serviceAccount := wg.Spec.Template.ServiceAccount
	tokenPath := filepath.Join(dir, "istio-token")
	token := &authenticationv1.TokenRequest{
		// ObjectMeta isn't required in real k8s, but needed for tests
		ObjectMeta: metav1.ObjectMeta{
			Name:      serviceAccount,
			Namespace: wg.Namespace,
		},
		Spec: authenticationv1.TokenRequestSpec{
			Audiences:         []string{"istio-ca"},
			ExpirationSeconds: &tokenDuration,
		},

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, in HTTP Basic
                authentication or in an HTTP Bearer token).
                """
            ),
        ] = True,
    ):

        }

        // Authentication
        final Authentication[] siteCredentialList = {};
        for (final Authentication authentication : siteCredentialList) {
            final AuthScope authScope = authentication.getAuthScope();
            credentialsProvider.setCredentials(authScope, authentication.getCredentials());
            final AuthScheme authScheme = authentication.getAuthScheme();

                be `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, with OAuth2
                or in a cookie).
                """
            ),
        ] = True,
    ):
        self.model = OAuth2Model(

coredns_path     (path)      shared bucket DNS records, default is "/skydns"
client_cert      (path)      client cert for mTLS authentication
client_cert_key  (path)      client cert key for mTLS authentication
comment          (sentence)  optionally add a comment to this setting
```

or environment variables

```
KEY:

/**
 * This servlet Filter can be used to negotiate password hashes with
 * MSIE clients using NTLM SSP. This is similar to <tt>Authentication:
 * BASIC</tt> but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for complete details.
 */

public class NtlmHttpFilter implements Filter {

    }


    /**
     * Returns the authentication target.
     *
     * @return A <code>String</code> containing the authentication target.
     */
    public String getTarget () {
        return this.target;
    }


    /**
     * Sets the authentication target.
     *
     * @param target
     *            The authentication target.
     */

                    log.debug("Falling back to NTLM authentication");
                    return super.createContext(tc, targetDomain, host, initialToken, doSigning);
                }
                else if ( !foundKerberos ) {
                    throw new SmbUnsupportedOperationException("Server does not support kerberos authentication");
                }
            }
        }

        return ntHash;
    }

    /**
     * Authentication strategy
     * 
     * 
     */
    public enum AuthenticationType {
        /**
         * Null/anonymous authentication
         * 
         * Login with no credentials
         */
        NULL,
        /**
         * Guest authentication
         * 

    }

    protected static <T> boolean eq(T s1, T s2) {
        return Objects.equals(s1, s2);
    }

    public Authentication getAuthentication() {
        return authentication;
    }

    public void setAuthentication(Authentication authentication) {
        this.authentication = authentication;
    }

    public Proxy getProxy() {
        return proxy;
    }

    public void setProxy(Proxy proxy) {