In most setups this is sufficient to heal the content after drive replacements. Setting `max_sleep` to a *lower* value and setting `max_io` to a *higher* value would make heal go faster.

If you have traditional spinning (hdd) drives, some applications with high concurrency might require MinIO cluster to be tuned such that to avoid random I/O on the drives. The way to convert high concurrent I/O into a sequential I/O is by reducing the number of concurrent operations allowed per cluster. This allows MinIO cluster to be operationally resilient to such workloads, while also making sure the drives are at optimal efficiency and responsive.

// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
message AllowedCSIDriver {
  // Name is the registered name of the CSI driver
  optional string name = 1;
}

// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
message AllowedFlexVolume {
  // driver is the name of the Flexvolume driver.
  optional string driver = 1;
}

*Note*: Standalone MinIO is intended for early development and evaluation. For production clusters, deploy a [Distributed](https://min.io/docs/minio/container/operations/install-deploy-manage/deploy-minio-single-node-multi-drive.html) MinIO deployment.

    "somepath(//tensorflow/tools/pip_package:build_pip_package, " \
    "@local_config_cuda//cuda:cudart + "\
    "@local_config_cuda//cuda:cudart + "\
    "@local_config_cuda//cuda:cuda_driver + "\
    "@local_config_cuda//cuda:cudnn + "\
    "@local_config_cuda//cuda:curand + "\
    "@local_config_cuda//cuda:cusolver + "\
    "@local_config_tensorrt//:tensorrt)" --keep_going > $BATS_TEST_TMPDIR/out

Unit tests

```
λ make test
```

Verify different type of MinIO deployments work

```
λ make verify
```

Verify if healing and replacing a drive works

```
λ make verify-healing
```

For example, you could identify a "car" or a "blog post".

Then you could add permissions about that entity, like "drive" (for the car) or "edit" (for the blog).

And then, you could give that JWT token to a user (or bot), and they could use it to perform those actions (drive the car, or edit the blog post) without even needing to have an account, just with the JWT token your API generated for that.

	@(env bash $(PWD)/buildscripts/verify-healing.sh)
	@(env bash $(PWD)/buildscripts/heal-inconsistent-versions.sh)

verify-healing-with-root-disks: ## verify healing root disks
	@echo "Verify healing with root drives"
	@GORACE=history_size=7 CGO_ENABLED=1 go build -race -tags kqueue -trimpath --ldflags "$(LDFLAGS)" -o $(PWD)/minio 1>/dev/null
	@(env bash $(PWD)/buildscripts/verify-healing-with-root-disks.sh)

虽然表单字段的名称是 `scope`（单数），但实际上，它是以空格分隔的，由多个**scope**组成的长字符串。

**作用域**只是不带空格的字符串。

常用于声明指定安全权限，例如：

* 常见用例为，`users:read` 或 `users:write`
* 脸书和 Instagram 使用 `instagram_basic`
* 谷歌使用 `https://www.googleapis.com/auth/drive`

!!! info "说明"

    OAuth2 中，**作用域**只是声明指定权限的字符串。

    是否使用冒号 `:` 等符号，或是不是 URL 并不重要。

    这些细节只是特定的实现方式。

    对 OAuth2 来说，都只是字符串而已。

## 获取 `username` 和 `password` 的代码

📨 🏑 📛 `scope` (⭐), ✋️ ⚫️ 🤙 📏 🎻 ⏮️ "↔" 🎏 🚀.

🔠 "↔" 🎻 (🍵 🚀).

👫 🛎 ⚙️ 📣 🎯 💂‍♂ ✔, 🖼:

* `users:read` ⚖️ `users:write` ⚠ 🖼.
* `instagram_basic` ⚙️ 👱📔 / 👱📔.
* `https://www.googleapis.com/auth/drive` ⚙️ 🇺🇸🔍.

!!! info
    Oauth2️⃣ "↔" 🎻 👈 📣 🎯 ✔ ✔.

    ⚫️ 🚫 🤔 🚥 ⚫️ ✔️ 🎏 🦹 💖 `:` ⚖️ 🚥 ⚫️ 📛.

    👈 ℹ 🛠️ 🎯.

    Oauth2️⃣ 👫 🎻.

## 📟 🤚 `username` & `password`