"istio.io/istio/pkg/kube/krt"
	"istio.io/istio/pkg/slices"
	"istio.io/istio/pkg/spiffe"
	"istio.io/istio/pkg/workloadapi/security"
)

func PolicyCollections(
	AuthzPolicies krt.Collection[*securityclient.AuthorizationPolicy],
	PeerAuths krt.Collection[*securityclient.PeerAuthentication],
	MeshConfig krt.Singleton[MeshConfig],
	Waypoints krt.Collection[Waypoint],
	Pods krt.Collection[*v1.Pod],

			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy istio-system/meshwide-httpbin-v1"},
			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy httpbin-empty/httpbin-empty-namespace-wide"},
			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy httpbin/httpbin-nopods"},
			{msg.ReferencedResourceNotFound, "AuthorizationPolicy httpbin/httpbin-bogus-ns"},
			{msg.ReferencedResourceNotFound, "AuthorizationPolicy httpbin/httpbin-bogus-ns"},

					}, `
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: policy-waypoint
spec:
  targetRefs:
  # affects Waypoints
  - kind: Service
    group: core
    name: "{{ .Destination }}"
`+tc.spec+`
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: policy
spec:
  # affects zTunnels and Sidecars

	}
	return
}

// ValidateAuthorizationPolicy checks that AuthorizationPolicy is well-formed.
var ValidateAuthorizationPolicy = RegisterValidateFunc("ValidateAuthorizationPolicy",
	func(cfg config.Config) (Warning, error) {
		in, ok := cfg.Spec.(*security_beta.AuthorizationPolicy)
		if !ok {
			return nil, fmt.Errorf("cannot cast to AuthorizationPolicy")
		}

		var errs error
		var warnings Warning

			ConfigCluster:   k8sCluster == opts.DefaultClusterName,
			MeshWatcher:     mesh.NewFixedWatcher(m),
			CRDs: []schema.GroupVersionResource{
				// Install all CRDs used (mostly in Ambient)
				gvr.AuthorizationPolicy,
				gvr.PeerAuthentication,
				gvr.KubernetesGateway,
				gvr.KubernetesGateway,
				gvr.WorkloadEntry,
				gvr.ServiceEntry,
			},
		})
		stop := test.NewStop(t)

		},
	},
	{
		Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy},
		Spec: &security.AuthorizationPolicy{},
	},
	{
		Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy},
		Spec: &security.AuthorizationPolicy{
			Selector:     nil,
			TargetRef:    nil,
			Rules:        nil,

alcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"10.1.5","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"title":"Authorization Policies","type":"stat"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"f...