}

		// Finally, if there is no parent policy, check if a policy claim is
		// present in the session token.
		if len(policies) == 0 {
			// If there is no parent policy mapping, we fall back to
			// using policy claim from JWT.
			policySet, ok := args.GetPolicies(iamPolicyClaimNameOpenID())
			if !ok {
				// When claims are set, it should have a policy claim field.
				return false
			}

		}

		// Retrieve the credential's claims.
		secret, err := getTokenSigningKey()
		if err != nil {
			c.Fatalf("Error getting token signing key: %v", err)
		}
		claims, err := getClaimsFromTokenWithSecret(value.SessionToken, secret)
		if err != nil {
			c.Fatalf("Error getting claims from token: %v", err)
		}

		// Validate claims.
		dnClaim := claims.MapClaims[ldapActualUser].(string)

		// In case of LDAP/OIDC we need to set `opts.claims` to ensure
		// it is associated with the LDAP/OIDC user properly.
		for k, v := range cred.Claims {
			if k == expClaim {
				continue
			}
			opts.claims[k] = v
		}
	} else if globalIAMSys.LDAPConfig.Enabled() {
		// In case of LDAP we need to resolve the targetUser to a DN and
		// query their groups:
		opts.claims[ldapUserN] = targetUser // simple username

			continue
		}

		var (
			err    error
			claims *jwt.MapClaims
		)

		if cred.IsServiceAccount() {
			claims, err = getClaimsFromTokenWithSecret(cred.SessionToken, cred.SecretKey)
		} else if cred.IsTemp() {
			var secretKey string
			secretKey, err = getTokenSigningKey()
			if err != nil {
				continue
			}
			claims, err = getClaimsFromTokenWithSecret(cred.SessionToken, secretKey)
		}

				Action:          policy.ListBucketAction,
				BucketName:      bucketInfo.Name,
				ConditionValues: getConditionValues(r, "", cred),
				IsOwner:         owner,
				ObjectName:      "",
				Claims:          cred.Claims,
			}) {
				bucketsInfo[n] = bucketInfo
				n++
			} else if globalIAMSys.IsAllowed(policy.Args{
				AccountName:     cred.AccessKey,
				Groups:          cred.Groups,

                    if ( trans.isSMB2() ) {
                        return sessionSetupSMB2(trans, this.targetDomain, (ServerMessageBlock2Request<?>) chained, chainedResponse);
                    }

                    sessionSetupSMB1(trans, this.targetDomain, (ServerMessageBlock) chained, (ServerMessageBlock) chainedResponse);
                    return chainedResponse;
                }
                catch ( Exception se ) {

 *
 * <p>If {@link #weakKeys weakKeys}, {@link #weakValues weakValues}, or {@link #softValues
 * softValues} are requested, it is possible for a key or value present in the cache to be reclaimed
 * by the garbage collector. Entries with reclaimed keys or values may be removed from the cache on
 * each cache modification, on occasional cache accesses, or on calls to {@link Cache#cleanUp}; such

 *
 * <p>If {@link #weakKeys weakKeys}, {@link #weakValues weakValues}, or {@link #softValues
 * softValues} are requested, it is possible for a key or value present in the cache to be reclaimed
 * by the garbage collector. Entries with reclaimed keys or values may be removed from the cache on
 * each cache modification, on occasional cache accesses, or on calls to {@link Cache#cleanUp}; such

  - This issue can be resolved by restarting docker daemon
- CORS works only in insecure mode ([#24086](https://github.com/kubernetes/kubernetes/issues/24086))
- Persistent volume claims gets added incorrectly after being deleted under stress. Happens very infrequently. ([#26082](https://github.com/kubernetes/kubernetes/issues/26082))

#### Docker runtime Known Issues