}

func toAdminAPIErr(ctx context.Context, err error) APIError {
	if err == nil {
		return noError
	}

	var apiErr APIError
	switch e := err.(type) {
	case policy.Error:
		apiErr = APIError{
			Code:           "XMinioMalformedIAMPolicy",
			Description:    e.Error(),
			HTTPStatusCode: http.StatusBadRequest,
		}
	case config.ErrConfigNotFound:
		apiErr = APIError{
			Code:           "XMinioConfigNotFoundError",

		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	config, err := globalBucketVersioningSys.Get(bucket)
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	configData, err := xml.Marshal(config)
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

		}
	}
}

func fwdStatusToAPIError(resp *http.Response) *APIError {
	if status := resp.Header.Get(xhttp.AmzFwdStatus); status != "" && StatusCode(status) > -1 {
		apiErr := &APIError{
			HTTPStatusCode: StatusCode(status),
			Description:    resp.Header.Get(xhttp.AmzFwdErrorMessage),
			Code:           resp.Header.Get(xhttp.AmzFwdErrorCode),
		}
		if apiErr.HTTPStatusCode == http.StatusOK {
			return nil
		}

func toAPIError(ctx context.Context, err error) APIError {
	if err == nil {
		return noError
	}

	apiErr := errorCodes.ToAPIErr(toAPIErrorCode(ctx, err))
	switch apiErr.Code {
	case "NotImplemented":
		apiErr = APIError{
			Code:           apiErr.Code,
			Description:    fmt.Sprintf("%s (%v)", apiErr.Description, err),
			HTTPStatusCode: apiErr.HTTPStatusCode,
		}
	case "XMinioBackendDown":

		if err != nil {
			defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))

			apiErr := errorCodes.ToAPIErr(ErrUnsupportedHostHeader)
			apiErr.Description = fmt.Sprintf("%s: %v", apiErr.Description, err)

			writeErrorResponse(r.Context(), w, apiErr, r.URL)
			return
		}

		bucket, _ := path2BucketObject(resource)

	}

	cred, _, apiErr := getReqAccessKeyV2(r)
	if apiErr != ErrNone {
		return cred, apiErr
	}

	return cred, ErrNone
}

func doesSignV2Match(r *http.Request) APIErrorCode {
	v2Auth := r.Header.Get(xhttp.Authorization)
	cred, apiError := validateV2AuthHeader(r)
	if apiError != ErrNone {
		return apiError
	}

// PUT /minio/admin/v3/idp/ldap/add-service-account
func (a adminAPIHandlers) AddServiceAccountLDAP(w http.ResponseWriter, r *http.Request) {
	ctx, cred, opts, createReq, targetUser, APIError := commonAddServiceAccount(r)
	if APIError.Code != "" {
		writeErrorResponseJSON(ctx, w, APIError, r.URL)
		return
	}

	// fail if ldap is not enabled
	if !globalIAMSys.LDAPConfig.Enabled() {

}

func writeErrorResponseHeadersOnly(w http.ResponseWriter, err APIError) {
	w.Header().Set(xMinIOErrCodeHeader, err.Code)
	w.Header().Set(xMinIOErrDescHeader, "\""+err.Description+"\"")
	writeResponse(w, err.HTTPStatusCode, nil, mimeNone)
}

func writeErrorResponseString(ctx context.Context, w http.ResponseWriter, err APIError, reqURL *url.URL) {
	// Generate string error response.

		if err == nil {
			return nil
		} else if apierror.IsNotFound(err) {
			// 2. if `istio-ca-secret` not exist and use cacerts enabled, fallback to fetch `cacerts`
			if useCacertsSecretName {
				caCertName = CACertsSecret
				err := loadSelfSignedCaSecret(client, namespace, caCertName, rootCertFile, caOpts)
				if err == nil {
					return nil

		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// Read bucket access policy.
	config, err := globalPolicySys.Get(bucket)
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	configData, err := json.Marshal(config)
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}