdx +++ b/docs/shadow-vs-active-enforcement/README.mdx @@ -56,7 +56,7 @@ To unlock these insights, the Otterize OSS components (the intents operator, the ## Protected services -To override the default non-enforcing shadow mode for a service, when the operator is in `defaultShadow` mode, enforcing access controls for it, you simply create a `ProtectedService` resource. +When the operator is in `defaultShadow` mode, to override the default non-enforcing shadow mode for a service and enforce access controls for it, you simply create a `ProtectedService` resource. For network policies, this also creates a default-deny policy and protects the service. For Istio, no default-deny policy is created, so this just enables enforcement: Istio authorization policies are created for this service when ClientIntents resources are created.