account := Account{Number: "account-has-one-append"}

	if err := DB.Model(&user2).Association("Account").Append(&account); err != nil {
		t.Fatalf("Error happened when append account, got %v", err)
	}

	if account.ID == 0 {
		t.Fatalf("Account's ID should be created")
	}

	user.Account = account
	CheckUser(t, user2, user)

	AssertAssociationCount(t, user, "Account", 1, "AfterAppend")

	// Replace

	user := GetUser("TestJoinWithSoftDeletedUser", Config{Account: true, NamedPet: true})
	DB.Create(&user)

	var user1 User
	DB.Model(&User{}).Joins("NamedPet").Joins("Account").First(&user1, user.ID)
	if user1.NamedPet == nil || user1.Account.ID == 0 {
		t.Fatalf("joins NamedPet and Account should not empty:%v", user1)
	}

	// Account should empty
	DB.Delete(&user1.Account)

	var user2 User

        if (username != null) {
            AccountAttempts account = accountAttempts.computeIfAbsent(username, k -> new AccountAttempts());
            account.recordFailure();

            if (account.getFailedAttempts() >= maxAttemptsPerAccount) {
                account.lockOut(lockoutDuration);
                totalAccountsLocked.incrementAndGet();

		"ManagerID", "Active")

	t.Run("Account", func(t *testing.T) {
		AssertObjEqual(t, user.Account, expect.Account, "ID", "CreatedAt", "UpdatedAt", "DeletedAt", "UserID", "Number")

		if user.Account.Number != "" {
			if !user.Account.UserID.Valid {
				t.Errorf("Account's foreign key should be saved")
			} else {
				var account Account
				db(unscoped).First(&account, "user_id = ?", user.ID)

	}

	var users2 []User
	DB.Preload("Account", clause.Eq{Column: "number", Value: users[0].Account.Number}).Find(&users2, "id IN ?", userIDs)
	sort.Slice(users2, func(i, j int) bool {
		return users2[i].ID < users2[j].ID
	})

	for idx, user := range users2[1:2] {
		if user.Account.Number != "" {
			t.Errorf("No account should found for user %v but got %v", idx+2, user.Account.Number)
		}
	}

	c.assertSvcAccS3Access(ctx, s, cr, bucket)

	// 3. Check that svc account can restrict the policy, and that the
	// session policy can be updated.
	c.assertSvcAccSessionPolicyUpdate(ctx, s, s.adm, accessKey, bucket)

	// 4. Check that service account's secret key and account status can be
	// updated.
	c.assertSvcAccSecretKeyAndStatusUpdate(ctx, s, s.adm, accessKey, bucket)

	user.Birthday = nil
	user.Account = Account{}
	user.Toys = nil
	user.Manager = nil

	CheckUser(t, result, user)

	user2 := *GetUser("omit_create", Config{Account: true, Pets: 3, Toys: 3, Company: true, Manager: true, Team: 3, Languages: 3, Friends: 4})
	DB.Omit(clause.Associations).Create(&user2)

	var result2 User
	DB.Preload(clause.Associations).First(&result2, user2.ID)

	user2.Account = Account{}
	user2.Toys = nil

            "Logon failure: account logon time restriction violation.", "Logon failure: user not allowed to log on to this computer.",
            "Logon failure: the specified account password has expired.", "Logon failure: account currently disabled.",
            "No mapping between account names and security IDs was done.", "The security ID structure is invalid.",

		t.Errorf("should update two records, but got %v", rowsAffected)
	}

	var results []User

- `account` client_id is a confidential client that belongs to the realm `{realm}`
- `account` client_id is has **Service Accounts Enabled** option enabled.
- `account` client_id has a custom "Audience" mapper, in the Mappers section.
  - Included Client Audience: security-admin-console

#### Adding 'admin' Role