secret.Identity, valueOrNA(""), secret.State, false, valueOrNA(""), valueOrNA(""), valueOrNA(""))
		} else {
			for i, ca := range secret.CertChain {
				t := "Intermediate"
				if i == 0 {
					t = "Leaf"
				} else if i == len(secret.CertChain)-1 {
					t = "Root"
				}
				n := new(big.Int)
				n, _ = n.SetString(ca.SerialNumber, 10)
				fmt.Fprintf(w, "%v\t%v\t%v\t%v\t%x\t%v\t%v\n",

	for _, ws := range was {
		if ws.Injected {
			injectedTotal++
		}
		w.AddRow(ws)
	}
	w.Flush()
	if injectedTotal > 1 {
		fmt.Fprintf(writer, "ERROR: multiple webhooks will inject, which can lead to errors")
	}
	return nil
}

type webhookAnalysis struct {
	Name     string
	Revision string
	Injected bool
	Reason   string
}

	}

	// Attempt to create the folder in case it doesn't exist
	if err := os.MkdirAll(filepath.Dir(path), 0o750); err != nil {
		// If we cannot create it, just warn here - we will fail later if there is a real error
		log.Warnf("Failed to create directory for %v: %v", path, err)
	}

	var err error
	listener, err := net.Listen("unix", path)
	if err != nil {

			if err := os.WriteFile(fname, []byte(ym), 0o644); err != nil {
				return fmt.Errorf("could not write manifest config; %s", err)
			}
		}

		kt, ok := v.(helmreconciler.ComponentTree)
		if !ok {
			// Leaf
			return nil
		}
		if err := renderRecursive(manifests, kt, dirName, dryRun, l); err != nil {
			return err
		}
	}
	return nil

func podAndNetns() (*v1.Pod, *fakeNs) {
	devNull, err := os.Open(os.DevNull)
	if err != nil {
		panic(err)
	}
	// we can't close this now, because we need to pass it from the ztunnel server to the client
	// it would leak, but this is a test, so we don't care
	//	defer devNull.Close()

	id := ztunnelTestCounter.Add(1)
	pod := &v1.Pod{
		ObjectMeta: metav1.ObjectMeta{
			Name: fmt.Sprintf("name-%d", id),

	c.pods.ShutdownHandlers()
}

func (c *Controller) Reconcile(key types.NamespacedName) error {
	pod := c.pods.Get(key.Name, key.Namespace)
	if pod == nil {
		delete(c.repairedPods, key) // Ensure we do not leak
		// Pod deleted, nothing to do
		return nil
	}
	return c.ReconcilePod(pod)
}

func (c *Controller) ReconcilePod(pod *corev1.Pod) (err error) {
	if !c.matchesFilter(pod) {

	}
	return envoyConfig, nil
}

// AuthZ groups commands used for inspecting and interacting the authorization policy.
// Note: this is still under active development and is not ready for real use.
func AuthZ(ctx cli.Context) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "authz",
		Short: "Inspect Istio AuthorizationPolicy",
	}

	cmd.AddCommand(checkCmd(ctx))