content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Page not found
      content:
        application/json:
          schema:

		// later ridiculous requests within the cache window still hit the backend
		{name: "ridiculous unauthorized request again", attr: bobRidiculousAttr, allow: false, statusCode: 200, expectedErr: false, expectedAuthorized: false, expectedCalls: 1},
		// ridiculous authorized requests are not cached.

        then: 'resolution fails directly'
        1 * result.failed(_ as ArtifactResolveException)
        0 * delegate._

        where:
        desc | exception
        "unauthorized (401)" | unauthorized
        "forbidden (403)" | forbidden
    }

    List<List<?>> retryCombinations() {
        def retries = []
        (1..3).each { ret ->

	test(t, "subresource", audit.LevelRequest, stages, stages, "getPodSubResourceWildcardMatching")

	test(t, "Unauthorized", audit.LevelNone, stages, stages, "tims")
	test(t, "Unauthorized", audit.LevelMetadata, stages, stages, "tims", "default")
	test(t, "Unauthorized", audit.LevelNone, stages, stages, "humans")
	test(t, "Unauthorized", audit.LevelMetadata, stages, stages, "humans", "default")
}

func TestChecker(t *testing.T) {

        failedResolve.assertFailurePresent(failure)
        failure
            .assertResolutionFailure(':compile')
            .assertThatCause(CoreMatchers.containsString('Received status code 401 from server: Unauthorized'))

        where:
        authScheme | credsName | creds
        BASIC      | 'missing' | ''
        DIGEST     | 'missing' | ''
        NTLM       | 'missing' | ''

        given:
        getTestDirectory().createFile('src/unauthorized/file')
        getTestDirectory().createFile('src/authorized')
        getTestDirectory().createDir('dest')
        file('src/unauthorized').mode = 0000

        and:
        buildFile << """
            task copy(type: Copy) {
                from('src'){
                    exclude 'unauthorized'
                }
                into 'dest'

						StatusCode: http.StatusOK,
					},
				},
				// Mutual TLS origination from an unauthorized sidecar to https endpoint
				// This will result in a 503 with the UH flag because the cluster will
				// stay warming until a valid secret is sent.
				{
					name:            "unauthorized sidecar",
					credentialToUse: credNameGeneric,
					from:            apps.Ns1.B,
					drSelector:      "b",

        failure.assertHasCause("Could not GET '${mavenHttpRepo.uri.toString()}/${group}/${module}/maven-metadata.xml'. Received status code 401 from server: Unauthorized")
    }

    private void assertDependencyMetaDataReadTimeout(MavenModule module) {
        failure.assertHasCause("Could not resolve ${mavenModuleCoordinates(module)}.")

	authorizationWebhookVersionFlag         = "authorization-webhook-version"
	authorizationWebhookAuthorizedTTLFlag   = "authorization-webhook-cache-authorized-ttl"
	authorizationWebhookUnauthorizedTTLFlag = "authorization-webhook-cache-unauthorized-ttl"
	authorizationPolicyFileFlag             = "authorization-policy-file"
	authorizationConfigFlag                 = "authorization-config"
)

		// later ridiculous requests within the cache window still hit the backend
		{name: "ridiculous unauthorized request again", attr: bobRidiculousAttr, allow: false, statusCode: 200, expectedErr: false, expectedAuthorized: false, expectedCalls: 1},
		// ridiculous authorized requests are not cached.