// both for allowed or denied admission responses.
  //
  // "Audit" specifies that a validation failure is included in the published
  // audit event for the request. The audit event will contain a
  // `validation.policy.admission.k8s.io/validation_failure` audit annotation
  // with a value containing the details of the validation failures, formatted as

		}

		// Track secret-based long-lived service account tokens and add audit annotations and metrics.
		autoGenerated := false

		// Check if the secret has been marked as invalid
		if invalidSince := secret.Labels[InvalidSinceLabelKey]; invalidSince != "" {
			audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token-invalidated", secret.Name+"/"+secret.Namespace)

		configs.Allow = append(configs.Allow, config)
	case authpb.AuthorizationPolicy_DENY:
		configs.Deny = append(configs.Deny, config)
	case authpb.AuthorizationPolicy_AUDIT:
		configs.Audit = append(configs.Audit, config)
	case authpb.AuthorizationPolicy_CUSTOM:
		configs.Custom = append(configs.Custom, config)
	default:
		log.Errorf("ignored authorization policy %s.%s with unsupported action: %s",

					t.Errorf("Expected policy audit annotation action '%v' but got '%v'", auditAnnotation.Action, actual.Action)
				}
				if auditAnnotation.Error != actual.Error {
					t.Errorf("Expected audit annotation error '%v' but got '%v'", auditAnnotation.Error, actual.Error)
				}
				if auditAnnotation.Value != actual.Value {

	auditinternal "k8s.io/apiserver/pkg/apis/audit"
	endpointsrequest "k8s.io/apiserver/pkg/endpoints/request"
	webhookutil "k8s.io/apiserver/pkg/util/webhook"
	"k8s.io/apiserver/pkg/warning"
	"k8s.io/component-base/tracing"
	"k8s.io/klog/v2"
)

const (
	// PatchAuditAnnotationPrefix is a prefix for persisting webhook patch in audit annotation.

	Warn ValidationAction = "Warn"
	// Audit specifies that a validation failure is included in the published
	// audit event for the request. The audit event will contain a
	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
	// with a value containing the details of the validation failure.
	Audit ValidationAction = "Audit"
)

		},
		{
			name:  "allow-path",
			input: "allow-path-in.yaml",
			want:  []string{"allow-path-out.yaml"},
		},
		{
			name:  "audit-full-rule",
			input: "audit-full-rule-in.yaml",
			want:  []string{"audit-full-rule-out.yaml"},
		},
		{
			name:       "custom-grpc-provider-no-namespace",
			meshConfig: meshConfigGRPCNoNamespace,
			input:      "custom-simple-http-in.yaml",

}

teardown_file() {
    rm -rf /tf/venv
}

@test "Wheel is manylinux2014 (manylinux_2_17) compliant" {
    python3 -m auditwheel show "$TF_WHEEL" > audit.txt
    grep --quiet -zoP 'is consistent with the following platform tag:\n"manylinux_2_17_(aarch|x86_)64"\.' audit.txt
}

@test "Wheel conforms to upstream size limitations" {
    WHEEL_MEGABYTES=$(stat --format %s "$TF_WHEEL" | awk '{print int($1/(1024*1024))}')

	"github.com/minio/minio/internal/logger/target/http"
	"github.com/minio/minio/internal/logger/target/kafka"
)

// Console logger target
type Console struct {
	Enabled bool `json:"enabled"`
}

// Audit/Logger constants
const (
	Endpoint   = "endpoint"
	AuthToken  = "auth_token"
	ClientCert = "client_cert"
	ClientKey  = "client_key"
	BatchSize  = "batch_size"
	QueueSize  = "queue_size"
	QueueDir   = "queue_dir"

}

// ObserveAudit observes a policy validation audit annotation was published for a validation failure.
func (m *ValidatingAdmissionPolicyMetrics) ObserveAudit(ctx context.Context, elapsed time.Duration, policy, binding, state string) {
	m.policyCheck.WithContext(ctx).WithLabelValues(policy, binding, "audit", state).Inc()
	m.policyLatency.WithContext(ctx).WithLabelValues(policy, binding, "audit", state).Observe(elapsed.Seconds())
}