//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
  //   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
  //
  // Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].

// 2. `subsys:` -> request for config of a single subsystem and the default target.
// 3. `subsys` -> request for config of all targets for the given subsystem.
//
// This is a reporting API and config secrets are redacted in the response.
func (a adminAPIHandlers) GetConfigKVHandler(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	objectAPI, cred := validateAdminReq(ctx, w, r, policy.ConfigUpdateAdminAction)

			vs = ValueSourceDef
		}

		if redactSecrets && isRedacted {
			// Skip adding redacted secrets to the output.
			continue
		}

		r = append(r, KVSrc{
			Key:   kv.Key,
			Value: v,
			Src:   vs,
		})
	}

	// Add the comment key as well if non-empty (and comments are never
	// redacted).
	v, vs, _ := c.ResolveConfigParam(subSys, target, Comment, redactSecrets)

	if err != nil {
		return
	}

	// Filter out Signature field from Authorization header.
	origAuth := req.Header.Get("Authorization")
	if origAuth != "" {
		req.Header.Set("Authorization", "**REDACTED**")
	}

	// Only display request header.
	reqTrace, err := httputil.DumpRequestOut(req, false)
	if err != nil {
		return
	}

	// Write request to trace output.