}
	if len(keys) != int(limit) {
		t.Fatalf("Expected length of the batch keys to be %v but got %v", limit, len(items))
	}
	batchLen = batch.Len()
	if batchLen != 0 {
		t.Fatalf("expected batch to be empty but still left with %d items", batchLen)
	}
	// Add duplicate entries
	for i := 0; i < 10; i++ {
		if err := batch.Add(99, 99); err != nil {
			t.Fatalf("failed to add duplicate item %v to batch after Get; %v", i, err)
		}
	}

// The auth package provides support for checking the authentication and authorization policy applied
// in the mesh. It aims to increase the debuggability and observability of auth policies.
// Note: this is still under active development and is not ready for real use.
package authz

import (
	"fmt"
	"io"

	envoy_admin "github.com/envoyproxy/go-control-plane/envoy/admin/v3"

		t.Errorf("Hamster's preferred toy should be cleared with Clear")
	}

	if DB.Model(&hamster2).Association("OtherToy").Count() != 1 {
		t.Errorf("Hamster's other toy should be still available")
	}

	DB.Model(&hamster).Association("OtherToy").Clear()
	if DB.Model(&hamster).Association("OtherToy").Count() != 0 {
		t.Errorf("Hamster's other toy should be cleared with Clear")
	}

		dstRec = &Record{}
	}
	dstRec.object = v
	return dstRec, nil
}

// Close - closes underlying reader.
func (r *Reader) Close() error {
	// Close the input.
	// Potentially racy if the stream decoder is still reading.
	if r.readCloser != nil {
		r.readCloser.Close()
	}
	if r.exitReader != nil {
		close(r.exitReader)
		r.readerWg.Wait()
		r.exitReader = nil
		r.input = nil
	}
	return nil
}

	kubeClient, client, err := KubernetesClients(cliClient, l)
	if err != nil {
		l.LogAndFatal(err)
	}

	// If the user is performing purge but also specified a revision, we should warn
	// that the purge will still remove all resources
	if orArgs.purge && orArgs.revision != "" {
		orArgs.revision = ""
		l.LogAndPrint("Purge remove will remove all Istio operator controller, ignoring the specified revision\n")
	}

	var installed bool

	}

	taggedNamespaces, err := GetNamespacesWithTag(ctx, kubeClient, tagName)
	if err != nil {
		return fmt.Errorf("failed to retrieve namespaces dependent on tag %q", tagName)
	}
	// warn user if deleting a tag that still has namespaces pointed to it
	if len(taggedNamespaces) > 0 && !skipConfirmation {
		if !util.Confirm(buildDeleteTagConfirmation(tagName, taggedNamespaces), w) {
			fmt.Fprintf(w, "Aborting operation.\n")
			return nil
		}

			}
		}(index, c)
	}

	// Wait until we have either
	//
	// a) received all refresh responses
	// b) received too many refreshed for quorum to be still possible
	// c) timed out
	//
	lockNotFound, lockRefreshed := 0, 0
	done := false

	for i := 0; i < len(restClnts); i++ {
		select {
		case refreshResult := <-ch:
			if refreshResult.offline {

		return nil, fmt.Errorf("failed to unmarshal proxy config: %s", err)
	}
	return envoyConfig, nil
}

// AuthZ groups commands used for inspecting and interacting the authorization policy.
// Note: this is still under active development and is not ready for real use.
func AuthZ(ctx cli.Context) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "authz",
		Short: "Inspect Istio AuthorizationPolicy",
	}

	if errMetaCode != ErrNone {
		return errMetaCode
	}

	// If the host which signed the request is slightly ahead in time (by less than globalMaxSkewTime) the
	// request should still be allowed.
	if pSignValues.Date.After(UTCNow().Add(globalMaxSkewTime)) {
		return ErrRequestNotReadyYet
	}

	if UTCNow().Sub(pSignValues.Date) > pSignValues.Expires {
		return ErrExpiredPresignRequest
	}

// (http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html)
func checkPostPolicy(formValues http.Header, postPolicyForm PostPolicyForm) error {
	// Check if policy document expiry date is still not reached
	if !postPolicyForm.Expiration.After(UTCNow()) {
		return fmt.Errorf("Invalid according to Policy: Policy expired")
	}