}
		resMap[user] = blankEntities
	}

	var r []madmin.UserPolicyEntities
	cache.iamUserPolicyMap.Range(func(user string, mappedPolicy MappedPolicy) bool {
		if userPredicate != nil && !userPredicate(user) {
			return true
		}

		entitiesWithMemberOf, ok := resMap[user]
		if !ok {
			if len(userMap) > 0 {
				return true
			}

// If no deadline is set, a 1-minute deadline is added.
func (h *SingleHandler[Req, Resp]) Call(ctx context.Context, c Requester, req Req) (resp Resp, err error) {
	if c == nil {
		if h.ignoreNilConn {
			return resp, nil
		}
		return resp, ErrDisconnected
	}
	payload, err := req.MarshalMsg(GetByteBufferCap(req.Msgsize()))
	if err != nil {
		return resp, err
	}
	switch any(req).(type) {
	case *MSS, *URLValues:

	resp, err := getLocksRPC.Call(ctx, client.gridConn(), grid.NewMSS())
	if err != nil || resp == nil {
		return nil, err
	}
	return *resp, nil
}

// LocalStorageInfo - fetch server information for a remote node.
func (client *peerRESTClient) LocalStorageInfo(ctx context.Context, metrics bool) (info StorageInfo, err error) {

			}
			log.Debugf("got update to send to ztunnel")
			resp, err := conn.sendDataAndWaitForAck(update.Update, update.Fd)
			if err != nil {
				log.Errorf("ztunnel acked error: err %v ackErr %s", err, resp.GetAck().GetError())
			}
			log.Debugf("ztunnel acked")
			// Safety: Resp is buffered, so this will not block
			update.Resp <- updateResponse{
				err:  err,
				resp: resp,
			}

	h.mutex.RLock()
	defer h.mutex.RUnlock()

	// Make a copy before returning the value
	retMap := make(map[madmin.HealItemType]int64, len(h.scannedItemsMap))
	for k, v := range h.scannedItemsMap {
		retMap[k] = v
	}

	return retMap
}

// getHealedItemsMap - returns the map of all healed items against type

		Transport: transport,
	}

	resp, err := client.Do(req)
	if err != nil {
		return nil, err
	}

	defer xhttp.DrainBody(resp.Body)
	if resp.StatusCode != http.StatusOK {
		// uncomment this for debugging when needed.
		// reqBytes, _ := httputil.DumpRequest(req, false)
		// fmt.Println(string(reqBytes))
		// respBytes, _ := httputil.DumpResponse(resp, true)
		// fmt.Println(string(respBytes))

	// For errors we make sure to dump response body as well.
	if resp.StatusCode != http.StatusOK &&
		resp.StatusCode != http.StatusPartialContent &&
		resp.StatusCode != http.StatusNoContent {
		respTrace, err = httputil.DumpResponse(resp, true)
		if err != nil {
			return
		}
	} else {
		respTrace, err = httputil.DumpResponse(resp, false)
		if err != nil {
			return
		}
	}

	}
	req.Header.Set("Authorization", "Bearer "+accessToken.AccessToken)
	resp, err := k.client.Do(req)
	if err != nil {
		return User{}, err
	}
	defer resp.Body.Close()
	switch resp.StatusCode {
	case http.StatusOK, http.StatusPartialContent:
		var u User
		if err = json.NewDecoder(resp.Body).Decode(&u); err != nil {
			return User{}, err
		}
		return u, nil
	case http.StatusNotFound:

	return DEK{
		KeyID:      name,
		Version:    resp.Version,
		Plaintext:  resp.Plaintext,
		Ciphertext: resp.Ciphertext,
	}, nil
}

func (c *kmsConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, error) {
	aad, err := req.AssociatedData.MarshalText()
	if err != nil {
		return nil, err
	}

	ciphertext, _ := parseCiphertext(req.Ciphertext)
	resp, err := c.client.Decrypt(ctx, &kms.DecryptRequest{

				return err
			}
			// Fall through to be sure we have returned all responses.
			doneCh = nil
		case resp, ok := <-s.responses:
			if !ok {
				done = true
				return nil
			}
			if resp.Err != nil {
				s.cancel(resp.Err)
				return resp.Err
			}
			err = next(resp.Msg)
			if err != nil {
				s.cancel(err)
				return err
			}
		}
	}
}