errInvalidInternalSealAlgorithm = Errorf("The internal seal algorithm is invalid and not supported")
)

// errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
// to produce enough random data. This is fatal error and should cause a panic.

		// VersionPurgeStatus:            "",
		NumVersions:      1,
		SuccessorModTime: time.Time{},
	}
	fi.SetTierFreeVersionID(uuid.New().String())
	// Test if free version is created when SkipTier wasn't set on fi
	j := xlMetaV2Object{}
	j.MetaSys = make(map[string][]byte)
	j.MetaSys[metaTierName] = []byte("WARM-1")
	j.MetaSys[metaTierStatus] = []byte(lifecycle.TransitionComplete)

func TestSkipTierFreeVersion(t *testing.T) {
	fi := newFileInfo("object", 8, 8)
	fi.SetSkipTierFreeVersion()
	if ok := fi.SkipTierFreeVersion(); !ok {
		t.Fatal("Expected SkipTierFreeVersion to be set on FileInfo but wasn't")
	}

	loggingOptions.WithTeeToUDS(udsSock, constants.UDSLogPath)
	assert.NoError(t, log.Configure(loggingOptions))
	log.FindScope("default").SetOutputLevel(log.DebugLevel)
	log.Debug("debug log")
	log.Info("info log")
	log.Warn("warn log")
	log.Error("error log")
	// This will error because stdout cannot sync, but the UDS part should sync
	// Ideally we would fail if the UDS part fails but the error library makes it kind of tricky
	_ = log.Sync()

					}
				}
				if reader != nil && proxy.Proxy && perr == nil {
					gr = reader
				}
			}
		}
		if reader == nil || !proxy.Proxy {
			// validate if the request indeed was authorized, if it wasn't we need to return "ErrAccessDenied"
			// instead of any namespace related error.
			if s3Error := authorizeRequest(ctx, r, policy.GetObjectAction); s3Error != ErrNone {

	mac.Write(bin[:])
	mac.Sum(partKey[:0])
	return partKey
}

// SealETag seals the etag using the object key.
// It does not encrypt empty ETags because such ETags indicate
// that the S3 client hasn't sent an ETag = MD5(object) and
// the backend can pick an ETag value.
func (key ObjectKey) SealETag(etag []byte) []byte {
	if len(etag) == 0 { // don't encrypt empty ETag - only if client sent ETag = MD5(object)

	if openNetns != nil {
		return openNetns, nil
	}
	log.Debug("pod netns was not found, trying to find it using procfs")
	// this can happen if the pod was dynamically added to the mesh after it was created.
	// in that case, try finding the netns using procfs.
	if err := s.rescanPod(pod); err != nil {
		log.Errorf("error scanning proc: error was %s", err)
		return nil, err
	}

				log.Debugf("ztunnel keepalive failed: %v", err)
				if errors.Is(err, io.EOF) {
					log.Debug("ztunnel EOF")
					return nil
				}
				return err
			case err == nil:
				log.Warn("ztunnel protocol error, unexpected message")
				return fmt.Errorf("ztunnel protocol error, unexpected message")
			default:
				// we get here if error is deadline exceeded, which means ztunnel is alive.
			}

	},
	ErrSTSMalformedPolicyDocument: {
		Code:           "MalformedPolicyDocument",
		Description:    "The request was rejected because the policy document was malformed.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSInsecureConnection: {
		Code:           "InsecureConnection",
		Description:    "The request was made over a plain HTTP connection. A TLS connection is required.",
		HTTPStatusCode: http.StatusBadRequest,
	},

			if op == "add" {
				t.Logf("PASS: File %v was added to %v", f, tempCNIBinDir)
				return nil
			} else if op == "del" {
				return fmt.Errorf("FAIL: File %v was not removed from %v", f, tempCNIBinDir)
			}
		} else {
			if op == "add" {
				return fmt.Errorf("FAIL: File %v was not added to %v", f, tempCNIBinDir)
			} else if op == "del" {
				t.Logf("PASS: File %v was removed from %v", f, tempCNIBinDir)
				return nil