Adopt use case categories

frankfarzan · frankfarzan · commit 2ce42940aeec · 2020-01-21T17:25:30.000-08:00
diff --git a/README.md b/README.md
@@ -6,9 +6,9 @@ KPT Functions are client-side programs that make it easy to operate on a reposit
 
 Use cases:
 
-- **Configuration Compliance:** e.g. Require all `Namespace` configurations to have a `cost-center` label.
+- **Configuration Validation:** e.g. Require all `Namespace` configurations to have a `cost-center` label.
 - **Configuration Generation:** e.g. Provide a blueprint for new services by generating a `Namespace` with organization-mandated defaults for `RBAC`, `ResourceQuota`, etc.
-- **Configuration Migration:** e.g. Update all `PodSecurityPolicy` configurations to improve the
+- **Configuration Transformation:** e.g. Update all `PodSecurityPolicy` configurations to improve the
   security posture.
 
 ![demo][demo-run]
@@ -17,8 +17,7 @@ KPT functions can be run locally or as part of a CI/CD pipeline.
 
 In GitOps workflows, KPT functions read and write configuration files from a Git repo. Changes
 to the system authored by humans and mutating KPT functions are reviewed before being committed to the repo. KPT functions
-can be run as pre-commit or post-commit steps to check for compliance before configurations are
-applied to a cluster.
+can be run as pre-commit or post-commit steps to validate configurations before they are applied to a cluster.
 
 ## Next Steps
 
diff --git a/docs/demo/run.sh b/docs/demo/run.sh
@@ -49,7 +49,7 @@ wait
 git clean -fd
 clear
 
-p "# Mutate configs"
+p "# Transform configs"
 pe "kpt fn source . |
   kpt fn run --image gcr.io/kpt-functions/mutate-psp |
   kpt fn sink ."
@@ -59,7 +59,7 @@ wait
 git reset HEAD --hard
 clear
 
-p "# Enforce policy on configs"
+p "# Validate configs"
 pe "kpt fn source . |
   kpt fn run --image gcr.io/kpt-functions/validate-rolebinding -- subject_name=bob@foo-corp.com"
 wait
diff --git a/docs/run.md b/docs/run.md
@@ -270,12 +270,12 @@ docker run -i -u $(id -u) -v $(pwd):/sink gcr.io/kpt-functions/write-yaml -o /de
 Let's walk through each step:
 
 1. `read-yaml` recursively reads all YAML files from the `foo-corp-configs` directory on the host.
-1. `mutate-psp` reads the output of `read-yaml`. This function **mutates** any `PodSecurityPolicy`
+1. `mutate-psp` reads the output of `read-yaml`. This function **transforms** any `PodSecurityPolicy`
    resources by setting the `allowPrivilegeEscalation` field to `false`.
 1. `expand-team-cr` similarly operates on the result of the previous function. It looks
    for Kubernetes custom resource of kind `Team`, and **generates** new resources based on that
    (e.g. `Namespaces` and `RoleBindings`).
-1. `validate-rolebinding` **enforces** a policy that disallows any `RoleBindings` with `subject`
+1. `validate-rolebinding` **validates** that there are no `RoleBindings` with `subject`
    set to `alice@foo-corp.com`. This steps fails with a non-zero exit code if the policy is violated.
 1. `write-yaml` writes the result of the pipeline back to the `foo-corp-configs` directory on the host.
 
