return []string{}, err
	}

	// Identify RBAC policies. Currently there are no "breadcrumbs" so we only return the policy names.
	for _, httpFilter := range hcm.HttpFilters {
		if httpFilter.Name == wellknown.HTTPRoleBasedAccessControl {
			rbac := &rbachttp.RBAC{}
			if err := httpFilter.GetTypedConfig().UnmarshalTo(rbac); err == nil {
				policies := []string{}
				for polName := range rbac.Rules.Policies {

				return
			}
			// Ensure we don't get stuck on old connections with old RBAC rules. This causes 45s test times
			// due to draining.
			opt.NewConnectionPerRequest = true

			overrideCheck := func(_ echo.Instance, dst echo.Instance, opt *echo.CallOptions) {
				if !dst.Config().HasProxyCapabilities() {
					// No destination means no RBAC to apply. Make sure we do not accidentally reject
					opt.Check = check.OK()
				}

    if [[ -n "${AUTHORIZATION_CONFIG:-}" ]]; then
      authorizer_args+=("--authorization-config=${AUTHORIZATION_CONFIG}")
    else
      if [[ -n "${AUTHORIZATION_MODE:-Node,RBAC}" ]]; then
        authorizer_args+=("--authorization-mode=${AUTHORIZATION_MODE:-Node,RBAC}")
      fi
      authorizer_args+=(
        "--authorization-webhook-config-file=${AUTHORIZATION_WEBHOOK_CONFIG_FILE}"

						t.NewSubTest(testName).Run(func(t framework.TestContext) {
							wantCode := http.StatusOK
							body := "handled-by-egress-gateway"
							if !c.allow {
								wantCode = http.StatusForbidden
								body = "RBAC: access denied"
							}

							opts := echo.CallOptions{
								// Use a fake IP address to bypass DNS lookup (which will fail). The host
								// header will be used for routing decisions.

  // Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs.
  // This requires no RBAC privilege, but will require the CNI agent to run as a privileged pod.
  bool repairPods = 11;

  // No longer used.
  string createEvents = 6 [deprecated = true];