// ErrPreloadNotAllowed preload is not allowed when count is used
	ErrPreloadNotAllowed = errors.New("preload is not allowed when count is used")
	// ErrDuplicatedKey occurs when there is a unique key constraint violation
	ErrDuplicatedKey = errors.New("duplicated key not allowed")
	// ErrForeignKeyViolated occurs when there is a foreign key constraint violation

  //               the number of allowed disruptions. Therefore no disruptions are
  //               allowed and the status of the condition will be False.
  // - InsufficientPods: The number of pods are either at or below the number
  //                     required by the PodDisruptionBudget. No disruptions are
  //                     allowed and the status of the condition will be False.

`),
			applied: []byte(`
# test conflicts due to fields not allowed by last-applied

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  labels:
    app: my-new-label # NOT allowed: update label
spec:
  replicas: 333 # NOT allowed: update replicas
  selector:
    matchLabels:
      app: my-new-label # allowed: update label
  template:
    metadata:
      labels:

package p

//go:notinheap
type nih struct{}

type embed4 map[nih]int // ERROR "incomplete \(or unallocatable\) map key not allowed"

type embed5 map[int]nih // ERROR "incomplete \(or unallocatable\) map value not allowed"

type emebd6 chan nih // ERROR "chan of incomplete \(or unallocatable\) type not allowed"

type okay1 *nih

type okay2 []nih

type okay3 func(x nih) nih

type okay4 interface {
	f(x nih) nih
}

    }
}

@RequiresOptIn("Analysis should not be allowed to be run from the EDT, as otherwise it may cause IDE freezes.")
public annotation class KaAllowAnalysisOnEdt

/**
 * Allows [analyze][org.jetbrains.kotlin.analysis.api.analyze] to be called on the EDT in the given [action], which is normally not allowed.
 *

// errMethodNotAllowed means that method is not allowed.
var errMethodNotAllowed = errors.New("Method not allowed")

// errSignatureMismatch means signature did not match.
var errSignatureMismatch = errors.New("Signature does not match")

// When upload object size is greater than 5G in a single PUT/POST operation.
var errDataTooLarge = errors.New("Object size larger than allowed limit")

# critical pods are configured as a limited resource by admission_controller_config.yaml,
# which means they are disallowed unless explicitly allowed by a namespaced quota object.
# This quota effectively removes the restriction on the number of critical pods allowed in the kube-system namespace.
apiVersion: v1
kind: ResourceQuota
metadata:
  name: gcp-critical-pods
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
spec:

     *
     * @since 3.3
     */
    void setCanBeResolved(boolean allowed);

    /**
     * Returns true if it is allowed to query or resolve this configuration. Defaults to true.
     * @return true if this configuration can be queried or resolved.
     * @since 3.3
     */
    boolean isCanBeResolved();

    /**
     * Configures if a configuration can have dependencies declared upon it.
     *

    internal.istio.io/parents: HTTPRoute/backend-not-allowed.istio-system
    internal.istio.io/route-semantics: gateway
  creationTimestamp: null
  name: backend-not-allowed-0-istio-autogenerated-k8s-gateway
  namespace: istio-system
spec:
  gateways:
  - istio-system/gateway-istio-autogenerated-k8s-gateway-simple
  hosts:
  - simple2.domain.example
  http:
  - name: istio-system.backend-not-allowed.0
    route:
    - destination:

		},
		// steve triggers an authz check, is allowed by the authorizer, and has no RBAC permissions, but is still allowed
		{
			name:          "steve",
			user:          steve,
			expectAuthz:   true,
			expectAllowed: true,
		},
		// alice triggers an authz check, is denied by the authorizer, but has RBAC permissions in the fakeRuleResolver, so is allowed
		{
			name:          "alice",
			user:          alice,