t.Error(err)
		}
	}

	wantJSON, err := readFile(goldenFilepath)
	if err != nil {
		t.Fatal(err)
	}

	var want, got []byte
	if got, err = yaml.JSONToYAML([]byte(gotJSON)); err != nil {
		t.Fatal(err)
	}
	if want, err = yaml.JSONToYAML([]byte(wantJSON)); err != nil {
		t.Fatal(err)
	}

	if diff := util.YAMLDiff(string(want), string(got)); diff != "" {
		t.Fatalf("diff: %s", diff)
	}
}

		}
		return cmp.Compare(a.Name, b.Name)
	})
	out, err := json.MarshalIndent(policies, "", "    ")
	if err != nil {
		return fmt.Errorf("failed to marshal policies: %v", err)
	}
	if outputFormat == "yaml" {
		if out, err = yaml.JSONToYAML(out); err != nil {
			return err
		}
	}
	fmt.Fprintln(c.Stdout, string(out))
	return nil

// See e.g. https://man.openbsd.org/sysexits.3
// or `less /usr/includes/sysexits.h` if you're on Linux
//
// Picking the right range is tricky--there are a lot of reserved ones (see
// https://www.tldp.org/LDP/abs/html/exitcodes.html#EXITCODESREF) and then some
// used by convention (see sysexits).
//
// The intention here is to use 64-78 in a way that matches the attempt in
// sysexits to signify some error running istioctl, and use 79-125 as custom

	gotOut := &bytes.Buffer{}
	cw := &ConfigWriter{Stdout: gotOut}
	cd, _ := os.ReadFile("testdata/ecds/configdump.json")
	cw.Prime(cd)
	err := cw.PrintEcds("yaml")
	assert.NoError(t, err)

	util.CompareContent(t, gotOut.Bytes(), "testdata/ecds/output.yaml")
}

func TestPrintEcdsJSON(t *testing.T) {
	gotOut := &bytes.Buffer{}
	cw := &ConfigWriter{Stdout: gotOut}
	cd, _ := os.ReadFile("testdata/ecds/configdump.json")

			filter:       EndpointFilter{},
		},
		{
			name:         "emptyfilter",
			outputFormat: "yaml",
			filter:       EndpointFilter{},
		},
		{
			name:         "portfilter",
			outputFormat: "json",
			filter: EndpointFilter{
				Port: 8080,
			},
		},
		{
			name:         "portfilter",
			outputFormat: "yaml",
			filter: EndpointFilter{
				Port: 8080,
			},
		},
	}
	for _, tt := range tests {

	bucketSSEConfig = "bucket-encryption.xml"
)

// PutBucketEncryptionHandler - Stores given bucket encryption configuration
// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
func (api objectAPIHandlers) PutBucketEncryptionHandler(w http.ResponseWriter, r *http.Request) {
	ctx := newContext(r, w, "PutBucketEncryption")

	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

					return ObjectLocked{}
				}

				if !ret.RetainUntilDate.Before(t) {
					return ObjectLocked{}
				}
				return nil
			}
			// https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
			// If you try to delete objects protected by governance mode and have s3:BypassGovernanceRetention, the operation will succeed.

}

// Signature and API related constants.
const (
	signV2Algorithm = "AWS"
)

// AWS S3 Signature V2 calculation rule is give here:
// http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationStringToSign
func doesPolicySignatureV2Match(formValues http.Header) (auth.Credentials, APIErrorCode) {
	accessKey := formValues.Get(xhttp.AmzAccessKeyID)

	r := &http.Request{Header: formValues}

		return nil, err
	}
	// For a given group of objects, sort in order to avoid missing dependencies, such as creating CRDs first
	objects.Sort(object.DefaultObjectOrder())
	for _, obj := range objects {
		yml, err := obj.YAML()
		if err != nil {
			return nil, err
		}
		output = append(output, string(yml))
	}

	return output, nil
}

// RenderToDir writes manifests to a local filesystem directory tree.

type STSErrorCode int

//go:generate stringer -type=STSErrorCode -trimprefix=Err $GOFILE

// Error codes, non exhaustive list - http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
const (
	ErrSTSNone STSErrorCode = iota
	ErrSTSAccessDenied
	ErrSTSMissingParameter
	ErrSTSInvalidParameterValue
	ErrSTSWebIdentityExpiredToken
	ErrSTSClientGrantsExpiredToken
	ErrSTSInvalidClientGrantsToken