- type: checkboxes
    id: privileged
    attributes:
      label: Privileged issue
      description: Confirm that you are allowed to create an issue here.
      options:
        - label: I'm @tiangolo or he asked me directly to create an issue here.
          required: true
  - type: textarea
    id: content
    attributes:
      label: Issue Content

{
  "name": "istio build-tools",
  "image": "gcr.io/istio-testing/build-tools:master-c67afcee625a4b91bdde7da65c9867f98248691e",
  "privileged": true,
  "remoteEnv": {
    "USE_GKE_GCLOUD_AUTH_PLUGIN": "True",
    "BUILD_WITH_CONTAINER": "0",
    "CARGO_HOME": "/home/.cargo",
    "RUSTUP_HOME": "/home/.rustup"
  },
  "features": {
    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
    "ghcr.io/mpriscella/features/kind:1": {}
  },

   * with a differently behaving {@code loader}. For example, a call that requests a short timeout
   * for an RPC may wait for a similar call that requests a long timeout, or a call by an
   * unprivileged user may return a resource accessible only to a privileged user making a similar
   * call. To prevent this problem, create a key object that includes all values that affect the

   * with a differently behaving {@code loader}. For example, a call that requests a short timeout
   * for an RPC may wait for a similar call that requests a long timeout, or a call by an
   * unprivileged user may return a resource accessible only to a privileged user making a similar
   * call. To prevent this problem, create a key object that includes all values that affect the

{% endfor %}

</div>

Although the team members have the permissions to perform privileged tasks, all the [help from others maintaining FastAPI](./help-fastapi.md#help-maintain-fastapi){.internal-link target=_blank} is very much appreciated! 🙇‍♂️

## FastAPI Experts

class Item(BaseModel):
    id: str
    value: str


responses = {
    404: {"description": "Item not found"},
    302: {"description": "The item was moved"},
    403: {"description": "Not enough privileges"},
}


app = FastAPI()


@app.get(
    "/items/{item_id}",
    response_model=Item,
    responses={**responses, 200: {"content": {"image/png": {}}}},
)

		Patch(
			context.Background(),
			pod.Name,
			types.MergePatchType,
			annotationPatch,
			metav1.PatchOptions{},
			// Both "pods" and "pods/status" can mutate the metadata. However, pods/status is lower privilege, so we use that instead.
			"status",
		)
	return err
}

func AnnotateUnenrollPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error {

                    "responses": {
                        "404": {"description": "Item not found"},
                        "302": {"description": "The item was moved"},
                        "403": {"description": "Not enough privileges"},
                        "200": {
                            "description": "Successful Response",
                            "content": {
                                "image/png": {},

	Remove(ctx context.Context, object string, rv remoteVersionID) error
	InUse(ctx context.Context) (bool, error)
}

const probeObject = "probeobject"

// checkWarmBackend checks if tier config credentials have sufficient privileges
// to perform all operations defined in the WarmBackend interface.
func checkWarmBackend(ctx context.Context, w WarmBackend) error {
	remoteVersionID, err := w.Put(ctx, probeObject, strings.NewReader("MinIO"), 5)

Date:   Sat Jun 15 11:27:17 2019 -0700

    [security] Match ${aws:username} exactly instead of prefix match (#7791)

    This PR fixes a security issue where an IAM user based
    on his policy is granted more privileges than restricted
    by the users IAM policy.

    This is due to an issue of prefix based Matcher() function
    which was incorrectly matching prefix based on resource
    prefixes instead of exact match.
```