Warn ValidationAction = "Warn"
	// Audit specifies that a validation failure is included in the published
	// audit event for the request. The audit event will contain a
	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
	// with a value containing the details of the validation failure.
	Audit ValidationAction = "Audit"
)

		if r.Context() != audit.WithAuditContext(r.Context()) {
			t.Error("unexpected double wrapping of context")
		}

		// confirm that we have an audit event
		ae := audit.AuditEventFrom(r.Context())
		if ae == nil {
			t.Error("unexpected nil audit event")
		}

		// confirm that the indirect way of setting audit annotations later in the chain also works

  // both for allowed or denied admission responses.
  //
  // "Audit" specifies that a validation failure is included in the published
  // audit event for the request. The audit event will contain a
  // `validation.policy.admission.k8s.io/validation_failure` audit annotation
  // with a value containing the details of the validation failures, formatted as

	}})
	if err != nil {
		klog.Warningf("Failed to set admission audit annotation %s for ValidatingAdmissionPolicy %s and ValidatingAdmissionPolicyBinding %s: %v", key, binding.Spec.PolicyName, binding.Name, err)
	}
	value := string(valueJSON)
	if err := attributes.AddAnnotation(key, value); err != nil {

  // both for allowed or denied admission responses.
  //
  // "Audit" specifies that a validation failure is included in the published
  // audit event for the request. The audit event will contain a
  // `validation.policy.admission.k8s.io/validation_failure` audit annotation
  // with a value containing the details of the validation failures, formatted as

					t.Errorf("Expected policy audit annotation action '%v' but got '%v'", auditAnnotation.Action, actual.Action)
				}
				if auditAnnotation.Error != actual.Error {
					t.Errorf("Expected audit annotation error '%v' but got '%v'", auditAnnotation.Error, actual.Error)
				}
				if auditAnnotation.Value != actual.Value {

	auditinternal "k8s.io/apiserver/pkg/apis/audit"
	endpointsrequest "k8s.io/apiserver/pkg/endpoints/request"
	webhookutil "k8s.io/apiserver/pkg/util/webhook"
	"k8s.io/apiserver/pkg/warning"
	"k8s.io/component-base/tracing"
	"k8s.io/klog/v2"
)

const (
	// PatchAuditAnnotationPrefix is a prefix for persisting webhook patch in audit annotation.

		},
		{
			name:  "allow-path",
			input: "allow-path-in.yaml",
			want:  []string{"allow-path-out.yaml"},
		},
		{
			name:  "audit-full-rule",
			input: "audit-full-rule-in.yaml",
			want:  []string{"audit-full-rule-out.yaml"},
		},
		{
			name:       "custom-grpc-provider-no-namespace",
			meshConfig: meshConfigGRPCNoNamespace,
			input:      "custom-simple-http-in.yaml",

	"github.com/minio/minio/internal/logger/target/http"
	"github.com/minio/minio/internal/logger/target/kafka"
)

// Console logger target
type Console struct {
	Enabled bool `json:"enabled"`
}

// Audit/Logger constants
const (
	Endpoint   = "endpoint"
	AuthToken  = "auth_token"
	ClientCert = "client_cert"
	ClientKey  = "client_key"
	BatchSize  = "batch_size"
	QueueSize  = "queue_size"
	QueueDir   = "queue_dir"

			option:            option,
		}
	}

	if len(policies.Deny) == 0 && len(policies.Allow) == 0 && len(policies.Audit) == 0 {
		return nil
	}
	return &Builder{
		denyPolicies:      policies.Deny,
		allowPolicies:     policies.Allow,
		auditPolicies:     policies.Audit,
		trustDomainBundle: trustDomainBundle,
		option:            option,
	}
}