// Add the bucket condition, only accept buckets equal to the one passed.
	bucketConditionStr := fmt.Sprintf(`["eq", "$bucket", "%s"]`, bucketName)
	// Add the key condition, only accept keys equal to the one passed.
	keyConditionStr := fmt.Sprintf(`["eq", "$key", "%s/upload.txt"]`, objectKey)
	// Add content length condition, only accept content sizes of a given length.

}

func (s *sftpLogger) Error(tag xsftp.LogType, err error) {
	switch tag {
	case xsftp.AcceptNetworkError:
		sftpLogOnceIf(context.Background(), err, "accept-limit-sftp")
	case xsftp.AcceptChannelError:
		sftpLogOnceIf(context.Background(), err, "accept-channel-sftp")
	case xsftp.SSHKeyExchangeError:
		sftpLogOnceIf(context.Background(), err, "key-exchange-sftp")
	default:

	return h.reqPool.Get().(Req)
}

// PutRequest will accept a request for reuse.
// These should be returned by the handler.
func (h *StreamTypeHandler[Payload, Req, Resp]) PutRequest(r Req) {
	if r != h.nilReq {
		h.reqPool.Put(r)
	}
}

// PutResponse will accept a response for reuse.
// These should be returned by the caller.

	logger.GetReqInfo(ctx).Region = globalSite.Region

	return cred, owner, ErrNone
}

// checkAdminRequestAuth checks for authentication and authorization for the incoming
// request. It only accepts V2 and V4 requests. Presigned, JWT and anonymous requests
// are automatically rejected.
func checkAdminRequestAuth(ctx context.Context, r *http.Request, action policy.AdminAction, region string) (auth.Credentials, APIErrorCode) {

  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ##
  #loadBalancerSourceRanges:
  #   - 10.10.10.0/24
  loadBalancerSourceRanges: []

  ## service.externalTrafficPolicy minio service external traffic policy

		case "ID":
			err = dc.ReadExactBytes((z.ID)[:])
			if err != nil {
				err = msgp.WrapError(err, "ID")
				return
			}
		case "Accepted":
			z.Accepted, err = dc.ReadBool()
			if err != nil {
				err = msgp.WrapError(err, "Accepted")
				return
			}
		case "RejectedReason":
			z.RejectedReason, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "RejectedReason")

MINIO_IDENTITY_OPENID_COMMENT               (sentence)  optionally add a comment to this setting
```

### Access Control Configuration Variables

Either `MINIO_IDENTITY_OPENID_ROLE_POLICY` (recommended) or `MINIO_IDENTITY_OPENID_CLAIM_NAME` must be specified but not both. See the section Access Control Policies to understand the differences between the two.

### Certificate Directory

TLS certificates by default are expected to be stored under ``${HOME}/.minio/certs`` directory. You need to place certificates here to enable `HTTPS` based access. Read more about [How to secure access to MinIO server with TLS](https://min.io/docs/minio/linux/operations/network-encryption.html).

Following is a sample directory structure for MinIO server with TLS certificates.

```sh

statefulset additionalLabels: [] ## Additional annotations to include with deployment or statefulset additionalAnnotation: [] ## Additional arguments to pass to minio binary extraArgs: [] ## Port number for MinIO S3 API Access minioAPIPort: "9000" ## Port number for MinIO Browser COnsole Access minioConsolePort: "9001" ## Update strategy for Deployments DeploymentUpdate: type: RollingUpdate maxUnavailable: 0 maxSurge: 100% ## Update strategy for StatefulSets StatefulSetUpdate: updateStrategy: RollingUpdate...

statefulset additionalLabels: [] ## Additional annotations to include with deployment or statefulset additionalAnnotation: [] ## Additional arguments to pass to minio binary extraArgs: [] ## Port number for MinIO S3 API Access minioAPIPort: "9000" ## Port number for MinIO Browser COnsole Access minioConsolePort: "9001" ## Update strategy for Deployments DeploymentUpdate: type: RollingUpdate maxUnavailable: 0 maxSurge: 100% ## Update strategy for StatefulSets StatefulSetUpdate: updateStrategy: RollingUpdate...