contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
nationality, personal appearance, race, religion, or sexual identity and
orientation.

## Our Standards

	m.Flags &^= FlagPayloadIsZero
	if len(m.Payload) == 0 && m.Payload != nil {
		m.Flags |= FlagPayloadIsZero
	}
}

type receiver interface {
	msgp.Unmarshaler
	Op() Op
}

type sender interface {
	msgp.MarshalSizer
	Op() Op
}

type connectReq struct {
	ID   [16]byte
	Host string
}

func (connectReq) Op() Op {
	return OpConnect
}

type connectResp struct {

	if debugPrint {
		fmt.Println("closing outgoing mux", m.MuxID)
	}
	if !m.respMu.TryLock() {
		// Cancel before locking - will unblock any pending sends.
		if m.cancelFn != nil {
			m.cancelFn(context.Canceled)
		}
		// Wait for senders to release.
		m.respMu.Lock()
	}

	defer m.respMu.Unlock()
	m.closeLocked()
}

func (m *muxClient) closeLocked() {
	if m.closed {
		return

				data = append(data, []string{attr, errors.Unwrap(err).Error()})
			} else {
				data = append(data, []string{attr, fmt.Sprintf("%d", value)})
			}
		}
		table.AppendBulk(data) // Add Bulk Data
		table.Render()
	}

			},
		)
	}
}

// TestAccMgmtPlugin - this test assumes that the access-management-plugin is
// the same as the example in `docs/iam/access-manager-plugin.go` -
// specifically, it denies only `s3:Put*` operations on non-root accounts.
func (s *TestSuiteIAM) TestAccMgmtPlugin(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

           --log-level=debug \
           --set=decision_logs.console=true
```

### 2. Create a sample OPA Policy

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

	go func() {
		wg.Wait()
		defer xioutil.SafeClose(send)
		err := m.handleRequests(ctx, msg, send, handler, handlerIn)
		if err != nil {
			handlerErr.Store(err)
		}
	}()

	// Response sender goroutine...
	go func(outBlock <-chan struct{}) {
		wg.Wait()
		defer m.parent.deleteMux(true, m.ID)
		m.sendResponses(ctx, send, c, &handlerErr, outBlock)
	}(m.outBlock)

	// Remote aliveness check if needed.

	writeSuccessResponseXML(w, encodedSuccessResponse)
}

// ListBucketsHandler - GET Service.
// -----------
// This implementation of the GET operation returns a list of all buckets
// owned by the authenticated sender of the request.
func (api objectAPIHandlers) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
	ctx := newContext(r, w, "ListBuckets")

	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

	}

	// Check if we are creating svc account for request sender.
	isSvcAccForRequestor := false
	if targetUser == requestorUser || targetUser == requestorParentUser {
		isSvcAccForRequestor = true
	}

	var (
		targetGroups []string
		err          error
	)

	// If we are creating svc account for request sender, ensure that targetUser
	// is a real user (i.e. not derived credentials).

		bucket:       "bucket",
		root:         "folder/prefix",
		recursive:    false,
		status:       scanStateSuccess,
		fileNotFound: false,
		error:        "",
		started:      metaCacheTestsetTimestamp,
		ended:        metaCacheTestsetTimestamp.Add(time.Minute),
		lastUpdate:   metaCacheTestsetTimestamp.Add(time.Minute),
		lastHandout:  metaCacheTestsetTimestamp,
		dataVersion:  metacacheStreamVersion,
	},
	1: {