}
		var names []string
		if name == "." {
			attrs, err := listxattr(path)
			if err != nil {
				log.Fatalln(fmt.Errorf("listing attributes failed with: %v", err))
			}
			names = append(names, attrs...)
		} else {
			names = append(names, name)
		}
		var data [][]string
		for _, attr := range names {
			value, err := getxattr(path, attr)
			if err != nil {

				Versioned: true,
			})
		if err != nil {
			t.Fatalf("Erasure Object upload failed: <ERROR> %s", err)
		}
		names[i] = ObjectToDelete{
			ObjectV: ObjectV{
				ObjectName: objInfo.Name,
				VersionID:  objInfo.VersionID,
			},
		}

	}
	names = append(names, ObjectToDelete{
		ObjectV: ObjectV{
			ObjectName: "dir/obj1",
			VersionID:  mustGetUUID(), // add a non-existent UUID.
		},

	errTierInvalidCredentials = AdminError{
		Code:       "XMinioAdminTierInvalidCredentials",
		Message:    "Invalid remote tier credentials",
		StatusCode: http.StatusBadRequest,
	}
	// error returned when reserved internal names are used.
	errTierReservedName = AdminError{
		Code:       "XMinioAdminTierReserved",
		Message:    "Cannot use reserved tier name",
		StatusCode: http.StatusBadRequest,
	}
)

	// Once a key has been deleted all data that has been encrypted with it cannot be decrypted
	// anymore, and therefore, is lost.
	DeleteKey(ctx context.Context, keyID string) error

	// ListKeys lists all key names.
	ListKeys(ctx context.Context) (*kes.ListIter[string], error)

	// ImportKey imports a cryptographic key into the KMS.
	ImportKey(ctx context.Context, keyID string, bytes []byte) error

	ObjectAccessedAll
	ObjectCreatedAll
	ObjectRemovedAll
	ObjectReplicationAll
	ObjectRestoreAll
	ObjectTransitionAll
	ObjectScannerAll
	Everything
)

// The number of single names should not exceed 64.
// This will break masking. Use bit 63 as extension.
var _ = uint64(1 << objectSingleTypesEnd)

// Expand - returns expanded values of abbreviated event type.
func (name Name) Expand() []Name {

the specified role policy. The policy to associate with such users is specified via the `role_policy` configuration parameter or the `MINIO_IDENTITY_OPENID_ROLE_POLICY` environment variable. The value is a comma-separated list of IAM access policy names already defined in the server. In this situation, the server prints a role ARN at startup that must be specified as a `RoleArn` API request parameter in the STS AssumeRoleWithWebIdentity API call. When using Role Policies, multiple OpenID providers...

### Configure TLS

To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using

```bash

	}
	return v
}()

// Config - OpenID Config
type Config struct {
	Enabled bool

	// map of roleARN to providerCfg's
	arnProviderCfgsMap map[arn.ARN]*providerCfg

	// map of config names to providerCfg's
	ProviderCfgs map[string]*providerCfg

	pubKeys          publicKeys
	roleArnPolicyMap map[arn.ARN]string

	transport   http.RoundTripper
	closeRespFn func(io.ReadCloser)
}

## Provide a name in place of minio for `app:` labels
##
nameOverride: ""

## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""

## set kubernetes cluster domain where minio is running
##
clusterDomain: cluster.local

## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
##
image:
  repository: quay.io/minio/minio
  tag: RELEASE.2024-04-18T19-09-19Z

// has the same name as the value of this field.
//
// - from special JWT claim from STS request for AssumeRoleWithOIDC API (when
// not using RoleARN). The claim value can be a string or a list and refers to
// the names of access policies.
//
// For all except the RoleARN case, the implementation is the same - the policy
// for the STS credential is associated with a parent user. For the