return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
	if owner && !globalAPIConfig.permitRootAccess() {
		// We disable root access and its service accounts if asked for.
		return cred, owner, ErrAccessKeyDisabled
	}

	if _, ok := claims[policy.SessionPolicyName]; ok {

    assert response.status_code == 404, response.text
    assert response.json() == {"detail": "Item not found"}


def test_owner_error():
    response = client.get("/items/plumbus")
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Owner error: Rick"}


def test_get_item():
    response = client.get("/items/portal-gun")
    assert response.status_code == 200, response.text

    assert response.json() == {"detail": "Item not found"}


@needs_py39
def test_owner_error(client: TestClient):
    response = client.get("/items/plumbus")
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Owner error: Rick"}


@needs_py39
def test_get_item(client: TestClient):
    response = client.get("/items/portal-gun")

import org.jetbrains.kotlin.analysis.api.symbols.KtPackageSymbol
import org.jetbrains.kotlin.resolve.scopes.MemberScope

internal class KtFe10PackageScope(
    scope: MemberScope,
    private val owner: KtPackageSymbol,
    analysisContext: Fe10AnalysisContext
) : KtFe10ScopeMember(scope, constructors = emptyList(), analysisContext) {

on:
  workflow_dispatch:
    inputs:
      client_payload:
        description: The Client payload
        required: true
      full_repository:
        description: the repository name include the owner in `owner/repo_name` format
        required: true
      head_ref:
        description: the head sha
        required: true
      base_ref:
        description: the base ref
        required: true
      installation_id:

import static com.google.common.base.StandardSystemProperty.OS_NAME;
import static com.google.common.truth.Truth.assertThat;
import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
import static java.nio.file.attribute.PosixFilePermission.OWNER_WRITE;
import static org.junit.Assert.assertThrows;

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.attribute.PosixFileAttributeView;

            \`\`\`
            ${{ env.OUTPUT }}
            \`\`\`
            `;
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: output

import static com.google.common.base.StandardSystemProperty.OS_NAME;
import static com.google.common.truth.Truth.assertThat;
import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
import static java.nio.file.attribute.PosixFilePermission.OWNER_WRITE;
import static org.junit.Assert.assertThrows;

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.attribute.PosixFileAttributeView;

iptables -t nat -N ISTIO_POSTRT
iptables -t nat -A POSTROUTING -j ISTIO_POSTRT
iptables -t nat -A ISTIO_POSTRT -m owner --socket-exists -p tcp -m set --match-set istio-inpod-probes-v4 dst -j SNAT --to-source 169.254.7.127
ip6tables -t nat -N ISTIO_POSTRT
ip6tables -t nat -A POSTROUTING -j ISTIO_POSTRT

		}

		// Now check if we have a sessionPolicy.
		if _, ok = eclaims[policy.SessionPolicyName]; ok {
			owner = false
		} else {
			owner = globalActiveCred.AccessKey == ucred.ParentUser
		}

		groups = ucred.Groups
	}

	return claims, groups, owner, nil
}

// newCachedAuthToken returns a token that is cached up to 15 seconds.