switch err {
	case errInvalidRange:
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidCopyPartRange), url)
		return
	case errInvalidRangeSource:
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidCopyPartRangeSource), url)
		return
	default:
		apiErr := errorCodes.ToAPIErr(ErrInvalidCopyPartRangeSource)
		apiErr.Description = err.Error()
		writeErrorResponse(ctx, w, apiErr, url)

				}
			}
		}
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL)
		return
	}

	// We do not allow offsetting into extracted files.
	if opts.PartNumber != 0 {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidPartNumber), r.URL)
		return
	}

	if r.Header.Get(xhttp.Range) != "" {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidRange), r.URL)
		return
	}

	if objAPI == nil {
		return
	}

	password := cred.SecretKey
	reqBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
	if err != nil {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErrWithErr(ErrAdminConfigBadJSON, err), r.URL)
		return
	}

	var cfg madmin.TierConfig
	json := jsoniter.ConfigCompatibleWithStandardLibrary
	if err := json.Unmarshal(reqBytes, &cfg); err != nil {

	getDeleteErrorList := func(objects []ObjectToDelete) (deleteErrorList []DeleteError) {
		for _, obj := range objects {
			deleteErrorList = append(deleteErrorList, DeleteError{
				Code:    errorCodes[ErrAccessDenied].Code,
				Message: errorCodes[ErrAccessDenied].Description,
				Key:     obj.ObjectName,
			})
		}

		return deleteErrorList
	}

	objects := []ObjectToDelete{}
	objects = append(objects, ObjectToDelete{

		}
	}
}

// Check if an API error is properly defined
func TestAPIErrCodeDefinition(t *testing.T) {
	for errAPI := ErrNone + 1; errAPI < apiErrCodeEnd; errAPI++ {
		errCode, ok := errorCodes[errAPI]
		if !ok {
			t.Fatal(errAPI, "error code is not defined in the API error code table")
		}
		if errCode.Code == "" {
			t.Fatal(errAPI, "error code has an empty XML code")
		}

	"net/url"
	"os"
	"testing"
	"time"
)

func niceError(code APIErrorCode) string {
	// Special-handle ErrNone
	if code == ErrNone {
		return "ErrNone"
	}

	return fmt.Sprintf("%s (%s)", errorCodes[code].Code, errorCodes[code].Description)
}

func TestDoesPolicySignatureMatch(t *testing.T) {
	_, fsDir, err := prepareFS(t.Context())
	if err != nil {
		t.Fatal(err)
	}
	defer removeRoots([]string{fsDir})

		argumentName = strings.ToLower(xhttp.AmzPartNumberMarker)
		valid = false
		return opts, valid
	}

	opts.ObjectAttributes = parseObjectAttributes(r.Header)
	if len(opts.ObjectAttributes) < 1 {
		apiErr = errorCodes.ToAPIErr(ErrInvalidAttributeName)
		argumentName = strings.ToLower(xhttp.AmzObjectAttributes)
		valid = false
		return opts, valid
	}

	for tag := range opts.ObjectAttributes {
		switch tag {

				// header, for all requests where Date header is not
				// present we will reject such clients.
				defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
				writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(errCode), r.URL)
				atomic.AddUint64(&globalHTTPStats.rejectedRequestsTime, 1)
				return
			}
			// Verify if the request date header is shifted by less than globalMaxSkewTime parameter in the past

- `TaintBasedEvictions` feature...

		t.Fatal(err)
	}

	_, owner, s3Err := checkKeyValid(req, globalActiveCred.AccessKey)
	if s3Err != ErrNone {
		t.Fatalf("Unexpected failure with %v", errorCodes.ToAPIErr(s3Err))
	}

	if !owner {
		t.Fatalf("Expected owner to be 'true', found %t", owner)
	}

	_, _, s3Err = checkKeyValid(req, "does-not-exist")
	if s3Err != ErrInvalidAccessKeyID {