`/<user-running-minio>/.minio/certs`.

*Tip*: In a standard Kubernetes configuration, this will be `/root/.minio/certs`. Kubernetes will mount the secrets volume read-only,

	flag.StringVar(&path, "path", "", "path name where the attribute shall be applied")
	flag.StringVar(&name, "name", "", "attribute name or it can be a wildcard if '.' is specified")
	flag.Uint64Var(&value, "value", 0, "attribute value expects the value to be uint64")
	flag.BoolVar(&set, "set", false, "this is a set attribute operation")

	flag.Parse()

	if set && value == 0 {
		log.Fatalln("setting an attribute requires a non-zero value")
	}

			if res[part] == nil {
				res[part] = make(map[string]string, 1)
			}
			res[part][typ.String()] = cs
		}
	}
	return res
}

// NewChecksumWithType is similar to NewChecksumString but expects input algo of ChecksumType.
func NewChecksumWithType(alg ChecksumType, value string) *Checksum {
	if !alg.IsSet() {
		return nil
	}
	bvalue, err := base64.StdEncoding.DecodeString(value)
	if err != nil {

			if string(key) == "accessKey" {
				if dataType != jsonparser.String {
					return errors.New("accessKey: Expected string")
				}
				c.AccessKey, err = jsonparser.ParseString(value)
				return err
			}
			if string(key) == "aud" {
				if dataType != jsonparser.String {
					return errors.New("aud: Expected string")
				}
				c.Audience, err = jsonparser.ParseString(value)
				return err
			}
		case 'e':

			},
		},
	}

	entRes.Timestamp = time.Time{}
	if !reflect.DeepEqual(expected, entRes) {
		c.Fatalf("policy entities mismatch: expected: %v, got: %v", expected, entRes)
	}

	dn := "uid=svc.algorithm,ou=swengg,dc=min,dc=io"
	res, err := s.adm.ListAccessKeysLDAP(ctx, dn, "")
	if err != nil {
		c.Fatalf("Unable to list access keys: %v", err)
	}

```

### Things to know

- Fields such as `version` and `pools` are mandatory, however all other fields are optional.
- Each pool expects a minimum of 2 nodes per pool, and unique non-repeating hosts for each argument.
- Each pool expects each host in this pool has the same number of drives specified as any other host.

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

Query parameters:

| Parameter Name | Value Type | Purpose                                                                 |

  --initial-cluster-state new
```

You may also setup etcd with TLS following this documentation [here](https://coreos.com/etcd/docs/latest/op-guide/security.html)

### 3. Setup MinIO with etcd

MinIO server expects environment variable for etcd as `MINIO_ETCD_ENDPOINTS`, this environment variable takes many comma separated entries.

```
export MINIO_ETCD_ENDPOINTS=http://localhost:2379
minio server /data
```

		}
		switch header {
		case "expect":
			// Golang http server strips off 'Expect' header, if the
			// client sent this as part of signed headers we need to
			// handle otherwise we would see a signature mismatch.
			// `aws-cli` sets this as part of signed headers.
			//
			// According to
			// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.20
			// Expect header is always of form:
			//

		}
		if testCase.expected != ErrNone {
			// Should be set since we are simulating a http server.
			req.RequestURI = req.URL.RequestURI()
			// Check if it matches!
			errCode := doesPresignV2SignatureMatch(req)
			if errCode != testCase.expected {
				t.Errorf("(%d) expected to get %s, instead got %s", i, niceError(testCase.expected), niceError(errCode))
			}
		} else {