}

    /**
     * Gets the action hook for custom processing.
     *
     * @return the action hook
     */
    public ActionHook getActionHook() {
        return actionHook;
    }

    /**
     * Sets the action hook for custom processing.
     *
     * @param actionHook the action hook to set
     */

	policyBytes := fmt.Appendf(nil, `{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Effect": "Allow",
   "Action": [
    "s3:ListBucket"
   ],
   "Resource": [
    "arn:aws:s3:::%s"
   ]
  },
  {
   "Effect": "Allow",
   "Action": [
    "s3:PutObject",
    "s3:GetObject"
   ],
   "Resource": [
    "arn:aws:s3:::%s/*"
   ]
  }
 ]

	evt := evts[0]
	if evt.Action != TransitionAction {
		t.Fatalf("Expected action: %s but got %s", TransitionAction, evt.Action)
	}
	if evt.StorageClass != "TIER-1" {
		t.Fatalf("Expected TIER-1 but got %s", evt.StorageClass)
	}

	evt = evts[1]
	if evt.Action != TransitionVersionAction {
		t.Fatalf("Expected action: %s but got %s", TransitionVersionAction, evt.Action)
	}
	if evt.StorageClass != "TIER-2" {

  - [Downloads](#downloads-12)
  - [Changes since v1.3.0-alpha.5](#changes-since-v130-alpha5)
    - [Action Required](#action-required-1)
    - [Other notable changes](#other-notable-changes-12)
- [v1.3.0-alpha.5](#v130-alpha5)
  - [Downloads](#downloads-13)
  - [Changes since v1.3.0-alpha.4](#changes-since-v130-alpha4)
    - [Action Required](#action-required-2)
    - [Other notable changes](#other-notable-changes-13)
- [v1.3.0-alpha.4](#v130-alpha4)

		if res != nil && res.NormDN == cred.ParentUser {
			denyOnly = true
		}
	}

	// Check if action is allowed if creating access key for another user
	// Check if action is explicitly denied if for self
	if !globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.CreateServiceAccountAdminAction,
		ConditionValues: condValues,
		IsOwner:         owner,

		// Creating a bucket with locking requires the user having more permissions
		for _, action := range []policy.Action{policy.PutBucketObjectLockConfigurationAction, policy.PutBucketVersioningAction} {
			if !globalIAMSys.IsAllowed(policy.Args{
				AccountName:     cred.AccessKey,
				Groups:          cred.Groups,
				Action:          action,
				ConditionValues: getConditionValues(r, "", cred),
				BucketName:      bucket,

    }
  }

  @Test
  fun rebuildJournalFailurePreventsEditors() {
    while (taskFaker.isIdle()) {
      set("a", "a", "a")
      set("b", "b", "b")
    }

    // Cause the rebuild action to fail.
    filesystem.setFaultyRename(cacheDir / DiskLruCache.JOURNAL_FILE_BACKUP, true)
    taskFaker.runNextTask()

    // Don't allow edits under any circumstances.
    assertThat(cache.edit("a")).isNull()

      synchronized (mutex) {
        return delegate().parallelStream();
      }
    }

    @Override
    public void forEach(Consumer<? super E> action) {
      synchronized (mutex) {
        delegate().forEach(action);
      }
    }

    @Override
    public boolean remove(@Nullable Object o) {
      synchronized (mutex) {
        return delegate().remove(o);
      }
    }

  @Override
  public int size() {
    return valueList.size();
  }

  @Override
  public void forEach(BiConsumer<? super K, ? super V> action) {
    checkNotNull(action);
    ImmutableList<K> keyList = keySet.asList();
    for (int i = 0; i < size(); i++) {
      action.accept(keyList.get(i), valueList.get(i));
    }
  }

  @Override
  public @Nullable V get(@Nullable Object key) {

	// to its own account (like create service accounts for itself, among
	// others). However when a session policy is present, we need to validate
	// that the action is actually allowed, rather than checking if the action
	// is only disallowed.
	sessionPolicyArgs := args
	sessionPolicyArgs.IsOwner = false
	sessionPolicyArgs.DenyOnly = false

	// Sub policy is set and valid.