}
	}
}

func TestMustGetLocalIP4(t *testing.T) {
	testCases := []struct {
		expectedIPList set.StringSet
	}{
		{set.CreateStringSet("127.0.0.1")},
	}

	for _, testCase := range testCases {
		ipList := mustGetLocalIP4()
		if testCase.expectedIPList != nil && testCase.expectedIPList.Intersection(ipList).IsEmpty() {

	gi, ok := cache.iamGroupsMap[group]
	if !ok {
		return updatedAt, errNoSuchGroup
	}

	s := set.CreateStringSet(gi.Members...)
	d := set.CreateStringSet(members...)
	gi.Members = s.Difference(d).ToSlice()

	if !updateCacheOnly {
		err := store.saveGroupInfo(ctx, group, gi)
		if err != nil {
			return updatedAt, err
		}
	}

	if cfgTarget != madmin.Default {
		// This cannot give an error at this point.
		subSysTargets, _ := s.GetAvailableTargets(subSys)
		subSysTargetsSet := set.CreateStringSet(subSysTargets...)
		if isUpdate && !subSysTargetsSet.Contains(cfgTarget) {
			return ErrAdminConfigIDPCfgNameDoesNotExist
		}
		if !isUpdate && subSysTargetsSet.Contains(cfgTarget) {

		cfgToUsersMap[config.Name] = newResp
	}
	if len(roleArnMap) == 0 {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminNoSuchConfigTarget), r.URL)
		return
	}

	userSet := set.CreateStringSet(userList...)
	accessKeys, err := globalIAMSys.ListAllAccessKeys(ctx)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	for _, accessKey := range accessKeys {

	}
	groupInfo, err := s.adm.GetGroupDescription(ctx, group)
	if err != nil {
		c.Fatalf("group desc err: %v", err)
	}
	c.Assert(groupInfo.Name, group)
	c.Assert(set.CreateStringSet(groupInfo.Members...), set.CreateStringSet(accessKey))
	c.Assert(groupInfo.Policy, policy)
	c.Assert(groupInfo.Status, string(madmin.GroupEnabled))

	// 5. Disable/enable the group and verify that user access is revoked/restored.

func (sys *IAMSys) createCleanEntitiesQuery(q madmin.PolicyEntitiesQuery, ldap bool) cleanEntitiesQuery {
	cleanQ := cleanEntitiesQuery{
		Users:    make(map[string]set.StringSet),
		Groups:   set.CreateStringSet(q.Groups...),
		Policies: set.CreateStringSet(q.Policy...),
	}

	if ldap {
		// Validate and normalize users, then fetch and normalize their groups
		// Also include unvalidated users for backward compatibility.

				break
			}

			// Handle if we have some buckets in-memory those are stale.
			// first delete them and then replace the newer state()
			// from disk.
			diskBuckets := set.CreateStringSet()
			for _, bucket := range buckets {
				diskBuckets.Add(bucket.Name)
			}
			sys.RemoveStaleBuckets(diskBuckets)

			for i := range buckets {
				wait := sleeper.Timer(ctx)

			bucketsSet.Add(bucket)
			r, ok := dnsBuckets[bucket]
			if !ok {
				bucketsToBeUpdated.Add(bucket)
				continue
			}
			if !globalDomainIPs.Intersection(set.CreateStringSet(getHostsSlice(r)...)).IsEmpty() {
				if globalDomainIPs.Difference(set.CreateStringSet(getHostsSlice(r)...)).IsEmpty() && !domainMissing {
					// No difference in terms of domainIPs and nothing
					// has changed so we don't change anything on the etcd.
					//

	query.Set(xhttp.AmzSignedHeaders, strings.Join(pSignValues.SignedHeaders, ";"))
	query.Set(xhttp.AmzCredential, cred.AccessKey+SlashSeparator+pSignValues.Credential.getScope())

	defaultSigParams := set.CreateStringSet(
		xhttp.AmzContentSha256,
		xhttp.AmzSecurityToken,
		xhttp.AmzAlgorithm,
		xhttp.AmzDate,
		xhttp.AmzExpires,
		xhttp.AmzSignedHeaders,
		xhttp.AmzCredential,
		xhttp.AmzSignature,
	)

			} else {
				writeErrorResponse(r.Context(), w, toAPIError(r.Context(), err), r.URL)
			}
			return
		}
		if globalDomainIPs.Intersection(set.CreateStringSet(getHostsSlice(sr)...)).IsEmpty() {
			r.URL.Scheme = "http"
			if globalIsTLS {
				r.URL.Scheme = "https"
			}
			r.URL.Host = getHostFromSrv(sr)
			// Make sure we remove any existing headers before