if s3Err != ErrNone {
		return cred, s3Err
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.Action(action),
		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,
		Claims:          cred.Claims,
	}) {
		// Request is allowed return the appropriate access key.
		return cred, ErrNone
	}

)

const (
	// Maximum allowed form data field values. 64MiB is a guessed practical value
	// which is more than enough to accommodate any form data fields and headers.
	requestFormDataSize = 64 * humanize.MiByte

	// For any HTTP request, request body should be not more than 16GiB + requestFormDataSize
	// where, 16GiB is the maximum allowed object size for object upload.

    ##
    enabled: false
    ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress
    ## Add ports to the egress by specifying - port: <port number>
    ## E.X.
    ## - port: 80
    ## - port: 443
    ## - port: 53
    ##   protocol: UDP
    ##
    ports: []
    ## @param networkPolicy.egress.to Allow egress traffic to specific destinations

}

// ObjectTooLarge error returned when the size of the object > max object size allowed (5G) per request.
type ObjectTooLarge GenericError

func (e ObjectTooLarge) Error() string {
	return "size of the object greater than what is allowed(5G)"
}

// ObjectTooSmall error returned when the size of the object < what is expected.
type ObjectTooSmall GenericError

   ├─ CAs
   ├─ private.key
   └─ public.crt
```

You can provide a custom certs directory using `--certs-dir` command line option.

#### Credentials

On MinIO admin credentials or root credentials are only allowed to be changed using ENVs namely `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`.

```sh
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio13
minio server /data
```

#### Site

```
KEY:

	// as well as the value to use for the part-number-marker request parameter
	// in a subsequent request.
	NextPartNumberMarker int

	// Maximum number of parts that were allowed in the response.
	MaxParts int

	// Indicates whether the returned list of parts is truncated.
	IsTruncated bool

	// List of all parts.
	Parts []PartInfo

	ctx := newContext(r, w, "KMSListKeys")
	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

	// This only checks if the action (kms:ListKeys) is allowed, it does not check
	// each key name against the policy's Resources. We check that below, once
	// we have the list of key names from the KMS.
	objectAPI, _ := validateAdminReq(ctx, w, r, policy.KMSListKeysAction)

			return cfg, fmt.Errorf("maximum allowed value for retry interval is '1m': %s", retryIntervalCfgVal)
		}

		httpTimeoutCfgVal := getCfgVal(EnvLoggerWebhookHTTPTimeout, k, kv.Get(httpTimeout))
		httpTimeout, err := time.ParseDuration(httpTimeoutCfgVal)
		if err != nil {
			return cfg, err
		}
		if httpTimeout < time.Second {
			return cfg, fmt.Errorf("minimum value allowed for http_timeout is '1s': %s", httpTimeout)
		}

		{ObjectOpts{Name: "xyz/c3test", UserTags: "k1=v1", VersionID: "vid", OpType: DeleteReplicationType}, cfgs[2], true},                     // 21. matches rule 1 - DeleteReplication allowed by rule for permanent delete of version

MC="/usr/bin/mc --insecure" {{- end }} # connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { SCHEME=$1 ATTEMPTS=0 LIMIT=29 # Allow 30 attempts set -e # fail if we can't read the keys. ACCESS=$(cat /config/rootUser) SECRET=$(cat /config/rootPassword) set +e # The connections to minio are allowed to fail. echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET"...