if accessKey == globalActiveCred.AccessKey {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not
		// support updating service accounts.

			t.Errorf("Table with escape character, got %v", r.Statement.SQL.String())
		}
	}

	user := *GetUser("upsert_on_conflict", Config{})
	user.Age = 20
	if err := DB.Create(&user).Error; err != nil {
		t.Errorf("failed to create user, got error %v", err)
	}

	var user2 User
	DB.First(&user2, user.ID)
	user2.Age = 30

	}

	if globalIAMSys.LDAPConfig.Enabled() {
		perms, _ := processLDAPAuthentication(key, pass, user)
		if perms != nil {
			return perms, nil
		}
	}

internalAuth:
	ui, ok := globalIAMSys.GetUser(context.Background(), user)
	if !ok {
		return nil, errNoSuchUser
	}

	if globalSFTPTrustedCAPubkey != nil && pass == nil {
		err := validateClientKeyIsTrusted(c, key)
		if err != nil {

`, bucket, bucket)

	err = s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	_, err = s.adm.AttachPolicy(ctx, madmin.PolicyAssociationReq{
		Policies: []string{policy},

// HasWatcher - returns if the storage system has a watcher.
func (store *IAMStoreSys) HasWatcher() bool {
	_, ok := store.IAMStorageAPI.(iamStorageWatcher)
	return ok
}

// GetUser - fetches credential from memory.
func (store *IAMStoreSys) GetUser(user string) (UserIdentity, bool) {
	cache := store.rlock()
	defer store.runlock()

	u, ok := cache.iamUsersMap[user]
	if !ok {
		// Check the sts map

	bucketName := r.Form.Get(peerRESTBucket)
	enableSha256 := r.Form.Get(peerRESTEnableSha256) == "true"
	enableMultipart := r.Form.Get(peerRESTEnableMultipart) == "true"

	u, ok := globalIAMSys.GetUser(r.Context(), r.Form.Get(peerRESTAccessKey))
	if !ok {
		s.writeErrorResponse(w, errAuthentication)
		return
	}

	size, err := strconv.Atoi(sizeStr)
	if err != nil {
		size = 64 * humanize.MiByte

	_, err = findColumnType(&RelationModel2{}, "id")
	if err == nil {
		t.Errorf("RelationModel2 should not be migrated")
	}
}

func TestMigrateView(t *testing.T) {
	DB.Save(GetUser("joins-args-db", Config{Pets: 2}))

	if err := DB.Migrator().CreateView("invalid_users_pets",
		gorm.ViewOption{Query: nil}); err != gorm.ErrSubQueryRequired {
		t.Fatalf("no view should be created, got %v", err)
	}

		return nil, errSRPeerNotFound
	}
	return getAdminClient(endpoint, creds.AccessKey, creds.SecretKey)
}

func (c *SiteReplicationSys) getPeerCreds() (*auth.Credentials, error) {
	u, ok := globalIAMSys.store.GetUser(c.state.ServiceAccountAccessKey)
	if !ok {
		return nil, errors.New("site replication service account not found")
	}
	return &u.Credentials, nil
}

	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	// 1. Create a user.
	accessKey, secretKey := mustGenerateCredentials(c)
	err := s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	// 2. Check new user appears in listing
	usersMap, err := s.adm.ListUsers(ctx)
	if err != nil {

	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	accessKey, secretKey := mustGenerateCredentials(c)
	err := s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	userReq := madmin.PolicyAssociationReq{
		Policies: []string{"readwrite"},