{{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
      requests:

kind: RequestAuthentication
metadata:
  name: default-{{ .To.ServiceName }}
spec:
  targetRef:
    kind: Gateway
    group: gateway.networking.k8s.io
    name: {{ .To.ServiceName }}-gateway
  jwtRules:
  - issuer: "test-issuer******@****.***"
    jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
--- 
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:

  {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }}
    {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }}
      requests:

		return err
	}
	if err := s.AddGeneratedConversionFunc((*Issuer)(nil), (*apiserver.Issuer)(nil), func(a, b interface{}, scope conversion.Scope) error {
		return Convert_v1alpha1_Issuer_To_apiserver_Issuer(a.(*Issuer), b.(*apiserver.Issuer), scope)
	}); err != nil {
		return err
	}
	if err := s.AddGeneratedConversionFunc((*apiserver.Issuer)(nil), (*Issuer)(nil), func(a, b interface{}, scope conversion.Scope) error {

apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: {{ .To.ServiceName }}
spec:
  selector:
    matchLabels:
      app: {{ .To.ServiceName }}
  jwtRules:
  - issuer: "test-issuer******@****.***"
    jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    outputPayloadToHeader: "x-test-payload"

func (r *JwksResolver) resolveJwksURIUsingOpenID(issuer string, timeout time.Duration) (string, error) {
	// Try to get jwks_uri through OpenID Discovery.
	issuer = strings.TrimSuffix(issuer, "/")
	body, err := r.getRemoteContentWithRetry(issuer+openIDDiscoveryCfgURLSuffix, networkFetchRetryCountOnMainFlow, timeout)
	if err != nil {
		log.Errorf("Failed to fetch jwks_uri from %q: %v", issuer+openIDDiscoveryCfgURLSuffix, err)
		return "", err
	}

		seen := make(map[string]bool)
		for _, issuer := range o.ServiceAccounts.Issuers {
			if strings.Contains(issuer, ":") {
				if _, err := url.Parse(issuer); err != nil {
					allErrors = append(allErrors, fmt.Errorf("service-account-issuer %q contained a ':' but was not a valid URL: %v", issuer, err))
					continue
				}
			}
			if issuer == "" {

        if (isSet(mode, 0400)) {
            result.add(OWNER_READ);
        }
        if (isSet(mode, 0200)) {
            result.add(OWNER_WRITE);
        }
        if (isSet(mode, 0100)) {
            result.add(OWNER_EXECUTE);
        }

        if (isSet(mode, 040)) {
            result.add(GROUP_READ);
        }
        if (isSet(mode, 020)) {
            result.add(GROUP_WRITE);

---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: request-authn
spec:
  selector:
    matchLabels:
      app: {{ .dst }}
  jwtRules:
  - issuer: "test-issuer******@****.***"
    jwksUri: "http://example.com:8000/jwks"
    outputPayloadToHeader: "x-test-payload"
    forwardOriginalToken: true
---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: jwt-server-se
spec:

	}

	// HWCAP feature bits
	ARM.HasVFPv4 = isSet(HWCap, hwcap_VFPv4)
	ARM.HasIDIVA = isSet(HWCap, hwcap_IDIVA)
	// lpae is required to make the 64-bit instructions LDRD and STRD (and variants) atomic.
	// See ARMv7 manual section B1.6.
	// We also need at least a v7 chip, for the DMB instruction.
	ARM.HasV7Atomics = isSet(HWCap, hwcap_LPAE) && isV7(Platform)
}

func isSet(hwc uint, value uint) bool {
	return hwc&value != 0
}