TestCredentials creds = new TestCredentials("A", true, false, subject, false);

        // Act
        TestCredentials copy = creds.clone();

        // Assert
        assertNotSame(creds, copy, "clone must return a new instance");
        assertEquals(creds.getUserDomain(), copy.getUserDomain());
        assertEquals(creds.isAnonymous(), copy.isAnonymous());
        assertEquals(creds.isGuest(), copy.isGuest());

					z.Creds.AccessKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "AccessKey")
						return
					}
				case "SecretKey":
					z.Creds.SecretKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "SecretKey")
						return
					}
				case "SessionToken":
					z.Creds.SessionToken, err = dc.ReadString()
					if err != nil {

	case madmin.S3:
		if creds.AWSRole {
			cfg.S3.AWSRole = true
		}
		if creds.AWSRoleWebIdentityTokenFile != "" && creds.AWSRoleARN != "" {
			cfg.S3.AWSRoleARN = creds.AWSRoleARN
			cfg.S3.AWSRoleWebIdentityTokenFile = creds.AWSRoleWebIdentityTokenFile
		}
		if creds.AccessKey != "" && creds.SecretKey != "" {
			cfg.S3.AccessKey = creds.AccessKey
			cfg.S3.SecretKey = creds.SecretKey
		}
	case madmin.Azure:

	}{
		// Test case - 1.
		// Filter contains more than (Prefix,Tag,And) rule
		{
			method:             http.MethodPut,
			bucketName:         bucketName,
			accessKey:          creds.AccessKey,
			secretKey:          creds.SecretKey,

        assertNull(b.getServer());
    }

    @Test
    @DisplayName("shouldForceSigning depends on config, creds, and IPC")
    void testShouldForceSigning() {
        when(config.isIpcSigningEnforced()).thenReturn(true);
        when(creds.isAnonymous()).thenReturn(false);

        // Case 1: share is IPC$ -> IPC
        SmbResourceLocatorImpl ipc = locator("smb://server/IPC$/");

func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request {
	req := mustNewRequest(method, urlStr, contentLength, body, t)
	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

// This is similar to mustNewRequest but additionally the request

        // Arrange: minimal credentials chain so SmbSessionImpl constructor succeeds
        CredentialsInternal creds = mock(CredentialsInternal.class);
        when(ctx.getCredentials()).thenReturn(creds);
        when(creds.unwrap(CredentialsInternal.class)).thenReturn(creds);
        when(creds.clone()).thenReturn(creds);

        assertEquals(0, transport.getNumSessions());

        // Act: create new session (happy path)

		Policies: []string{policy},
		User:     accessKey,
	})
	if err != nil {
		c.Fatalf("unable to attach policy: %v", err)
	}

	// Create an madmin client with user creds
	userAdmClient, err := madmin.NewWithOptions(s.endpoint, &madmin.Options{
		Creds:  credentials.NewStaticV4(accessKey, secretKey, ""),
		Secure: s.secure,
	})
	if err != nil {
		c.Fatalf("Err creating user admin client: %v", err)
	}

		region := globalSite.Region()
		if region == "" {
			region = "us-east-1"
		}
		clnt, err = minio.New(globalLocalNodeName, &minio.Options{
			Creds:     credentials.NewStaticV4(opts.creds.AccessKey, opts.creds.SecretKey, opts.creds.SessionToken),
			Secure:    globalIsTLS,
			Transport: globalRemoteTargetTransport,
			Region:    region,
		})
		if err != nil {
			return res, err
		}
	}

				STSCredential: &madmin.SRSTSCredential{
					AccessKey:    cred.AccessKey,
					SecretKey:    cred.SecretKey,
					SessionToken: cred.SessionToken,
					ParentUser:   cred.ParentUser,
				},
				UpdatedAt: updatedAt,
			}))

			mcreds = credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken)
		} else {
			mcreds = credentials.NewStaticV4(sa.Credentials.AccessKey, sa.Credentials.SecretKey, "")