Description:    "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSClientGrantsExpiredToken: {
		Code:           "ExpiredToken",

        assertNull(leaseManager.getLease(key2));
        assertTrue(leaseManager.getAllLeases().isEmpty());
    }

    @Test
    @DisplayName("Should clean up expired leases")
    void testCleanupExpiredLeases() throws InterruptedException {
        String path = "/share/expired.txt";
        int requestedState = Smb2LeaseState.SMB2_LEASE_READ_CACHING;

        Smb2LeaseKey key = leaseManager.requestLease(path, requestedState);

		field, bts, err = msgp.ReadMapKeyZC(bts)
		if err != nil {
			err = msgp.WrapError(err)
			return
		}
		switch msgp.UnsafeString(field) {
		case "Expire":
			z.Expire, bts, err = msgp.ReadBoolBytes(bts)
			if err != nil {
				err = msgp.WrapError(err, "Expire")
				return
			}
		default:
			bts, err = msgp.Skip(bts)
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}

## Add ILM rules
./mc ilm add sitea/bucket --transition-days 0 --transition-tier WARM-TIER --transition-days 0 --noncurrent-expire-days 2 --expire-days 3 --prefix "myprefix" --tags "tag1=val1&tag2=val2"
./mc ilm rule list sitea/bucket

## Check ilm expiry flag
./mc admin replicate info sitea --json

            "No process is on the other end of the pipe.", "More data is available.", "This user account has expired.",
            "The user is not allowed to log on from this workstation.", "The user is not allowed to log on at this time.",
            "The password of this user has expired.", };

            "No process is on the other end of the pipe.", "More data is available.", "This user account has expired.",
            "The user is not allowed to log on from this workstation.", "The user is not allowed to log on at this time.",
            "The password of this user has expired.", };

        jobLog.setId("test-log-1");
        jobLog.setJobName("Test Job");
        jobLog.setEndTime(null);

        MonitorTarget target = new MonitorTarget(jobLog);
        try {
            target.expired();
            // If it succeeds, check that lastUpdated is set
            assertNotNull(jobLog.getLastUpdated());
        } catch (Exception e) {
            // Expected in test environment due to missing client

        assertFalse(thumbnailManager.generating);
    }

    // Test purge with expired files
    public void test_purge_withExpiredFiles() throws IOException {
        // Create test files
        File dir1 = new File(tempDir, "_1");
        dir1.mkdirs();
        File expiredFile = new File(dir1, "expired.png");
        expiredFile.createNewFile();

	purgeStart := time.Now()

	// Purge expired STS credentials.

	// Scan STS users on disk and purge expired ones.
	stsAccountsFromStore := map[string]UserIdentity{}
	stsAccPoliciesFromStore := xsync.NewMapOf[string, MappedPolicy]()
	for _, item := range listedConfigItems[stsListKey] {
		userName := path.Dir(item)
		// loadUser() will delete expired user during the load.

   * useful in testing, or to disable caching temporarily without a code change.
   *
   * <p>Expired entries may be counted in {@link Cache#size}, but will never be visible to read or
   * write operations. Expired entries are cleaned up as part of the routine maintenance described
   * in the class javadoc.
   *