"github.com/minio/pkg/v3/policy"
	"github.com/minio/pkg/v3/policy/condition"
)

func getAnonReadOnlyBucketPolicy(bucketName string) *policy.BucketPolicy {
	return &policy.BucketPolicy{
		Version: policy.DefaultVersion,
		Statements: []policy.BPStatement{
			policy.NewBPStatement(
				"",
				policy.Allow,
				policy.NewPrincipal("*"),
				policy.NewActionSet(policy.GetBucketLocationAction, policy.ListBucketAction),

Klaus Post <******@****.***> 1756435188 +0200

	return args
}

// PolicyToBucketAccessPolicy converts a MinIO policy into a minio-go policy data structure.
func PolicyToBucketAccessPolicy(bucketPolicy *policy.BucketPolicy) (*miniogopolicy.BucketAccessPolicy, error) {
	// Return empty BucketAccessPolicy for empty bucket policy.
	if bucketPolicy == nil {
		return &miniogopolicy.BucketAccessPolicy{Version: policy.DefaultVersion}, nil
	}

	data, err := json.Marshal(bucketPolicy)

		},
		{
			name:    "unknown key XAmzChecksumSHA1 is error as it does not appear in policy",
			fv:      defaultFormVals.Clone().Set(http.CanonicalHeaderKey(xhttp.AmzChecksumSHA1), "sha1-val"),
			wantErr: `Each form field that you specify in a form must appear in the list of policy conditions. "X-Amz-Checksum-Sha1" not specified in the policy.`,
		},
		{
			name:    "unknown key XAmzChecksumSHA256 is error as it does not appear in policy",

		} else if strings.HasPrefix(policy.Key, "$x-amz-meta-") || strings.HasPrefix(policy.Key, "$x-amz-") {
			// This covers all conditions X-Amz-Meta-* and X-Amz-*
			// Check if policy condition is satisfied
			if !checkPolicyCond(op, formValues.Get(formCanonicalName), policy.Value) {
				return fmt.Errorf("Invalid according to Policy: Policy Condition failed: [%s, %s, %s]", op, policy.Key, policy.Value)
			}
		}
		delete(mustFindInPolicy, formCanonicalName)

	// 4. Verify the policy appears in listing
	ps, err := s.adm.ListCannedPolicies(ctx)
	if err != nil {
		c.Fatalf("policy list err: %v", err)
	}
	_, ok := ps[policy1]
	if !ok {
		c.Fatalf("policy was missing!")
	}

	// Detach policy1 to set up for policy2
	_, err = s.adm.DetachPolicy(ctx, madmin.PolicyAssociationReq{
		Policies: []string{policy1},
		User:     accessKey,
	})

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

		fi
	else
		echo "Bucket '$BUCKET' versioning unchanged."
	fi

	# At this point, the bucket should exist, skip checking for existence
	# Set policy on the bucket
	echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
	${MC} anonymous set $POLICY myminio/$BUCKET
}

# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}

		t.Fatal(err)
	}

	creds := globalActiveCred
	policy := "policy"
	testCases := []struct {
		accessKey string
		policy    string
		signature string
		errCode   APIErrorCode
	}{
		{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID},
		{creds.AccessKey, policy, calculateSignatureV2("random", creds.SecretKey), ErrSignatureDoesNotMatch},

            }
        }
    }

    /** Policy information class for audit events. */
    /** Policy information level for audit events. */
    public static final int POLICY_INFO_AUDIT_EVENTS = 2;
    /** Policy information class for primary domain. */
    /** Policy information level for primary domain. */
    public static final int POLICY_INFO_PRIMARY_DOMAIN = 3;
    /** Policy information class for account domain. */