### 2. Run MinIO in federated mode

Bucket lookup from DNS federation requires two dependencies

- etcd (for bucket DNS service records)
- CoreDNS (for DNS management based on populated bucket DNS service records, optional)

## Architecture

![bucket-lookup](https://github.com/minio/minio/blob/master/docs/federation/lookup/bucket-lookup.png?raw=true)

		b.Fatal(err)
	}

	creds := globalActiveCred
	token, err := authenticateNode(creds.AccessKey, creds.SecretKey)
	if err != nil {
		b.Fatal(err)
	}

	b.ResetTimer()
	b.ReportAllocs()
	b.RunParallel(func(pb *testing.PB) {
		for pb.Next() {
			err = xjwt.ParseWithStandardClaims(token, xjwt.NewStandardClaims(), []byte(creds.SecretKey))
			if err != nil {
				b.Fatal(err)
			}

    private Credentials creds;

    /**
     * Constructs a CIFS context wrapper with custom credentials.
     *
     * @param delegate the context to wrap
     * @param creds
     *            Credentials to use
     */
    public CIFSContextCredentialWrapper(final AbstractCIFSContext delegate, final Credentials creds) {
        super(delegate);
        this.creds = creds;
    }

    /**
     *

            result = root.find('AssumeRoleWithClientGrantsResult')
            creds = result.find('Credentials')
            return dict(
                access_key=creds.get_child_text('AccessKeyId'),
                secret_key=creds.get_child_text('SecretAccessKey'),
                token=creds.get_child_text('SessionToken'),
                expiry_time=parse(creds.get_child_text('Expiration')).isoformat())

				conf.AWSRoleARN,
				sessionName,
			},
		}
		creds = credentials.New(&s3WebIdentityIAM)
	case conf.AccessKey != "" && conf.SecretKey != "":
		creds = credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
	default:
		return nil, errors.New("insufficient parameters for S3 backend authentication")
	}
	opts := &minio.Options{
		Creds:     creds,
		Secure:    u.Scheme == "https",

    void testWithCredentials() {
        // Given
        Credentials creds = mock(Credentials.class);
        CIFSContext newContext = mock(CIFSContext.class);
        when(mockContext.withCredentials(creds)).thenReturn(newContext);

        // When
        CIFSContext context = mockContext.withCredentials(creds);

        // Then
        assertEquals(newContext, context);

/_artifacts/
/_rundir/

# Go dependencies installed on Jenkins
/_gopath/

# Config directories created by gcloud and gsutil on Jenkins
/.config/gcloud*/
/.gsutil/

# CoreOS stuff
/cluster/libvirt-coreos/coreos_*.img

# Downloaded Kubernetes binary release
/kubernetes/

# direnv .envrc files
.envrc

# Downloaded kubernetes binary release tar ball
kubernetes.tar.gz

		t.Fatal(err)
	}

	creds := globalActiveCred
	policy := "policy"
	testCases := []struct {
		accessKey string
		policy    string
		signature string
		errCode   APIErrorCode
	}{
		{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID},
		{creds.AccessKey, policy, calculateSignatureV2("random", creds.SecretKey), ErrSignatureDoesNotMatch},

        Runtime.getRuntime().addShutdownHook(this);
    }

    /**
     * @param creds the credentials to use
     * @return a wrapped context with the given credentials
     */
    @Override
    public CIFSContext withCredentials(final Credentials creds) {
        return new CIFSContextCredentialWrapper(this, creds);
    }

    /**
     *
     * {@inheritDoc}
     *

	}

	locker := &lockRESTServer{
		ll: &localLocker{
			mutex:   sync.Mutex{},
			lockMap: make(map[string][]lockRequesterInfo),
		},
	}
	creds := globalActiveCred
	token, err := authenticateNode(creds.AccessKey, creds.SecretKey)
	if err != nil {
		t.Fatal(err)
	}
	return fsDir, locker, token
}

// Test function to remove lock entries from map based on name & uid combination