c.Fatalf("Expected to fail to create STS cred with no associated policy!")
	}

	// Attempting to set a non-existent policy should fail.
	userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
	err = s.adm.SetPolicy(ctx, policy+"x", userDN, false)
	if err == nil {
		c.Fatalf("should not be able to set non-existent policy")
	}

	err = s.adm.SetPolicy(ctx, policy, userDN, false)
	if err != nil {

myminio else echo "User '$USER' already exists." fi #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" set +e ; # policy already attach errors out, allow it. ${MC} admin policy attach myminio $POLICY --user=$USER set -e else echo "User '$USER' has no policy attached." fi } # Try connecting to MinIO instance {{- if .Values.tls.enabled }} scheme=https {{- else }} scheme=http {{-...

	return args
}

// PolicyToBucketAccessPolicy converts a MinIO policy into a minio-go policy data structure.
func PolicyToBucketAccessPolicy(bucketPolicy *policy.BucketPolicy) (*miniogopolicy.BucketAccessPolicy, error) {
	// Return empty BucketAccessPolicy for empty bucket policy.
	if bucketPolicy == nil {
		return &miniogopolicy.BucketAccessPolicy{Version: policy.DefaultVersion}, nil
	}

	data, err := json.Marshal(bucketPolicy)

	"github.com/minio/mux"
	"github.com/minio/pkg/v2/policy"
)

const (
	// As per AWS S3 specification, 20KiB policy JSON data is allowed.
	maxBucketPolicySize = 20 * humanize.KiByte

	// Policy configuration file.
	bucketPolicyConfig = "policy.json"
)

// PutBucketPolicyHandler - This HTTP handler stores given bucket policy configuration as per

	// Generate the final policy document
	policy = fmt.Sprintf(policy, dates...)

	region := "us-east-1"
	// Create a new POST request with success_action_redirect field specified
	req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"),
		credentials.AccessKey, credentials.SecretKey, region, curTime,

	sessionPolicyArgs.IsOwner = false

	// Sub policy is set and valid.
	return hasSessionPolicy, subPolicy.IsAllowed(sessionPolicyArgs)
}

// GetCombinedPolicy returns a combined policy combining all policies
func (sys *IAMSys) GetCombinedPolicy(policies ...string) policy.Policy {
	_, policy := sys.store.FilterPolicies(strings.Join(policies, ","), "")
	return policy
}

   Matching subsets: 
      (Non-matching subsets v1)
   No Traffic Policy
VirtualService: bookinfo
   Route to host "productpage" with weight 30%
   Route to host "productpage2" with weight 20%
   Route to host "productpage3" with weight 50%
   Match: /prefix*
`,
		},
		// have traffic policy
		{
			k8sConfigs: []runtime.Object{
				&corev1.Service{
					ObjectMeta: metav1.ObjectMeta{

	},
		replicateIAMItem,
	)
	return errors.Unwrap(cerr)
}

// PeerAddPolicyHandler - copies IAM policy to local. A nil policy argument,
// causes the named policy to be deleted.
func (c *SiteReplicationSys) PeerAddPolicyHandler(ctx context.Context, policyName string, p *policy.Policy, updatedAt time.Time) error {
	var err error
	// skip overwrite of local update if peer sent stale info
	if !updatedAt.IsZero() {

func (store *IAMStoreSys) GetPolicy(name string) (policy.Policy, error) {
	if name == "" {
		return policy.Policy{}, errInvalidArgument
	}

	cache := store.rlock()
	defer store.runlock()

	policies := newMappedPolicy(name).toSlice()
	var toMerge []policy.Policy
	for _, policy := range policies {
		if policy == "" {
			continue
		}
		v, ok := cache.iamPolicyDocsMap[policy]

import "net/http"

// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`

// Standard path where an app would find cross domain policy information.