lint

istio · May 24, 2024 · 9db8740 · 9db8740
1 parent e7a0d68
commit 9db8740
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/content/en/docs/ambient/usage/l4-policy/index.md b/content/en/docs/ambient/usage/l4-policy/index.md
@@ -73,7 +73,7 @@ command terminated with exit code 56
 
 ### Considerations when waypoints are introduced {#considerations}
 
-In L4-only mode, traffic appears at the destination ztunnel with the identity of the *source* workload. 
+In L4-only mode, traffic appears at the destination ztunnel with the identity of the *source* workload.
 
 Waypoint proxies do not impersonate the identity of the source workload. Once you have introduced a waypoint to the traffic path, the destination ztunnel will see traffic with the *waypoint's* identity, not the source identity.
 
@@ -87,7 +87,7 @@ When the following conditions are true:
 
 Policy enforcement will be applied as follows:
 
-| Attachment Style | Scope | Waypoint present? | | Enforced by | Source identity 
+| Attachment Style | Scope | Waypoint present? | | Enforced by | Source identity
 | --- | --- | --- | --- | --- | --- |
 | _empty †_ | Namespace | no | ⇒ | destination ztunnel | client pod |
 | _empty †_ | Namespace | yes | ⇒ | destination ztunnel | waypoint |

diff --git a/content/en/docs/ambient/usage/l7-features/index.md b/content/en/docs/ambient/usage/l7-features/index.md
@@ -43,8 +43,6 @@ Authorization policies whose [conditions](/docs/reference/config/security/condit
 
 In a scenario where a policy contains conditions that match L7 attributes (for example, HTTP verbs), a waypoint proxy is **required**. It is important to understand that ztunnel cannot meaningfully enforce any policy that requires L7 parsing. If an authorization policy has been configured that requires any traffic processing beyond L4, and if no waypoint proxies are configured for the destination of the traffic, then **the ztunnel proxy will DENY all traffic** as a defensive move.
 
-Authorisation policuies
-
 When the following conditions are true:
 
 1. The policy enforces [conditions](/docs/reference/config/security/conditions/) for HTTP
@@ -59,8 +57,8 @@ Attachment Style | Scope | Waypoint present? | | Enforced by | Allowed? | Source
 | _empty †_ | Namespace | yes | ⇒ | destination ztunnel | DENY | n/a |
 | Selector | Pod | no | ⇒ | destination ztunnel | DENY | n/a |
 | Selector | Pod | yes | ⇒ | destination ztunnel | DENY | n/a |
-| `targetRefs` | Service | yes | ⇒ | waypoint | per policy | client pod |
-| `targetRefs` | Gateway | yes | ⇒ | waypoint | per policy | client pod |
+| `targetRefs` | Service | yes | ⇒ | waypoint | as per policy | client pod |
+| `targetRefs` | Gateway | yes | ⇒ | waypoint | as per policy | client pod |
 
 *† If no Selector or `targetRef` is specified, the policy is namespace scoped.*