dnsSANNotAllowedErr           = fmt.Errorf("DNS subjectAltNames are not allowed")
	emailSANNotAllowedErr         = fmt.Errorf("Email subjectAltNames are not allowed")
	ipSANNotAllowedErr            = fmt.Errorf("IP subjectAltNames are not allowed")
	uriSANNotAllowedErr           = fmt.Errorf("URI subjectAltNames are not allowed")
)

var (
	kubeletServingRequiredUsages = sets.NewString(
		string(UsageDigitalSignature),

		report(fmt.Errorf("invalid -go=%s", *goVersion))
		os.Exit(exitCode)
	}

	sort.Sort(byDate(fixes))

	if *allowedRewrites != "" {
		allowed = make(map[string]bool)
		for _, f := range strings.Split(*allowedRewrites, ",") {
			allowed[f] = true
		}
	}

	if *forceRewrites != "" {
		force = make(map[string]bool)
		for _, f := range strings.Split(*forceRewrites, ",") {
			force[f] = true
		}

		},
		// steve triggers an authz check, is allowed by the authorizer, and has no RBAC permissions, but is still allowed
		{
			name:          "steve",
			user:          steve,
			expectAuthz:   true,
			expectAllowed: true,
		},
		// alice triggers an authz check, is denied by the authorizer, but has RBAC permissions in the fakeRuleResolver, so is allowed
		{
			name:          "alice",
			user:          alice,

	//               the number of allowed disruptions. Therefore no disruptions are
	//               allowed and the status of the condition will be False.
	// - InsufficientPods: The number of pods are either at or below the number
	//                     required by the PodDisruptionBudget. No disruptions are
	//                     allowed and the status of the condition will be False.

kind: TCPRoute
metadata:
  name: allowed-my-svc
  namespace: istio-system
spec:
  parentRefs:
  - name: gateway
    namespace: istio-system
    sectionName: my-svc
  rules:
  - backendRefs:
    - name: my-svc
      namespace: service
      port: 34000
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
  name: not-allowed-echo
  namespace: istio-system
spec:

SyncFailed: The controller encountered an error and wasn't able to compute\n              the number of allowed disruptions. Therefore no disruptions are\n              allowed and the status of the condition will be False.\n- InsufficientPods: The number of pods are either at or below the number\n                    required by the PodDisruptionBudget. No disruptions are\n                    allowed and the status of the condition will be False.\n- SufficientPods: There are more pods than required by...

SyncFailed: The controller encountered an error and wasn't able to compute\n              the number of allowed disruptions. Therefore no disruptions are\n              allowed and the status of the condition will be False.\n- InsufficientPods: The number of pods are either at or below the number\n                    required by the PodDisruptionBudget. No disruptions are\n                    allowed and the status of the condition will be False.\n- SufficientPods: There are more pods than required by...

  //               the number of allowed disruptions. Therefore no disruptions are
  //               allowed and the status of the condition will be False.
  // - InsufficientPods: The number of pods are either at or below the number
  //                     required by the PodDisruptionBudget. No disruptions are
  //                     allowed and the status of the condition will be False.

                @Test public void encodesCdata() {
                    System.out.println("< html allowed, cdata closing token ]]> encoded!");
                    System.out.print("no EOL, ");
                    System.out.println("non-asci char: ż");
                    System.out.println("xml entity: &amp;");
                    System.err.println("< html allowed, cdata closing token ]]> encoded!");
                }

	return false
}

// PrepareForUpdate clears fields that are not allowed to be set by end users on update.
func (autoscalerStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
	newHPA := obj.(*autoscaling.HorizontalPodAutoscaler)
	oldHPA := old.(*autoscaling.HorizontalPodAutoscaler)
	// Update is not allowed to set status
	newHPA.Status = oldHPA.Status
}