want []string
	}{
		{
			desc: "not-ordered",
			in: map[string]*v1alpha1.ExternalComponentSpec{
				"graphql":   nil,
				"Abacus":    nil,
				"Astrology": nil,
				"gRPC":      nil,
				"blackjack": nil,
			},
			want: []string{
				"Abacus",
				"Astrology",
				"blackjack",
				"gRPC",
				"graphql",
			},
		},
	}
	for _, tt := range tests {

	"3rd_place_medal":                      "\U0001f949",
	"8ball":                                "\U0001f3b1",
	"a":                                    "\U0001f170\ufe0f",
	"ab":                                   "\U0001f18e",
	"abacus":                               "\U0001f9ee",
	"abc":                                  "\U0001f524",
	"abcd":                                 "\U0001f521",
	"accept":                               "\U0001f251",

limitations under the License.
*/

// Package abac authorizes Kubernetes API actions using an Attribute-based access control scheme.
package abac

import (
	"bufio"
	"context"
	"fmt"
	"os"
	"strings"

	"k8s.io/klog/v2"

	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/apiserver/pkg/authentication/user"
	"k8s.io/apiserver/pkg/authorization/authorizer"
	"k8s.io/kubernetes/pkg/apis/abac"

{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"{{kube_user}}", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}

			name:                 "ModeABAC requires a policy file",
			modes:                []string{modes.ModeAlwaysAllow, modes.ModeAlwaysDeny, modes.ModeABAC},
			expectErr:            true,
			expectErrorSubString: "authorization-mode ABAC's authorization policy file not passed",
		},
		{
			name:                 "Authorization Policy file cannot be used without ModeABAC",
			modes:                []string{modes.ModeAlwaysAllow, modes.ModeAlwaysDeny},

			allErrors = append(allErrors, fmt.Errorf("authorization-mode %q is not a valid mode", mode))
		}
		if mode == authzmodes.ModeABAC && o.PolicyFile == "" {
			allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed"))
		}
		if mode == authzmodes.ModeWebhook && o.WebhookConfigFile == "" {
			allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed"))

	"k8s.io/kubernetes/pkg/apis/abac"
	"k8s.io/kubernetes/pkg/apis/abac/v1beta1"
)

func TestV1Beta1Conversion(t *testing.T) {
	testcases := map[string]struct {
		old      *v1beta1.Policy
		expected *abac.Policy
	}{
		// specifying a user is preserved
		"user": {
			old:      &v1beta1.Policy{Spec: v1beta1.PolicySpec{User: "bob"}},
			expected: &abac.Policy{Spec: abac.PolicySpec{User: "bob"}},
		},

{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "nonResourcePath": "*", "readonly": true}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:unauthenticated", "nonResourcePath": "*", "readonly": true}}

	"k8s.io/kubernetes/pkg/apis/abac"
	"k8s.io/kubernetes/pkg/apis/abac/v0"
)

func TestV0Conversion(t *testing.T) {
	testcases := map[string]struct {
		old      *v0.Policy
		expected *abac.Policy
	}{
		// a completely empty policy rule allows everything to all users
		"empty": {
			old:      &v0.Policy{},

	}); err != nil {
		return err
	}
	if err := s.AddGeneratedConversionFunc((*PolicySpec)(nil), (*abac.PolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
		return Convert_v1beta1_PolicySpec_To_abac_PolicySpec(a.(*PolicySpec), b.(*abac.PolicySpec), scope)
	}); err != nil {
		return err
	}