},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := NewIAMRoleARN(tt.args.resourceID, tt.args.serverRegion)
			if (err != nil) != tt.wantErr {
				t.Errorf("NewIAMRoleARN() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("NewIAMRoleARN() got = %v, want %v", got, tt.want)
			}
		})
	}
}

// Allows english letters, numbers, '.', '-', '_' and '/'. Starts with a
// letter or digit. At least 1 character long.
var validResourceIDRegex = regexp.MustCompile(`[A-Za-z0-9_/\.-]+$`)

// NewIAMRoleARN - returns an ARN for a role in MinIO.
func NewIAMRoleARN(resourceID, serverRegion string) (ARN, error) {
	if !validResourceIDRegex.MatchString(resourceID) {
		return ARN{}, fmt.Errorf("invalid resource ID: %s", resourceID)
	}
	return ARN{

// DummyRoleARN is used to indicate that the user associated with it was
// authenticated via policy-claim based OpenID provider.
var DummyRoleARN = func() arn.ARN {
	v, err := arn.NewIAMRoleARN("dummy-internal", "")
	if err != nil {
		panic("should not happen!")
	}
	return v
}()

// Config - OpenID Config
type Config struct {
	Enabled bool

	// map of roleARN to providerCfg's

			return args, config.Errorf("Role ID must match the regexp `^[a-zA-Z0-9_-]+$`")
		}

		// Use the user provided ID here.
		resourceID += roleID
	}

	roleArn, err := arn.NewIAMRoleARN(resourceID, serverRegion)
	if err != nil {
		return args, config.Errorf("unable to generate ARN from the plugin config: %v", err)
	}

	args = Args{
		URL:         u,
		AuthToken:   authToken,