From c696c24e311f843a29b099fe8dfa246417d8a98a Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Sun, 19 Jan 2025 17:17:23 +0100
Subject: [PATCH] detailed the meaning of the new unauthorized flag.

---
 cmd/policygen/config.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/cmd/policygen/config.go b/cmd/policygen/config.go
index 6672c9f..fee8b65 100644
--- a/cmd/policygen/config.go
+++ b/cmd/policygen/config.go
@@ -82,8 +82,15 @@ type Namespace struct {
 	Name string `yaml:"name"`
 	// Open closed for network policies
 	Open bool `yaml:"open"`
-	// service mesh, authorized True or not (allow anything)
-	Authorized   bool           `yaml:"authorized"`
+	// service mesh. When open = true following will happen
+	//   * when linkerd is enabled on the namespace, a netwoakauth to allow all traffic is
+	//     generated
+	//   * when not, then nothing is generated
+	// When open = false, the following will happen
+	//  * when unauthorized = true the same will happen as with open = true
+	//  * else the appropriate rules will be generated to specify detailed traffic using
+	//    service accounts and networks as configured.
+	Unauthorized bool           `yaml:"unauthorized"`
 	Capabilities []string       `yaml:"capabilities"`
 	Applications []*Application `yaml:"applications" validate:"dive,required"`
 }