TestCredentials creds = new TestCredentials("A", true, false, subject, false);

        // Act
        TestCredentials copy = creds.clone();

        // Assert
        assertNotSame(creds, copy, "clone must return a new instance");
        assertEquals(creds.getUserDomain(), copy.getUserDomain());
        assertEquals(creds.isAnonymous(), copy.isAnonymous());
        assertEquals(creds.isGuest(), copy.isGuest());

					z.Creds.AccessKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "AccessKey")
						return
					}
				case "SecretKey":
					z.Creds.SecretKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "SecretKey")
						return
					}
				case "SessionToken":
					z.Creds.SessionToken, err = dc.ReadString()
					if err != nil {

	case madmin.S3:
		if creds.AWSRole {
			cfg.S3.AWSRole = true
		}
		if creds.AWSRoleWebIdentityTokenFile != "" && creds.AWSRoleARN != "" {
			cfg.S3.AWSRoleARN = creds.AWSRoleARN
			cfg.S3.AWSRoleWebIdentityTokenFile = creds.AWSRoleWebIdentityTokenFile
		}
		if creds.AccessKey != "" && creds.SecretKey != "" {
			cfg.S3.AccessKey = creds.AccessKey
			cfg.S3.SecretKey = creds.SecretKey
		}
	case madmin.Azure:

	}{
		// Test case - 1.
		// Filter contains more than (Prefix,Tag,And) rule
		{
			method:             http.MethodPut,
			bucketName:         bucketName,
			accessKey:          creds.AccessKey,
			secretKey:          creds.SecretKey,

        assertNull(b.getServer());
    }

    @Test
    @DisplayName("shouldForceSigning depends on config, creds, and IPC")
    void testShouldForceSigning() {
        when(config.isIpcSigningEnforced()).thenReturn(true);
        when(creds.isAnonymous()).thenReturn(false);

        // Case 1: share is IPC$ -> IPC
        SmbResourceLocatorImpl ipc = locator("smb://server/IPC$/");

        // Arrange: minimal credentials chain so SmbSessionImpl constructor succeeds
        CredentialsInternal creds = mock(CredentialsInternal.class);
        when(ctx.getCredentials()).thenReturn(creds);
        when(creds.unwrap(CredentialsInternal.class)).thenReturn(creds);
        when(creds.clone()).thenReturn(creds);

        assertEquals(0, transport.getNumSessions());

        // Act: create new session (happy path)

		t.Fatalf("unable initialize config file, %s", err)
	}

	initAllSubsystems(ctx)

	initConfigSubsystem(ctx, objLayer)

	creds, err := auth.CreateCredentials("myuser", "mypassword")
	if err != nil {
		t.Fatalf("unable create credential, %s", err)
	}

	globalActiveCred = creds

	globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)

	// List of test cases for validating http request authentication.

		Policies: []string{policy},
		User:     accessKey,
	})
	if err != nil {
		c.Fatalf("unable to attach policy: %v", err)
	}

	// Create an madmin client with user creds
	userAdmClient, err := madmin.NewWithOptions(s.endpoint, &madmin.Options{
		Creds:  credentials.NewStaticV4(accessKey, secretKey, ""),
		Secure: s.secure,
	})
	if err != nil {
		c.Fatalf("Err creating user admin client: %v", err)
	}

		region := globalSite.Region()
		if region == "" {
			region = "us-east-1"
		}
		clnt, err = minio.New(globalLocalNodeName, &minio.Options{
			Creds:     credentials.NewStaticV4(opts.creds.AccessKey, opts.creds.SecretKey, opts.creds.SessionToken),
			Secure:    globalIsTLS,
			Transport: globalRemoteTargetTransport,
			Region:    region,
		})
		if err != nil {
			return res, err
		}
	}

func (sys *BucketTargetSys) getRemoteTargetClient(tcfg *madmin.BucketTarget) (*TargetClient, error) {
	config := tcfg.Credentials
	creds := credentials.NewStaticV4(config.AccessKey, config.SecretKey, "")

	api, err := minio.New(tcfg.Endpoint, &minio.Options{
		Creds:     creds,
		Secure:    tcfg.Secure,
		Region:    tcfg.Region,
		Transport: globalRemoteTargetTransport,
	})
	if err != nil {
		return nil, err