}

	// Attempt to create the folder in case it doesn't exist
	if err := os.MkdirAll(filepath.Dir(path), 0o750); err != nil {
		// If we cannot create it, just warn here - we will fail later if there is a real error
		log.Warnf("Failed to create directory for %v: %v", path, err)
	}

	var err error
	listener, err := net.Listen("unix", path)
	if err != nil {

// in the mesh. It aims to increase the debuggability and observability of auth policies.
// Note: this is still under active development and is not ready for real use.
package authz

import (
	"fmt"
	"io"

	envoy_admin "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
	listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"

		Interface: &fakeIDX,
		Address: net.IPNet{
			IP: fakeIP,
		},
		Gateway: fakeGW,
	}
)

func TestPushCNIAddEventSucceed(t *testing.T) {
	// Fake out a test HTTP server and use that instead of a real HTTP server over gRPC to validate  req/resp flows
	testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
		res.WriteHeader(http.StatusOK)
		res.Write([]byte("server happy"))
	}))

	if err != nil {
		return "", fmt.Errorf("network id: %v", err)
	}
	fs, err := procfs.NewFS("/host/proc")
	if err != nil {
		return "", fmt.Errorf("read procfs: %v", err)
	}
	procs, err := fs.AllProcs()
	if err != nil {
		return "", fmt.Errorf("read procs: %v", err)
	}
	oldest := uint64(math.MaxUint64)
	best := ""

) (bool, error) {
	a, err := os.ReadFile(args[0])
	if err != nil {
		return false, fmt.Errorf("could not read %q: %v", args[0], err)
	}
	b, err := os.ReadFile(args[1])
	if err != nil {
		return false, fmt.Errorf("could not read %q: %v", args[1], err)
	}

	diff, err := compare.ManifestDiffWithRenameSelectIgnore(string(a), string(b), renameResources, selectResources,

	}
	return envoyConfig, nil
}

// AuthZ groups commands used for inspecting and interacting the authorization policy.
// Note: this is still under active development and is not ready for real use.
func AuthZ(ctx cli.Context) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "authz",
		Short: "Inspect Istio AuthorizationPolicy",
	}

	cmd.AddCommand(checkCmd(ctx))

func checkResult(result, expected string) error {
	resultFile, err := os.ReadFile(result)
	if err != nil {
		return fmt.Errorf("couldn't read result: %v", err)
	}
	expectedFile, err := os.ReadFile(expected)
	if err != nil {
		return fmt.Errorf("couldn't read expected: %v", err)
	}
	if !bytes.Equal(resultFile, expectedFile) {

}

func (l *UDSLogger) handleLog(w http.ResponseWriter, req *http.Request) {
	if req.Body == nil {
		return
	}
	defer req.Body.Close()
	data, err := io.ReadAll(req.Body)
	if err != nil {
		log.Errorf("Failed to read log report from cni plugin: %v", err)
		return
	}
	l.processLog(data)
}

func (l *UDSLogger) processLog(body []byte) {
	cniLogs := make([]string, 0)
	err := json.Unmarshal(body, &cniLogs)
	if err != nil {

			// Safety: Resp is buffered, so this will not block
			update.Resp <- updateResponse{
				err:  err,
				resp: resp,
			}

		case <-time.After(ztunnelKeepAliveCheckInterval):
			// do a short read, just to see if the connection to ztunnel is
			// still alive. As ztunnel shouldn't send anything unless we send
			// something first, we expect to get an os.ErrDeadlineExceeded error
			// here if the connection is still alive.

				ns := action.GetNamespace()
				watch, err := fc.Tracker().Watch(gvr, ns)
				if err != nil {
					return false, nil, err
				}
				// Kubernetes Fake watches do not add initial state, but real server does
				// https://kubernetes.io/docs/reference/using-api/api-concepts/#semantics-for-watch
				// Tracking in https://github.com/kubernetes/kubernetes/issues/123109
				gvk := gvk.MustFromGVR(gvr).Kubernetes()