// where we keep old *Readers
var readMsgpReaderPool = sync.Pool{New: func() interface{} { return &msgp.Reader{} }}

// mspNewReader returns a *Reader that reads from the provided reader.
// The reader will be buffered.
// Return with readMsgpReaderPoolPut when done.
func msgpNewReader(r io.Reader) *msgp.Reader {
	p := readMsgpReaderPool.Get().(*msgp.Reader)
	if p.R == nil {
		p.R = xbufio.NewReaderSize(r, 4<<10)
	} else {
		p.R.Reset(r)

    assert response.json() == {"detail": "X-Token header invalid"}


def test_items_bar_with_invalid_token(client: TestClient):
    response = client.get("/items/bar?token=jessica", headers={"X-Token": "invalid"})
    assert response.status_code == 400
    assert response.json() == {"detail": "X-Token header invalid"}


def test_items_with_missing_x_token_header(client: TestClient):

    assert response.json() == {"detail": "X-Token header invalid"}


@needs_py39
def test_items_bar_with_invalid_token(client: TestClient):
    response = client.get("/items/bar?token=jessica", headers={"X-Token": "invalid"})
    assert response.status_code == 400
    assert response.json() == {"detail": "X-Token header invalid"}


@needs_py39
def test_items_with_missing_x_token_header(client: TestClient):

	for i, eVer := range eVers.versions {
		oVer := oVers.versions[i]
		if eVer.header != oVer.header {
			if eVer.header.hasEC() != oVer.header.hasEC() {
				// One version has EC and the other doesn't - may have been written later.
				// Compare without considering EC.
				a, b := eVer.header, oVer.header
				a.EcN, a.EcM = 0, 0
				b.EcN, b.EcM = 0, 0
				if a == b {
					continue
				}
			}

	xhttp "github.com/minio/minio/internal/http"
)

func getDefaultOpts(header http.Header, copySource bool, metadata map[string]string) (opts ObjectOptions, err error) {
	var clientKey [32]byte
	var sse encrypt.ServerSide

	opts = ObjectOptions{UserDefined: metadata}
	if copySource {
		if crypto.SSECopy.IsRequested(header) {
			clientKey, err = crypto.SSECopy.ParseHTTP(header)
			if err != nil {
				return
			}

			// user must have the s3:BypassGovernanceRetention permission
			// and must explicitly include x-amz-bypass-governance-retention:true
			// as a request header with any request that requires overriding
			// governance mode.
			//
			byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header)
			if !byPassSet {
				t, err := objectlock.UTCNowNTP()
				if err != nil {
					internalLogIf(ctx, err, logger.WarningKind)

	if !compareSignatureV4(req.Form.Get(xhttp.AmzSignature), newSignature) {
		return ErrSignatureDoesNotMatch
	}

	r.Header.Set("x-amz-signature-age", strconv.FormatInt(UTCNow().Sub(pSignValues.Date).Milliseconds(), 10))

	return ErrNone
}

// doesSignatureMatch - Verify authorization header with calculated header in accordance with
//   - http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
//

	cp manifests/charts/base/templates/reader-serviceaccount.yaml manifests/charts/istiod-remote/templates
	cp manifests/charts/istio-control/istio-discovery/templates/mutatingwebhook.yaml manifests/charts/istiod-remote/templates
	cp manifests/charts/istio-control/istio-discovery/templates/reader-clusterrole.yaml manifests/charts/istiod-remote/templates

    assert response.json() == {"detail": "X-Token header invalid"}


def test_items_bar_with_invalid_token(client: TestClient):
    response = client.get("/items/bar?token=jessica", headers={"X-Token": "invalid"})
    assert response.status_code == 400
    assert response.json() == {"detail": "X-Token header invalid"}


def test_items_with_missing_x_token_header(client: TestClient):

    `HTTPDigest` in a dependency.

    The HTTP authorization header value is split by the first space.

    The first part is the `scheme`, the second part is the `credentials`.

    For example, in an HTTP Bearer token scheme, the client will send a header
    like:

    ```
    Authorization: Bearer deadbeef12346
    ```

    In this case: