if [ $? -ne 0 ]; then
	echo "policy mapping missing, exiting.."
	exit_1
fi

./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
if [ $? -ne 0 ]; then
	echo "policy mapping missing, exiting.."
	exit_1
fi

./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
if [ $? -ne 0 ]; then
	echo "policy mapping missing, exiting.."
	exit_1
fi

fi

./mc admin user info minio1 foobar
if [ $? -ne 0 ]; then
	echo "policy mapping missing on 'minio1', exiting.."
	exit_1
fi

./mc admin user info minio2 foobar
if [ $? -ne 0 ]; then
	echo "policy mapping missing on 'minio2', exiting.."
	exit_1
fi

./mc admin user info minio3 foobar
if [ $? -ne 0 ]; then
	echo "policy mapping missing on 'minio3', exiting.."
	exit_1
fi

			Value: "",
		},
		config.KV{
			Key:   KeyCloakAdminURL,
			Value: "",
		},
	}
)

var errSingleProvider = config.Errorf("Only one OpenID provider can be configured if not using role policy mapping")

// DummyRoleARN is used to indicate that the user associated with it was
// authenticated via policy-claim based OpenID provider.
var DummyRoleARN = func() arn.ARN {
	v, err := arn.NewIAMRoleARN("dummy-internal", "")

	"X-Minio-Replication-Server-Side-Encryption-Iv",
	"X-Minio-Replication-Encrypted-Multipart",
	"X-Minio-Replication-Actual-Object-Size",
	// Add more supported headers here.
}

// mapping of internal headers to allowed replication headers
var validSSEReplicationHeaders = map[string]string{
	"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "X-Minio-Replication-Server-Side-Encryption-Sealed-Key",

		}
	}
	// Retrieve all keys and values to avoid too many calls to etcd in case of
	// a large number of policy mappings
	r, err := ies.client.Get(cctx, basePrefix, etcd.WithPrefix())
	if err != nil {
		return err
	}

	// Parse all policies mapping to create the proper data model
	for _, kv := range r.Kvs {
		if err = getMappedPolicy(kv, m, basePrefix); err != nil && !errors.Is(err, errNoSuchPolicy) {

	_, err = loadPolicyRPC.Call(context.Background(), client.gridConn(), grid.NewMSSWith(map[string]string{
		peerRESTPolicy: policyName,
	}))
	return err
}

// LoadPolicyMapping - reload a specific policy mapping
func (client *peerRESTClient) LoadPolicyMapping(userOrGroup string, userType IAMUserType, isGroup bool) error {
	_, err := loadPolicyMappingRPC.Call(context.Background(), client.gridConn(), grid.NewMSSWith(map[string]string{

	}

	bootstrapTraceMsg("loading user policy mapping")
	userPolicyMappingsList := listedConfigItems[policyDBUsersListKey]
	for _, item := range userPolicyMappingsList {
		userName := strings.TrimSuffix(item, ".json")
		if err := iamOS.loadMappedPolicy(ctx, userName, regUser, false, cache.iamUserPolicyMap); err != nil && !errors.Is(err, errNoSuchPolicy) {
			return fmt.Errorf("unable to load the policy mapping for the user `%s`: %w", userName, err)
		}

	}

	// We map the X.509 subject common name to the policy. So, a client
	// with the common name "foo" will be associated with the policy "foo".
	// Other mapping functions - e.g. public-key hash based mapping - are
	// possible but not implemented.
	//
	// Group mapping is not possible with standard X.509 certificates.
	if certificate.Subject.CommonName == "" {

//
//	user=... -> repeatable query parameter, specifying users to query for
//	policy mapping
//
//	group=... -> repeatable query parameter, specifying groups to query for
//	policy mapping
//
//	policy=... -> repeatable query parameter, specifying policy to query for
//	user/group mapping
//
// When all query parameters are omitted, returns mappings for all policies.

				m.addErrorNonBlockingClose(respHandler, ErrDisconnected)
				return
			}
			// Send new ping.
			gridLogIf(m.ctx, m.send(message{Op: OpPing, MuxID: m.MuxID}))
		}
	}
}

// responseCh is the channel to that goes to the requester.
// internalResp is the channel that comes from the server.