func (arn ARN) String() string {
	return strings.Join(
		[]string{
			arnPrefixArn,
			arn.Partition,
			arn.Service,
			arn.Region,
			"", // account-id is always empty in this implementation
			arn.ResourceType + "/" + arn.ResourceID,
		},
		":",
	)
}

// Parse - parses an ARN string into a type.
func Parse(arnStr string) (arn ARN, err error) {
	ps := strings.Split(arnStr, ":")

			},
			Object: event.Object{
				Key:       keyName,
				VersionID: args.Object.VersionID,
				Sequencer: uniqueID,
			},
		},
		Source: event.Source{
			Host:      args.Host,
			UserAgent: args.UserAgent,
		},
	}

	isRemovedEvent := args.EventName == event.ObjectRemovedDelete ||
		args.EventName == event.ObjectRemovedDeleteMarkerCreated ||
		args.EventName == event.ObjectRemovedNoOP

		if _, ok := tgtsMap[rule.Destination.ARN]; !ok {
			tgtsMap[rule.Destination.ARN] = struct{}{}
		}
	}
	for k := range tgtsMap {
		arns = append(arns, k)
	}
	return arns

		return
	}

	arnMsg := color.Blue("Object Lambda ARNs: ")
	for _, arn := range globalLambdaTargetList.List(globalSite.Region()) {
		arnMsg += color.Bold(fmt.Sprintf("%s ", arn))
	}
	logger.Info(arnMsg + "\n")
}

// Prints bucket notification configurations.
func printEventNotifiers() {
	if globalNotificationSys == nil {
		return
	}

	arns := globalEventNotifier.GetARNList(true)
	if len(arns) == 0 {

	}
	sort.Strings(arns)
	msgs := make([]string, 0, len(arns))
	for _, arn := range arns {
		msgs = append(msgs, color.Bold(arn))
	}

	logger.Info(fmt.Sprintf("%s %s", color.Blue("IAM Roles:"), strings.Join(msgs, " ")))
}

// HasWatcher - returns if the IAM system has a watcher to be notified of
// changes.
func (sys *IAMSys) HasWatcher() bool {
	return sys.store.HasWatcher()
}

	}

	// Validate the received bucket policy document
	if err = bucketLifecycle.Validate(rcfg); err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// Validate the transition storage ARNs
	if err = validateTransitionTier(bucketLifecycle); err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// Create a map of updated set of rules in request

	var arns []string
	if rCfg.RoleArn != "" {
		arns = append(arns, rCfg.RoleArn)
	} else {
		for _, rule := range rCfg.Rules {
			arns = append(arns, rule.Destination.String())
		}
	}
	var sameTarget bool
	for _, arnStr := range arns {
		arn, err := madmin.ParseARN(arnStr)
		if err != nil {

// authenticated via policy-claim based OpenID provider.
var DummyRoleARN = func() arn.ARN {
	v, err := arn.NewIAMRoleARN("dummy-internal", "")
	if err != nil {
		panic("should not happen!")
	}
	return v
}()

// Config - OpenID Config
type Config struct {
	Enabled bool

	// map of roleARN to providerCfg's
	arnProviderCfgsMap map[arn.ARN]*providerCfg

	// map of config names to providerCfg's

		// GetObjectLegalHold
		router.Methods(http.MethodGet).Path("/{object:.+}").
			HandlerFunc(s3APIMiddleware(api.GetObjectLegalHoldHandler)).
			Queries("legal-hold", "")
		// GetObject with lambda ARNs
		router.Methods(http.MethodGet).Path("/{object:.+}").
			HandlerFunc(s3APIMiddleware(api.GetObjectLambdaHandler, traceHdrsS3HFlag)).
			Queries("lambdaArn", "{lambdaArn:.*}")
		// GetObject

	if update {
		ops = madmin.GetTargetUpdateOps(r.Form)
	} else {
		var exists bool // true if arn exists
		target.Arn, exists = globalBucketTargetSys.getRemoteARN(bucket, &target, "")
		if exists && target.Arn != "" { // return pre-existing ARN
			data, err := json.Marshal(target.Arn)
			if err != nil {
				writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
				return
			}