"testing"

	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/auth"
)

func TestDecryptData(t *testing.T) {
	cred1 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio123",
	}

	cred2 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio1234",
	}

	data := []byte(`config data`)
	edata1, err := madmin.EncryptData(cred1.String(), data)
	if err != nil {
		t.Fatal(err)
	}

ct":"Allow","Action":["s3:PutObject"],"Resource":["arn:aws:s3:::*"]}]}} iam-assets/users.json {} iam-assets/groups.json {} iam-assets/svcaccts.json {"dillon-service-2":{"parent":"oCnAoSQFtdVQtKwrB73j","accessKey":"dillon-service-2","secretKey":"dillon-service-2","groups":null,"claims":{"accessKey":"dillon-service-2","at_hash":"LL4jvrkBRNQhOKiC83RL","aud":"minio-client-app","c_hash":"fjGB4ldChsaf9vSFdZ1P","email":"******@****.***","email_verified":true,"groups":["projecta","projectb"],"iat":172...

	var accessKey, secretKey string
	if test.asRoot {
		accessKey, secretKey = globalActiveCred.AccessKey, globalActiveCred.SecretKey
	} else {
		setupKMSUser(t, userAccessKey, userSecretKey, test.policy)
		accessKey = userAccessKey
		secretKey = userSecretKey
	}

	req := buildKMSRequest(t, test.method, test.path, accessKey, secretKey, test.query)
	rec := httptest.NewRecorder()

		adminRouter.Methods(http.MethodPut).Path(adminVersion+"/add-user").HandlerFunc(adminMiddleware(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}")

		adminRouter.Methods(http.MethodPut).Path(adminVersion+"/set-user-status").HandlerFunc(adminMiddleware(adminAPI.SetUserStatus)).Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}")

		// Service accounts ops

	_, fsDir, err := prepareFS(t.Context())
	if err != nil {
		t.Fatal(err)
	}
	defer removeRoots([]string{fsDir})

	credentialTemplate := "%s/%s/%s/s3/aws4_request"
	now := UTCNow()
	accessKey := globalActiveCred.AccessKey

	testCases := []struct {
		form     http.Header
		expected APIErrorCode
	}{
		// (0) It should fail if 'X-Amz-Credential' is missing.
		{
			form:     http.Header{},

)

// BatchJobReplicateCredentials access credentials for batch replication it may
// be either for target or source.
type BatchJobReplicateCredentials struct {
	AccessKey    string `xml:"AccessKeyId" json:"accessKey,omitempty" yaml:"accessKey"`
	SecretKey    string `xml:"SecretAccessKey" json:"secretKey,omitempty" yaml:"secretKey"`
	SessionToken string `xml:"SessionToken" json:"sessionToken,omitempty" yaml:"sessionToken"`
}

Install the chart, specifying the users you want to create after install: ```bash helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio ``` Description of the configuration parameters used above - - `users[].accessKey` - accessKey of user - `users[].secretKey` - secretKey of usersecretRef - `users[].existingSecret` - secret name that contains...

	if err != nil {
		t.Fatal(err)
	}

	if err = signRequestV4(req, globalActiveCred.AccessKey, globalActiveCred.SecretKey); err != nil {
		t.Fatal(err)
	}

	_, owner, s3Err := checkKeyValid(req, globalActiveCred.AccessKey)
	if s3Err != ErrNone {
		t.Fatalf("Unexpected failure with %v", errorCodes.ToAPIErr(s3Err))
	}

	if !owner {

  ## NOTE: this will fail if LDAP is enabled in your MinIO deployment
  ## make sure to disable this if you are using LDAP.
  - accessKey: console
    secretKey: console123
    policy: consoleAdmin
  # Or you can refer to specific secret
  #- accessKey: externalSecret
  #  existingSecret: my-secret
  #  existingSecretKey: password
  #  policy: readonly

	req := mustNewRequest(method, urlStr, contentLength, body, t)
	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

// This is similar to mustNewRequest but additionally the request