Enabled     bool   `json:"enabled"`
	PathPrefix  string `json:"pathPrefix"`
	CoreDNSPath string `json:"coreDNSPath"`
	clientv3.Config
}

// New - initialize new etcd client.
func New(cfg Config) (*clientv3.Client, error) {
	if !cfg.Enabled {
		return nil, nil
	}
	cli, err := clientv3.New(cfg.Config)
	if err != nil {
		return nil, err
	}
	cli.KV = namespace.NewKV(cli.KV, cfg.PathPrefix)

				{endpointsVersion: []mockEndpointVersion{
					{Version: "3.5.14", Endpoint: "localhost:2391"}},
					expectedResult: true}},
		},
		{
			testName: "Disabled - enabled success on first client, error on second client, disabled success on third client",
			rounds: []testCase{
				{endpointsVersion: []mockEndpointVersion{
					{Version: "3.6.0", Endpoint: "localhost:2390"}},
					expectedResult: true,
				},

	// Returns true if all endpoints in etcd clients are supporting the feature.
	// If client A supports and client B doesn't support the feature, the `Supports` will
	// first return true at client A initializtion and then return false on client B
	// initialzation, it can flip the support at runtime.
	Supports(feature storage.Feature) bool
	// CheckClient works with etcd client to recalcualte feature support and cache it internally.

)

const (
	bearerTokenPrefix = "Bearer "
)

var citadelClientLog = log.RegisterScope("citadelclient", "citadel client debugging")

type CitadelClient struct {
	// It means enable tls connection to Citadel if this is not nil.
	tlsOpts  *TLSOptions
	client   pb.IstioCertificateServiceClient
	conn     *grpc.ClientConn
	provider credentials.PerRPCCredentials
	opts     *security.Options
}

Patrick Ohly <******@****.***> 1712753446 +0200

	"google.golang.org/grpc/credentials/insecure"

	"k8s.io/cri-client/pkg/util"
	"k8s.io/kubelet/pkg/apis/podresources/v1"
	"k8s.io/kubelet/pkg/apis/podresources/v1alpha1"
)

// Note: Consumers of the pod resources API should not be importing this package.
// They should copy paste the function in their project.

// GetV1alpha1Client returns a client for the PodResourcesLister grpc service
// Note: This is deprecated

	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	if accessToken != "" {
		req.Header.Set("Authorization", "Bearer "+accessToken)
	}

	client := &http.Client{
		Transport: transport,
	}

	resp, err := client.Do(req)
	if err != nil {
		return nil, err
	}

	defer xhttp.DrainBody(resp.Body)
	if resp.StatusCode != http.StatusOK {
		// uncomment this for debugging when needed.

00000050  48 69 01 23 96                                    |Hi.#.|
>>> Flow 4 (server to client)
00000000  14 03 03 00 01 01 16 03  03 00 20 83 ae fc 0d dd  |.......... .....|
00000010  a1 3a 55 b0 2e 5e 21 9c  57 f3 1b 94 80 6c 0e bb  |.:U..^!.W....l..|
00000020  78 ae f4 6c 20 d5 7e 23  11 1e 7d                 |x..l .~#..}|
>>> Flow 5 (client to server)
00000000  17 03 03 00 16 d3 16 a3  f0 93 49 44 d4 82 60 35  |..........ID..`5|

>>> Flow 1 (client to server)
00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|

	pCfg := r.arnProviderCfgsMap[arn]
	if pCfg.JWKS.URL == nil || pCfg.JWKS.URL.String() == "" {
		return nil
	}

	// Add client secret for the client ID for HMAC based signature.
	r.pubKeys.add(pCfg.ClientID, []byte(pCfg.ClientSecret))

	client := &http.Client{
		Transport: r.transport,
	}

	resp, err := client.Get(pCfg.JWKS.URL.String())
	if err != nil {
		return err
	}
	defer r.closeRespFn(resp.Body)