// It may return nil, if no JWT validation is needed.
	JwtFilter(useExtendedJwt, clearRouteCache bool) *hcm.HttpFilter

	// AuthNFilter returns the (authn) HTTP filter to enforce the underlying authentication policy.
	// It may return nil, if no authentication is needed.
	AuthNFilter(forSidecar bool) *hcm.HttpFilter

	// PortLevelSetting returns port level mTLS settings.
	PortLevelSetting() map[uint32]model.MutualTLSMode

	}
	res := []*hcm.HttpFilter{}
	if filter := b.applier.JwtFilter(false, false); filter != nil {
		res = append(res, filter)
	}
	forSidecar := b.proxy.Type == model.SidecarProxy
	if filter := b.applier.AuthNFilter(forSidecar); filter != nil {
		res = append(res, filter)
	}

	return res
}

func needPerPortPassthroughFilterChain(port uint32, node *model.Proxy) bool {

			},
		})
	}
	return config
}

// AuthNFilter returns the Istio authn filter config:
// - If RequestAuthentication is used, it overwrite the settings for request principal validation and extraction based on the new API.
// - If RequestAuthentication is used, principal binding is always set to ORIGIN.
func (a policyApplier) AuthNFilter(forSidecar bool) *hcm.HttpFilter {
	var filterConfigProto *authn_filter.FilterConfig

				},
			},
			expected: nil,
		},
	}
	for _, c := range cases {
		t.Run(c.name, func(t *testing.T) {
			got := newPolicyApplier("root-namespace", c.jwtIn, c.peerIn, &model.PushContext{}).AuthNFilter(c.forSidecar)
			if !reflect.DeepEqual(c.expected, got) {
				t.Errorf("got:\n%v\nwanted:\n%v\n", humanReadableAuthnFilterDump(got), humanReadableAuthnFilterDump(c.expected))
			}
		})
	}
}