}

    def "can transport broken multicause exception"() {
        def ok = new RuntimeException("broken 1")
        def notOk = new ExceptionWithNonSerializableField("broken 2", new RuntimeException("broken 3"))
        def original = new MultiCauseExceptionWithExceptionField("original", notOk, [ok, notOk])

        when:
        def transported = transport(original)

        then:

    def "report with problem loads successfully"() {
        given:
        buildFile '''
            tasks.register('notOk') {
                doLast { println project.name }
            }
        '''

        when:
        configurationCacheFails 'notOk'

        then:
        def configurationCacheReport = resolveConfigurationCacheReport(testDirectory, failure.error)

						opts.HTTP.Path = "/valid-token-forward-remote-jwks"
						opts.HTTP.Headers = headers.New().WithAuthz(jwt.TokenIssuer1).Build()
						opts.Check = check.And(
							check.NotOK(),
							check.Status(http.StatusUnauthorized))
					},
				},
				{
					name:       "remote-jwks-with-service-entry",
					policyFile: "./testdata/requestauthn-with-se.yaml.tmpl",

- Method notOk() is not a valid rule method: A rule method cannot be private
- Method notOk() is not a valid rule method: Cannot have type variables (i.e. cannot be a generic method)
- Method notOk() is not a valid rule method: A method annotated with @Mutate must have at least one parameter

								},
								Address: to.Config().Service,
								Scheme:  s,
							}
							if success {
								opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
							} else {
								opts.Check = check.NotOK()
							}

							from.CallOrFail(t, opts)
						})
					}

					client := match.Cluster(cluster).FirstOrFail(t, client)
					cases := []struct {
						src    echo.Instance

	testCases := []struct {
		check echo.Checker
		from  echo.Instances
		host  string
	}{
		{
			check: check.OK(),
			from:  apps.B,
			host:  "bar.example.com",
		},
		{
			check: check.NotOK(),
			from:  apps.B,
			host:  "bar",
		},
	}
	if t.Settings().EnableDualStack {
		additionalTestCases := []struct {
			check echo.Checker
			from  echo.Instances
			host  string
		}{

										Name: "http",
									},
								}
								if tc.expectSuccess {
									opts.Check = check.And(check.OK(), check.ReachedTargetClusters(t))
								} else {
									opts.Check = check.NotOK()
								}

								a.CallOrFail(t, opts)
							})
					}
				})
			}
		})
}

func verifyCertificatesWithPluginCA(t framework.TestContext, certs []string) {

											} else {
												opts.Check = check.And(opts.Check, check.ReachedClusters(t.Clusters(), expectedClusters))
											}
										}
									} else {
										opts.Check = check.NotOK()
									}
									from.CallOrFail(t, opts)
								})
						})
					}
				})
			}
		})
}

type condition func(from echo.Instance, opts echo.CallOptions) bool

									if !src.Config().WaypointClient() && dst.Config().HasAnyWaypointProxy() {
										// TODO currently leads to no L7 processing, in the future it might be denied
										// opt.Check = check.NotOK()
										opt.Check = tcpValidator
									}

									// Only marked to use service waypoint. We'll deny since it's not traversed.
									// Not traversed, since traffic is to-workload IP.

						opts.HTTP.Path = "/valid-token-forward-remote-jwks"
						opts.HTTP.Headers = headers.New().WithAuthz(jwt.TokenIssuer1).Build()
						opts.Check = check.And(
							check.NotOK(),
							check.Status(http.StatusUnauthorized))
					},
				},
			}))

			t.NewSubTest("aud").Run(newTest("testdata/requestauthn/aud.yaml.tmpl", []testCase{
				{
					name: "invalid-aud",