"Successful auth!",
    )

    // No authorization header for the first request...
    var request = server.takeRequest()
    assertThat(request.headers["Authorization"]).isNull()

    // ...but the three requests that follow include an authorization header.
    for (i in 0..2) {
      request = server.takeRequest()

    assertThat(recordedRequest1.body.readUtf8()).isEqualTo(body)
    assertThat(recordedRequest1.headers["Authorization"]).isNull()
    val recordedRequest2 = server.takeRequest()
    assertThat(recordedRequest2.method).isEqualTo("POST")
    assertThat(recordedRequest2.body.readUtf8()).isEqualTo(body)
    assertThat(recordedRequest2.headers["Authorization"]).isEqualTo(credential)
  }

  @Test
  fun attemptAuthorization20Times() {

- kube-apiserver now reported the following metrics for authorization webhook match conditions: - `apiserver_authorization_match_condition_evaluation_errors_total` counter metric labeled by authorizer type and name - `apiserver_authorization_match_condition_exclusions_total` counter metric labeled by authorizer type and name - `apiserver_authorization_match_condition_evaluation_seconds` histogram metric labeled by authorizer type and name.

		}
		rc.Init(bucket, object, h)

		ci, err := globalCacheConfig.Get(rc)
		if ci != nil {
			tgs, ok := ci.Metadata[xhttp.AmzObjectTagging]
			if ok {
				// Set this such that authorization policies can be applied on the object tags.
				r.Header.Set(xhttp.AmzObjectTagging, tgs)
			}

			if s3Error := authorizeRequest(ctx, r, policy.GetObjectAction); s3Error != ErrNone {

required for gateway-api*/}} {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gateway.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "gateway.labels" . | nindent 4}} annotations: {{- .Values.annotations | toYaml | nindent 4 }} rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gateway.serviceAccountName"...

				case TooBigObject:
					req.ContentLength = globalMaxObjectSize + 1
					// Malformed signature.
					// Used in test case  6.
				case BadSignature:
					req.Header.Set("authorization", req.Header.Get("authorization")+"a")
					// Setting an invalid Content-MD5 to force a Md5 Mismatch error.
					// Used in tesr case 7.
				case BadMD5:
					req.Header.Set("Content-MD5", "badmd5")
				}

      MockResponse.Builder()
        .body("B")
        .build(),
    )
    val url = server.url("/")
    val request =
      Request.Builder()
        .url(url)
        .header("Authorization", "password")
        .build()
    val response = client.newCall(request).execute()
    assertThat(response.body.string()).isEqualTo("A")
    assertThat(get(url).body.string()).isEqualTo("A")
  }