package schema_test

import (
	"database/sql"
	"time"

	"gorm.io/gorm"
	"gorm.io/gorm/utils/tests"
)

type User struct {
	*gorm.Model
	Name      *string
	Age       *uint
	Birthday  *time.Time
	Account   *tests.Account
	Pets      []*tests.Pet
	Toys      []*tests.Toy `gorm:"polymorphic:Owner"`
	CompanyID *int
	Company   *tests.Company
	ManagerID *uint
	Manager   *User

     * @return instance for type, null if the type cannot be unwrapped
     */
    <T extends Credentials> T unwrap(Class<T> type);

    /**
     * Get the domain of the user account.
     * @return the domain the user account is in
     */
    String getUserDomain();

    /**
     * Check if these are anonymous credentials.
     * @return whether these are anonymous credentials
     */
    boolean isAnonymous();

- Fixed an issue mounting credentials for service accounts whose name contains `.` characters ([#89696](https://github.com/kubernetes/kubernetes/pull/89696), [@nabokihms](https://github.com/nabokihms)) [SIG Auth]

			f.Creatable = true
			f.Updatable = true
			f.Readable = true
		})
	}

	// check relations
	relations := []Relation{
		{
			Name: "Account", Type: schema.HasOne, Schema: "User", FieldSchema: "Account",
			References: []Reference{{"ID", "User", "UserID", "Account", "", true}},
		},
		{
			Name: "Pets", Type: schema.HasMany, Schema: "User", FieldSchema: "Pet",

		SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
		SID_NAME_ALIAS    = 4, /* local group */
		SID_NAME_WKN_GRP  = 5, /* well-known group */
		SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
		SID_NAME_INVALID  = 7, /* invalid account */
		SID_NAME_UNKNOWN  = 8  /* oops. */
	} LsarSidType;

	typedef struct {
		LsarSidType sid_type;
		uint32_t rid;
		uint32_t sid_index;
	} LsarTranslatedSid;

		SID_NAME_DOMAIN   = 3, /* domain: don't know what this is */
		SID_NAME_ALIAS    = 4, /* local group */
		SID_NAME_WKN_GRP  = 5, /* well-known group */
		SID_NAME_DELETED  = 6, /* deleted account: needed for c2 rating */
		SID_NAME_INVALID  = 7, /* invalid account */
		SID_NAME_UNKNOWN  = 8  /* oops. */
	} LsarSidType;

	typedef struct {
		LsarSidType sid_type;
		uint32_t rid;
		uint32_t sid_index;
	} LsarTranslatedSid;

    if (occurrences == 0) {
      return count(element);
    }
    int index = e.ordinal();
    int oldCount = counts[index];
    if (oldCount == 0) {
      return 0;
    } else if (oldCount <= occurrences) {
      counts[index] = 0;
      distinctElements--;
      size -= oldCount;
    } else {
      counts[index] = oldCount - occurrences;
      size -= occurrences;
    }
    return oldCount;
  }

unprivileged pods, using the proxy to perform privileged storage operations on the node.

Another feature moving to GA in v1.22 is CSI Service Account Token support. This feature allows CSI drivers to use pods' [bound service account tokens](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume) instead of a more privileged identity. It also provides control over to re-publishing these volumes, so that short-lived tokens can be refreshed....

                if (allowedSids != null) {
                    for (final SID sid : allowedSids) {
                        final String accountId = sambaHelper.getAccountId(sid);
                        if (accountId != null) {
                            roleTypeList.add(accountId);
                        }
                    }
                }

    }

    /**
     * Represents a field facet with its name and value counts.
     * Each field facet contains multiple values with their respective document counts.
     */
    public static class Field {
        /**
         * Map containing field values and their document counts.
         * Keys are field values as strings, values are document counts.
         */