return 0
}

# checkPolicyExists ($policy)
# Check if the policy exists, by using the exit code of `mc admin policy info`
checkPolicyExists() {
  POLICY=$1
  CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
  return $?
}

# createPolicy($name, $filename)
createPolicy () {
  NAME=$1
  FILENAME=$2

  # Create the name if it does not exist
  echo "Checking policy: $NAME (in /config/$FILENAME.json)"

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

```
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```

When using `Cilium` as a CNI in your cluster, please edit the `flavor` field to `cilium`.

With NetworkPolicy enabled, traffic will be limited to just port 9000.

    # Check if policy file is define
    if [ -z $FILENAME ]; then
      ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER
    else
      ${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER
    fi

Date:   Sat Jun 15 11:27:17 2019 -0700

    [security] Match ${aws:username} exactly instead of prefix match (#7791)

    This PR fixes a security issue where an IAM user based
    on his policy is granted more privileges than restricted
    by the users IAM policy.

    This is due to an issue of prefix based Matcher() function
    which was incorrectly matching prefix based on resource
    prefixes instead of exact match.
```

```
mc admin group remove myminio newgroup
```

### 6. Change user or group policy

Change the policy for user `newuser` to `putonly` canned policy.

```
mc admin policy attach myminio putonly --user=newuser
```

Change the policy for group `newgroup` to `putonly` canned policy.

```
mc admin policy attach myminio putonly --group=newgroup
```

### 7. List all users or groups

			fi
		fi
	else
		echo "Bucket '$BUCKET' versioning unchanged."
	fi

	# At this point, the bucket should exist, skip checking for existence
	# Set policy on the bucket
	echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
	${MC} anonymous set $POLICY myminio/$BUCKET
}

# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}

MINIO_IDENTITY_PLUGIN_ROLE_POLICY*  (string)    policies to apply for plugin authorized users
MINIO_IDENTITY_PLUGIN_ROLE_ID       (string)    unique ID to generate the ARN
MINIO_IDENTITY_PLUGIN_COMMENT       (sentence)  optionally add a comment to this setting
```

If provided, the auth token parameter is sent as an authorization header.

In case of certificate-based authentication, MinIO has to map the client-provided certificate to an S3 policy. MinIO does this via the subject common name field of the X.509 certificate. So, MinIO will associate a certificate with a subject `CN = foobar` to a S3 policy named `foobar`.

| jti        | _string_       | Unique identifier for the JWT token.                                                                                                                                                    |
| policy     | _string_       | Canned policy name to be applied for STS credentials. (Recommended)                                                                                                                     |