SecretKey:  svcSK,
	})
	if err != nil {
		c.Fatalf("Unable to create svc acc: %v", err)
	}
	svcClient := s.getUserClient(c, cr.AccessKey, cr.SecretKey, "")
	c.mustListObjects(ctx, svcClient, bucket)

	err = madmClient.DeleteServiceAccount(ctx, svcAK)
	if err != nil {
		c.Fatalf("unable to delete svc acc: %v", err)
	}
	c.mustNotListObjects(ctx, svcClient, bucket)
}

            ACE ace1 = mock(ACE.class);
            ACE ace2 = mock(ACE.class);
            when(ace1.getApplyToText()).thenReturn("");
            when(ace2.getApplyToText()).thenReturn(null);

            assertEquals("", ace1.getApplyToText(), "Should handle empty apply text");
            assertNull(ace2.getApplyToText(), "Should handle null apply text");

            verify(ace1).getApplyToText();

        void testGetTypeAndText(int type, String text) {
            byte[] ident = new byte[] { 0, 0, 0, 0, 0, 5 };
            SID sid = new SID(buildSidT((byte) 1, ident, 42), type, "DOM", "acct", false);
            assertEquals(type, sid.getType());
            assertEquals(text, sid.getTypeText());
        }

        @Test

						Parent:        acc.Credentials.ParentUser,
						AccessKey:     user,
						SecretKey:     acc.Credentials.SecretKey,
						Groups:        acc.Credentials.Groups,
						Claims:        claims,
						SessionPolicy: policyJSON,
						Status:        acc.Credentials.Status,
						Name:          acc.Credentials.Name,
						Description:   acc.Credentials.Description,
						Expiration:    &acc.Credentials.Expiration,

        try {
            return new SID(textual);
        } catch (SmbException e) {
            throw new RuntimeException(e);
        }
    }

    @Test
    @DisplayName("resolveSids(DcerpcHandle,...) populates acct, domain and type for known types")
    void resolveSids_populatesFields_happyPath() throws Exception {
        SIDCacheImpl cache = new SIDCacheImpl(mock(CIFSContext.class));
        DcerpcHandle handle = mock(DcerpcHandle.class);

					}
				}
				svcAccts[user] = madmin.SRSvcAccCreate{
					Parent:        acc.Credentials.ParentUser,
					AccessKey:     user,
					SecretKey:     acc.Credentials.SecretKey,
					Groups:        acc.Credentials.Groups,
					Claims:        claims,
					SessionPolicy: policyJSON,
					Status:        acc.Credentials.Status,
					Name:          sa.Name,
					Description:   sa.Description,

		Secure: s.secure,
	})
	if err != nil {
		c.Fatalf("Err creating user admin client: %v", err)
	}
	userAdmClient.SetCustomTransport(s.TestSuiteCommon.client.Transport)

	// Create svc acc
	cr := c.mustCreateSvcAccount(ctx, value.AccessKeyID, userAdmClient)

	svcClient := s.getUserClient(c, cr.AccessKey, cr.SecretKey, "")

	// 1. Check S3 access for service account ListObjects()

	if !sys.Initialized() {
		return UserIdentity{}, nil, errServerNotInitialized
	}

	acc, ok := sys.store.GetUser(accessKey)
	if !ok {
		return UserIdentity{}, nil, errNoSuchAccount
	}

	jwtClaims, err := extractJWTClaims(acc)
	if err != nil {
		return UserIdentity{}, nil, err
	}

	return acc, jwtClaims, nil
}

// GetClaimsForSvcAcc - gets the claims associated with the service account.

                "sourceIPAddress": "192.168.56.192"
            },
            "responseElements": {
                "x-amz-request-id": "15C3249451E12784",
                "x-minio-deployment-id": "751a8ba6-acb2-42f6-a297-4cdf1cf1fa4f",
                "x-minio-origin-endpoint": "http://192.168.97.83:9000"
            },
            "s3": {
                "s3SchemaVersion": "1.0",

		return updatedAt, errors.New("unknown account status value")
	}

	m, err := getClaimsFromTokenWithSecret(cr.SessionToken, currentSecretKey)
	if err != nil {
		return updatedAt, fmt.Errorf("unable to get svc acc claims: %v", err)
	}

	// Extracted session policy name string can be removed as its not useful
	// at this point.
	m.Delete(sessionPolicyNameExtracted)