if err != nil {
		return args, config.Errorf("unable to generate ARN from the plugin config: %v", err)
	}

	args = Args{
		URL:         u,
		AuthToken:   authToken,
		Transport:   transport,
		CloseRespFn: closeRespFn,
		RolePolicy:  rolePolicy,
		RoleARN:     roleArn,
	}
	if err = args.Validate(); err != nil {
		return args, err
	}
	return args, nil
}

	}

	u, err := xnet.ParseHTTPURL(opaURL)
	if err != nil {
		return args, err
	}
	args = Args{
		URL:         u,
		AuthToken:   authToken,
		Transport:   transport,
		CloseRespFn: closeRespFn,
	}
	if err = args.Validate(); err != nil {
		return args, err
	}
	return args, nil
}

// New - initializes opa policy engine connector.
func New(args Args) *Opa {
	// No opa args.

	httpSettings.EnableHTTP2 = enableHTTP2
	transport := httpSettings.NewHTTPTransportWithTimeout(time.Minute)

	args = Args{
		URL:         u,
		AuthToken:   getCfg(AuthToken),
		Transport:   transport,
		CloseRespFn: closeRespFn,
	}
	if err = args.Validate(); err != nil {
		return args, err
	}
	return args, nil
}

// New - initializes Authorization Management Plugin.
func New(args Args) *AuthZPlugin {

		pubKeys:            r.pubKeys,
		roleArnPolicyMap:   make(map[arn.ARN]string, len(r.roleArnPolicyMap)),
		transport:          r.transport,
		closeRespFn:        r.closeRespFn,
	}
	for k, v := range r.arnProviderCfgsMap {
		cfg.arnProviderCfgsMap[k] = v
	}
	for k, v := range r.ProviderCfgs {
		cfg.ProviderCfgs[k] = v
	}
	for k, v := range r.roleArnPolicyMap {

func parseDiscoveryDoc(u *xnet.URL, transport http.RoundTripper, closeRespFn func(io.ReadCloser)) (DiscoveryDoc, error) {
	d := DiscoveryDoc{}
	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
	if err != nil {
		return d, err
	}
	clnt := http.Client{
		Transport: transport,
	}
	resp, err := clnt.Do(req)
	if err != nil {
		return d, err
	}
	defer closeRespFn(resp.Body)
	if resp.StatusCode != http.StatusOK {

		Enabled: true,
		pubKeys: pubKeys,
		arnProviderCfgsMap: map[arn.ARN]*providerCfg{
			DummyRoleARN: &provider,
		},
		ProviderCfgs: map[string]*providerCfg{
			"1": &provider,
		},
		closeRespFn: func(rc io.ReadCloser) {
			rc.Close()
		},
	}

	var claims jwtgo.MapClaims
	if err = cfg.Validate(context.Background(), DummyRoleARN, token, "", "", claims); err != nil {
		t.Fatal(err)
	}
}

		} else {
			authZPluginCfg.URL = opaCfg.URL
			authZPluginCfg.AuthToken = opaCfg.AuthToken
			authZPluginCfg.Transport = opaCfg.Transport
			authZPluginCfg.CloseRespFn = opaCfg.CloseRespFn
		}
	}

	setGlobalAuthZPlugin(polplugin.New(authZPluginCfg))

	sys.Lock()
	sys.LDAPConfig = ldapConfig
	sys.OpenIDConfig = openidConfig
	sys.STSTLSConfig = stsTLSConfig