}

	// Check that the LDAP sts cred is actually working.
	minioClient, err := minio.New(s.endpoint, &minio.Options{
		Creds:     cr.NewStaticV4(value.AccessKeyID, value.SecretAccessKey, value.SessionToken),
		Secure:    s.secure,
		Transport: s.TestSuiteCommon.client.Transport,
	})
	if err != nil {
		c.Fatalf("Error initializing client: %v", err)
	}

	// Validate that the client from sts creds can access the bucket.

		Code:           "InvalidArgument",
		Description:    "The secret key was invalid for the specified algorithm.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMissingSSECustomerKey: {
		Code:           "InvalidArgument",
		Description:    "Requests specifying Server Side Encryption with Customer provided keys must provide an appropriate secret key.",
		HTTPStatusCode: http.StatusBadRequest,
	},

	if err != nil {
		return err
	}

	cred := r.Source.Creds

	c, err := miniogo.New(u.Host, &miniogo.Options{
		Creds:        credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
		Secure:       u.Scheme == "https",
		Transport:    getRemoteInstanceTransport(),
		BucketLookup: lookupStyle(r.Source.Path),
	})
	if err != nil {
		return err
	}

	// Presign is not needed for anonymous credentials.
	if accessKeyID == "" || secretAccessKey == "" {
		return errors.New("Presign cannot be generated without access and secret keys")
	}

	region := globalSite.Region
	date := UTCNow()
	scope := getScope(date, region)
	credential := fmt.Sprintf("%s/%s", accessKeyID, scope)

	// Set URL query.
	query := req.URL.Query()

		{testBuckets[0], "newPrefix0", "newPrefix0", nil},
		{testBuckets[0], "newPrefix1", "newPrefix1", nil},
		{testBuckets[0], "newzen/zen/recurse/again/again/again/pics", "recurse", nil},
		{testBuckets[0], "obj0", "obj0", nil},
		{testBuckets[0], "obj1", "obj1", nil},
		{testBuckets[0], "obj2", "obj2", nil},
		{testBuckets[1], "obj1", "obj1", nil},

	if err != nil {
		secretKey, err := getTokenSigningKey()
		if err != nil {
			return nil, err
		}
		// Session tokens for STS creds will be generated with root secret or site-replicator-0 secret
		jwtClaims, err = auth.ExtractClaims(u.Credentials.SessionToken, secretKey)
		if err != nil {
			return nil, err
		}
	}
	return jwtClaims, nil
}

	sa, embeddedPolicy, err := sys.getServiceAccount(ctx, accessKey)
	if err != nil {
		return auth.Credentials{}, nil, err
	}
	// Hide secret & session keys
	sa.Credentials.SecretKey = ""
	sa.Credentials.SessionToken = ""
	return sa.Credentials, embeddedPolicy, nil
}

		//     spark.sparkContext.hadoopConfiguration.set("fs.s3a.path.style.access", "true")
		//     spark.sparkContext.hadoopConfiguration.set("fs.s3a.access.key", "minioadmin")
		//     spark.sparkContext.hadoopConfiguration.set("fs.s3a.secret.key", "minioadmin")
		//
		//     val df = spark.read.json("s3a://testbucket/s3.json")
		//
		//     df.write.parquet("s3a://testbucket/parquet/")
		//   }
		// }

	w.Reset(&buf4)
	w2 := NewWriter(w)
	w2.WriteString("recur")
	w2.Flush()
	if buf4.String() != "recur" {
		t.Errorf("buf4 = %q, want %q", buf4.String(), "recur")
	}
	w.Reset(&buf5)
	w2.Reset(w)
	w2.WriteString("recur2")
	w2.Flush()
	if buf5.String() != "recur2" {
		t.Errorf("buf5 = %q, want %q", buf5.String(), "recur2")
	}
}

func TestReaderDiscard(t *testing.T) {