// to all containers of a pod.
	// Deprecated: set a pod security context `seccompProfile` field.
	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"

	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
	// to one container of a pod.
	// Deprecated: set a container security context `seccompProfile` field.

package okhttp3.internal.platform

import android.annotation.SuppressLint
import java.io.IOException
import java.net.InetSocketAddress
import java.net.Socket
import java.security.GeneralSecurityException
import java.security.KeyStore
import java.security.Security
import java.util.logging.Level
import java.util.logging.Logger
import javax.net.ssl.ExtendedSSLSession
import javax.net.ssl.SNIHostName
import javax.net.ssl.SSLContext

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-1
  namespace: foo
  annotations:
    "istio.io/dry-run": "true"
spec:
  selector:
    matchLabels:
      app: httpbin
      version: v1
  action: ALLOW
  rules:
    - to:
        - operation:
            ports: ["80"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-2

apiVersion: release-notes/v2
kind: feature
area: security
issue:
- https://github.com/istio/api/pull/1933
docs:
- '[usage] https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/'
- '[design] https://docs.google.com/document/d/1xQdZsEgJ3Ld2qebfT3EJkg2COTtCR1TqBVojmnvI78g'
releaseNotes:
- |

apiVersion: release-notes/v2
kind: security-fix
area: security
issue:
  - 27238
releaseNotes:
  - |

apiVersion: release-notes/v2
kind: feature
area: security
issue:
  - 33809
releaseNotes:
  - |
    **Added** Auto mTLS support for workload level peer authentication. You no longer need to configure destination rule when servers are configured with workload level peer authentication policy. This can be disabled by setting ENABLE_AUTO_MTLS_CHECK_POLICIES to "false". 
docs:

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-1
  namespace: foo
spec:
  action: CUSTOM
  provider:
    name: default
  selector:
    matchLabels:
      app: httpbin
      version: v1
  rules:
    - to:
        - operation:
            paths: ["/httpbin1"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-2
  namespace: foo

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-1
  namespace: foo
  annotations:
    "istio.io/dry-run": "true"
spec:
  selector:
    matchLabels:
      app: httpbin
      version: v1
  action: ALLOW
  rules:
    - to:
        - operation:
            paths: ["/allow"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-2

	return nil
}

func newXDSConnection(cfg *Config) (*grpc.ClientConn, error) {
	var opts []grpc.DialOption

	// transport security
	creds, err := xds.NewClientCredentials(xds.ClientOptions{FallbackCreds: insecure.NewCredentials()})
	if err != nil {
		return nil, err
	}
	security := grpc.WithTransportCredentials(creds)
	if len(cfg.XDSTestBootstrap) > 0 {

## About security, APIs, and docs

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.