xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")
	xRealIP          = http.CanonicalHeaderKey("X-Real-IP")
)

var (
	// RFC7239 defines a new "Forwarded: " header designed to replace the
	// existing use of X-Forwarded-* headers.
	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43

	}

	// Attempt to create the folder in case it doesn't exist
	if err := os.MkdirAll(filepath.Dir(path), 0o750); err != nil {
		// If we cannot create it, just warn here - we will fail later if there is a real error
		log.Warnf("Failed to create directory for %v: %v", path, err)
	}

	var err error
	listener, err := net.Listen("unix", path)
	if err != nil {

		Interface: &fakeIDX,
		Address: net.IPNet{
			IP: fakeIP,
		},
		Gateway: fakeGW,
	}
)

func TestPushCNIAddEventSucceed(t *testing.T) {
	// Fake out a test HTTP server and use that instead of a real HTTP server over gRPC to validate  req/resp flows
	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
		res.WriteHeader(http.StatusOK)
		res.Write([]byte("server happy"))
	}))

				if err != nil { // Mostly not found error
					// Check if there is a parent device:
					//   e.g. if the mount is based on /dev/nvme0n1p1, let's calculate the
					//        real device name (nvme0n1) to get its sysfs information
					parentDevPath, e := os.Readlink("/sys/class/block/" + devName)
					if e == nil {
						parentDev := filepath.Base(filepath.Dir(parentDevPath))

				ns := action.GetNamespace()
				watch, err := fc.Tracker().Watch(gvr, ns)
				if err != nil {
					return false, nil, err
				}
				// Kubernetes Fake watches do not add initial state, but real server does
				// https://kubernetes.io/docs/reference/using-api/api-concepts/#semantics-for-watch
				// Tracking in https://github.com/kubernetes/kubernetes/issues/123109
				gvk := gvk.MustFromGVR(gvr).Kubernetes()

// specified by the developer. The purpose is to simulate errors
// that are hard to simulate in practice like DiskNotFound.
// Programmed errors are stored in errors field.
type naughtyDisk struct {
	// The real disk
	disk StorageAPI
	// Programmed errors: API call number => error to return
	errors map[int]error
	// The error to return when no error value is programmed
	defaultErr error
	// The current API call number

	}
	return envoyConfig, nil
}

// AuthZ groups commands used for inspecting and interacting the authorization policy.
// Note: this is still under active development and is not ready for real use.
func AuthZ(ctx cli.Context) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "authz",
		Short: "Inspect Istio AuthorizationPolicy",
	}

	cmd.AddCommand(checkCmd(ctx))