- 'https://server3-pool2:9000/mnt/disk{1...4}/'
        - 'https://server4-pool2:9000/mnt/disk{1...4}/'

options:
  ftp: # settings for MinIO to act as an ftp server
        address: ':8021'
        passive-port-range: '30000-40000'
  sftp: # settings for MinIO to act as an sftp server
        address: ':8022'

# Number of expanded MinIO clusters
pools: 1

## TLS Settings for MinIO
tls:
  enabled: false
  ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
  certSecret: ""
  publicCrt: public.crt
  privateKey: private.key

version: '3.7'

# Settings and configurations that are common for all containers
x-minio-common: &minio-common
  image: quay.io/minio/minio:RELEASE.2024-05-01T01-11-10Z
  command: server --console-address ":9001" http://minio{1...4}/data{1...2}
  expose:
    - "9000"
    - "9001"
  # environment:
    # MINIO_ROOT_USER: minioadmin
    # MINIO_ROOT_PASSWORD: minioadmin
  healthcheck:
    test: ["CMD", "mc", "ready", "local"]
    interval: 5s

)

// Browser sub-system constants
const (
	// browserCSPPolicy setting name for Content-Security-Policy response header value
	browserCSPPolicy = "csp_policy"
	// browserHSTSSeconds setting name for Strict-Transport-Security response header, amount of seconds for 'max-age'
	browserHSTSSeconds = "hsts_seconds"
	// browserHSTSIncludeSubdomains setting name for Strict-Transport-Security response header 'includeSubDomains' flag (true or false)

	// and it is automatically deduced.
	globalBrowserRedirectURL *xnet.URL

	// Disable redirect, default is enabled.
	globalBrowserRedirect bool

	// globalBrowserConfig Browser user configurable settings
	globalBrowserConfig browser.Config

	// This flag is set to 'true' when MINIO_UPDATE env is set to 'off'. Default is false.
	globalInplaceUpdateDisabled = false

	globalSite = config.Site{

	config.Net.TLS.Config = tlsConfig
	config.Net.TLS.Config.InsecureSkipVerify = args.TLS.SkipVerify
	config.Net.TLS.Config.ClientAuth = args.TLS.ClientAuth
	config.Net.TLS.Config.RootCAs = args.TLS.RootCAs

	// These settings are needed to ensure that kafka client doesn't hang on brokers
	// refer https://github.com/IBM/sarama/issues/765#issuecomment-254333355
	config.Producer.Retry.Max = 2
	config.Producer.Retry.Backoff = (1 * time.Second)

		GlobalKMS, err = kms.Parse("my-minio-key:5lF+0pJM0OWwlQrvK2S/I7W9mO4a6rJJI7wzj7v09cw=")
		if err != nil {
			t.Fatal(err)
		}
	}
}

func enableEncryption(t *testing.T) {
	// Exec with default settings...
	globalCompressConfigMu.Lock()
	globalCompressConfig.Enabled = false
	globalCompressConfigMu.Unlock()

	globalAutoEncryption = true
	var err error

		}
		if !skipContentSha256Cksum(r) {
			sha256hex = getContentSha256Cksum(r, serviceS3)
		}
	}

	if _, ok := r.Header[xhttp.MinIOSourceReplicationCheck]; ok {
		// requests to just validate replication settings and permissions are not allowed to write data
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrReplicationPermissionCheckError), r.URL)
		return
	}

var tlsClientSessionCacheSize = 100

// ConnSettings - contains connection settings.
type ConnSettings struct {
	DialContext DialContext // Custom dialContext, DialTimeout is ignored if this is already setup.
	LookupHost  LookupHost  // Custom lookupHost, is nil on containerized deployments.
	DialTimeout time.Duration

	// TLS Settings
	RootCAs          *x509.CertPool
	CipherSuites     []uint16
	CurvePreferences []tls.CurveID

	flag.Uint64Var(&value, "value", 0, "attribute value expects the value to be uint64")
	flag.BoolVar(&set, "set", false, "this is a set attribute operation")

	flag.Parse()

	if set && value == 0 {
		log.Fatalln("setting an attribute requires a non-zero value")
	}

	if !set && value > 0 {
		log.Fatalln("to set a value please specify --set along with --value")
	}

	table := tablewriter.NewWriter(os.Stdout)