if len(resourceHandles) == 0 {
		resourceHandles = make([]resourcev1alpha2.ResourceHandle, 1)
	}
	claimInfoState := state.ClaimInfoState{
		DriverName:      claim.Status.DriverName,
		ClassName:       claim.Spec.ResourceClassName,
		ClaimUID:        claim.UID,
		ClaimName:       claim.Name,
		Namespace:       claim.Namespace,
		PodUIDs:         sets.New[string](),

}

// ClaimsMapper provides a CEL expression mapper configured with the claims CEL variable.
type ClaimsMapper interface {
	// EvalClaimMapping evaluates the given claim mapping expression and returns a EvaluationResult.
	// This is used for username, groups and uid claim mapping that contains a single expression.
	EvalClaimMapping(ctx context.Context, claims *unstructured.Unstructured) (EvaluationResult, error)

	if err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}

	claim := claimStart.DeepCopy()
	claim.Status.DriverName = "some-driver.example.com"
	claim.Status.Allocation = &resource.AllocationResult{}
	_, _, err = statusStorage.Update(ctx, claim.Name, rest.DefaultUpdatedObjectInfo(claim), rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{})
	if err != nil {

}

// ClaimInfoState is used to store claim info state in a checkpoint
// +k8s:deepcopy-gen=true
type ClaimInfoState struct {
	// Name of the DRA driver
	DriverName string

	// ClassName is a resource class of the claim
	ClassName string

	// ClaimUID is an UID of the resource claim
	ClaimUID types.UID

	// ClaimName is a name of the resource claim
	ClaimName string

	// Namespace is a claim namespace

			if err != nil {
				return nil, err
			}
			return []string{ret}, nil
		}
		claims = append(claims, s[begin+1:end])
		begin = end + 1
	}
	return claims, nil
}

func MetadataStringMatcherForJWTClaim(claim string, m *matcherpb.StringMatcher) *matcherpb.MetadataMatcher {
	return MetadataValueMatcherForJWTClaim(claim, &matcherpb.ValueMatcher{
		MatchPattern: &matcherpb.ValueMatcher_StringMatch{
			StringMatch: m,
		},

                        help="iss claim. Default is `******@****.***`")
    parser.add_argument("-aud", "--aud",
                        help="aud claim. This is comma-separated-list of audiences")
    parser.add_argument("-sub", "--sub",
                        help="sub claim. If not provided, it is set to the same as iss claim.")
    parser.add_argument("-claims", "--claims",

    outputPayloadToHeader: "x-test-payload"
    outputClaimToHeaders:
    - header: "x-jwt-iss"
      claim: "iss"
    - header: "x-jwt-iat"
      claim: "iat"
    - header: "x-jwt-nested-claim"
      claim: "nested.nested-2.key2"
  - issuer: "******@****.***"
    jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"

  -sub SUB, --sub SUB   sub claim. If not provided, it is set to the same as
                        iss claim.
  -claims CLAIMS, --claims CLAIMS
                        Other claims in format name1:value1,name2:value2 etc.
                        Only string values are supported.
```

## Example

Here is an example of using sa-jwt.py to generate a JWT token.

```bash

	}
	namespace := private.Namespace
	if len(namespace) == 0 {
		return nil, errors.New("namespace claim is missing")
	}
	secretName := private.SecretName
	if len(secretName) == 0 {
		return nil, errors.New("secretName claim is missing")
	}
	serviceAccountName := private.ServiceAccountName
	if len(serviceAccountName) == 0 {
		return nil, errors.New("serviceAccountName claim is missing")
	}

                        help="iss claim. This should be your service account email.")
    parser.add_argument("-aud", "--aud",
                        help="aud claim. This is comma-separated-list of audiences")
    parser.add_argument("-sub", "--sub",
                        help="sub claim. If not provided, it is set to the same as iss claim.")
    parser.add_argument("-claims", "--claims",