st {"Ticket":1103341116,"IssueData":"2015-12-21T00:00:00","IssueTime":"1251","RPState":"CA","PlateExpiry":"200304","Make":"HOND","BodyStyle":"PA","Color":"GY","Location":"13147 WELBY WAY","Route":"01521","Agency":1,"ViolationCode":"4000A1","ViolationDescr":"NO EVIDENCE OF REG","Fine":50,"Latitude":99999,"Longitude":99999} {"Ticket":1103700150,"IssueData":"2015-12-21T00:00:00","IssueTime":"1435","RPState":"CA","PlateExpiry":"201512","Make":"GMC","BodyStyle":"VN","Color":"WH","Location":"525 S MAIN...

    @app.get("/facilities/{facility_id}")
    def get_facility(facility_id: str) -> Facility:
        return Facility(
            id=facility_id,
            address=Address(line_1="123 Main St", city="Anytown", state_province="CA"),
        )

    client = TestClient(app)
    return client


def test_get(client: TestClient):
    response = client.get("/facilities/42")
    assert response.status_code == 200, response.text

`--sftp=trusted-user-ca-key=...` specifies a file containing public key of certificate authority that is trusted
to sign user certificates for authentication.

Implementation is identical with "TrustedUserCAKeys" setting in OpenSSH server with exception that only one CA
key can be defined.

If a certificate is presented for authentication and has its signing CA key is in this file, then it may be

  annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent 4 }}
  {{- end }}
spec:
  endpoints:
    {{- if .Values.tls.enabled }}
    - port: https
      scheme: https
      tlsConfig:
        ca:
          secret:
            name: {{ .Values.tls.certSecret }}
            key: {{ .Values.tls.publicCrt }}
        serverName: {{ template "minio.fullname" . }}
    {{- else }}
    - port: http
      scheme: http

# Other build-related tools
apt-transport-https
autoconf
automake
build-essential
ca-certificates
curl
git
parallel
sudo
swig
unzip
zip
openjdk-21-jdk
vim
wget
jq

* Inside the `certs` directory, the private key must by named `private.key` and the public key must be named `public.crt`.
* A certificate signed by a CA contains information about the issued identity (e.g. name, expiry, public key) and any intermediate certificates. The root CA is not included.

## 3. Generate and use Self-signed Keys and Certificates with MinIO

FROM golang:1.24-alpine as build

ARG TARGETARCH
ARG RELEASE

ENV GOPATH=/go
ENV CGO_ENABLED=0

# Install curl and minisign
RUN apk add -U --no-cache ca-certificates && \
    apk add -U --no-cache curl && \
    go install aead.dev/minisign/cmd/minisign@v0.2.1

# Download minio binary and signature files
RUN curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \

    verify_and_map: true
}
authorization {
    ADMIN = {
        publish = ">"
        subscribe = ">"
    }
    users = [
        {user: "CN=localhost,OU=Client,O=MinIO,C=CA", permissions: $ADMIN}
    ]

- Kubernetes cluster with `kubectl` configured.

- Acquire TLS certificates, either from a CA or [create self-signed certificates](https://docs.min.io/community/minio-object-store/operations/network-encryption.html).

	defaultMinioConfigDir = ".minio"

	// Directory contains below files/directories for HTTPS configuration.
	certsDir = "certs"

	// Directory contains all CA certificates other than system defaults for HTTPS.
	certsCADir = "CAs"

	// Public certificate file for HTTPS.
	publicCertFile = "public.crt"

	// Private key file for HTTPS.
	privateKeyFile = "private.key"
)