"k8s.io/apimachinery/pkg/runtime/serializer"
	auditinternal "k8s.io/apiserver/pkg/apis/audit"
	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
	"k8s.io/apiserver/pkg/apis/audit/validation"
	"k8s.io/apiserver/pkg/audit"
	"k8s.io/klog/v2"
)

var (
	apiGroupVersions = []schema.GroupVersion{
		auditv1.SchemeGroupVersion,
	}
	apiGroupVersionSet = map[schema.GroupVersion]bool{}
)

func init() {

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: audit-all
  namespace: foo
spec:
  action: AUDIT
  rules:

name: envoy.filters.http.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
  rules:
    action: LOG
    policies:
      ns[foo]-policy[audit-all]-rule[0]:
        permissions:
        - andRules:
            rules:
            - any: true
        principals:
        - andIds:
            ids:
            - any: true

			Name:           "event_total",
			Help:           "Counter of audit events generated and sent to the audit backend.",
			StabilityLevel: metrics.ALPHA,
		})
	errorCounter = metrics.NewCounterVec(
		&metrics.CounterOpts{
			Subsystem: subsystem,
			Name:      "error_total",
			Help: "Counter of audit events that failed to be audited properly. " +
				"Plugin identifies the plugin affected by the error.",

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-audit
  namespace: foo
spec:
  action: AUDIT
  rules:
  # rule[0] `from`: all fields, `to`: all fields, `when`: all fields.
  - from:
    - source:
        principals: ["principal"]
        requestPrincipals: ["requestPrincipals"]
        namespaces: ["ns"]
        ipBlocks: ["1.2.3.4"]
        remoteIpBlocks: ["10.250.90.4"]

name: envoy.filters.http.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
  rules:
    action: LOG
    policies:
      ns[foo]-policy[audit-all]-rule[0]:
        permissions:
        - andRules:
            rules:
            - any: true
        principals:
        - andIds:
            ids:
            - any: true

name: envoy.filters.network.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC
  rules:
    action: LOG
    policies:
      ns[foo]-policy[httpbin-audit]-rule[0]:
        permissions:
        - andRules:
            rules:
            - orRules:
                rules:
                - destinationPort: 80
            - notRule:
                orRules:
                  rules:

}

// CurrentStats returns the current statistics.
func CurrentStats() map[string]types.TargetStats {
	sys := SystemTargets()
	audit := AuditTargets()
	res := make(map[string]types.TargetStats, len(sys)+len(audit))
	cnt := make(map[string]int, len(sys)+len(audit))

	// Add system and audit.
	for _, t := range sys {
		key := strings.ToLower(t.Type().String())
		n := cnt[key]
		cnt[key]++

Harshavardhana <******@****.***> 1701446184 -0800

				audit.StagePanic,
			},
		},
		{
			desc: "should remove both",
			stages: []audit.Stage{
				audit.StageResponseStarted,
				audit.StageRequestReceived,
			},
			expectedStages: []audit.Stage{
				audit.StageResponseComplete,
				audit.StagePanic,
			},
		},
		{
			desc:   "should remove none",
			stages: []audit.Stage{},
			expectedStages: []audit.Stage{
				audit.StageResponseComplete,