},
			Object: event.Object{
				Key:       keyName,
				VersionID: args.Object.VersionID,
				Sequencer: uniqueID,
			},
		},
		Source: event.Source{
			Host:      args.Host,
			UserAgent: args.UserAgent,
		},
	}

	isRemovedEvent := args.EventName == event.ObjectRemovedDelete ||
		args.EventName == event.ObjectRemovedDeleteMarkerCreated ||
		args.EventName == event.ObjectRemovedNoOP

		return
	}

	arnMsg := color.Blue("Object Lambda ARNs: ")
	for _, arn := range globalLambdaTargetList.List(globalSite.Region()) {
		arnMsg += color.Bold(fmt.Sprintf("%s ", arn))
	}
	logger.Startup(arnMsg + "\n")
}

// Prints bucket notification configurations.
func printEventNotifiers() {
	if globalNotificationSys == nil {
		return
	}

	arns := globalEventNotifier.GetARNList()
	if len(arns) == 0 {

...
MinIO Object Storage Server
Copyright: 2015-2023 MinIO, Inc.
License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Version: DEVELOPMENT.2023-02-05T05-17-27Z (go1.19.4 linux/amd64)

...
...
Object Lambda ARNs: arn:minio:s3-object-lambda::function:webhook

```

### Lambda Target with Auth Token

If your lambda target expects an authorization token then you can enable it per function target as follows

```

	}

	// Validate the received bucket policy document
	if err = bucketLifecycle.Validate(rcfg); err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// Validate the transition storage ARNs
	if err = validateTransitionTier(bucketLifecycle); err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// Create a map of updated set of rules in request

		name: "replication status for 3 targets - one failed",
		rs: ReplicationState{
			ReplicationStatusInternal: "arn1=COMPLETED;arn2=COMPLETED;arn3=FAILED;",
			Targets:                   map[string]replication.StatusType{"arn1": "COMPLETED", "arn2": "COMPLETED", "arn3": "FAILED"},
		},
		expStatus: replication.Failed,
	},
	{ // 5. replication status for replica version

			continue // skip if not the type we want
		}
		arn, ok := accessKey.Claims[roleArnClaim].(string)
		if !ok {
			if _, ok := accessKey.Claims[iamPolicyClaimNameOpenID()]; !ok {
				continue // skip if no roleArn and no policy claim
			}
			// claim-based provider is in the roleArnMap under dummy ARN
			arn = dummyRoleARN
		}
		matchingCfgName, ok := roleArnMap[arn]
		if !ok {

MINIO_IDENTITY_PLUGIN_ROLE_ID       (string)    unique ID to generate the ARN
MINIO_IDENTITY_PLUGIN_COMMENT       (sentence)  optionally add a comment to this setting
```

If provided, the auth token parameter is sent as an authorization header.

`MINIO_IDENTITY_PLUGIN_ROLE_POLICY` is a required parameter and can be list of comma separated policy names.

        ParameterizedClassDesc[] args = desc.getArguments();
        assertThat(args.length, is(1));
        assertThat(args[0].getRawClass(), is(sameClass(Integer.class)));

        desc = ParameterizedClassDescFactory.createParameterizedClassDesc(method, 1, map);
        assertThat(desc.getRawClass(), is(sameClass(Map.class)));
        args = desc.getArguments();
        assertThat(args.length, is(2));

func (c *lockRESTClient) RLock(ctx context.Context, args dsync.LockArgs) (reply bool, err error) {
	return c.call(ctx, lockRPCRLock, &args)
}

// Lock calls lock REST API.
func (c *lockRESTClient) Lock(ctx context.Context, args dsync.LockArgs) (reply bool, err error) {
	return c.call(ctx, lockRPCLock, &args)
}

// RUnlock calls read unlock REST API.
func (c *lockRESTClient) RUnlock(ctx context.Context, args dsync.LockArgs) (reply bool, err error) {

	policy, _, err := globalBucketMetadataSys.GetPolicyConfig(bucket)
	return policy, err
}

// IsAllowed - checks given policy args is allowed to continue the Rest API.
func (sys *PolicySys) IsAllowed(args policy.BucketPolicyArgs) bool {
	p, err := sys.Get(args.BucketName)
	if err == nil {
		return p.IsAllowed(args)
	}

	// Log unhandled errors.
	if _, ok := err.(BucketPolicyNotFound); !ok {