return "No bucket lifecycle configuration found for bucket : " + e.Bucket
}

// BucketSSEConfigNotFound - no bucket encryption found
type BucketSSEConfigNotFound GenericError

func (e BucketSSEConfigNotFound) Error() string {
	return "No bucket encryption configuration found for bucket: " + e.Bucket
}

// BucketTaggingNotFound - no bucket tags found
type BucketTaggingNotFound GenericError

}

// get ObjectOptions for Copy calls with encryption headers provided on the target side and source side metadata
func copyDstOpts(ctx context.Context, r *http.Request, bucket, object string, metadata map[string]string) (opts ObjectOptions, err error) {
	return putOptsFromReq(ctx, r, bucket, object, metadata)
}

// get ObjectOptions for Copy calls with encryption headers provided on the source side

		configLogIf(ctx, fmt.Errorf("Invalid site configuration: %w", err))
	}

	globalAutoEncryption = crypto.LookupAutoEncryption() // Enable auto-encryption if enabled
	if globalAutoEncryption && GlobalKMS == nil {
		logger.Fatal(errors.New("no KMS configured"), "MINIO_KMS_AUTO_ENCRYPTION requires a valid KMS configuration")
	}

	transport := NewHTTPTransport()

	bootstrapTraceMsg("initialize the event notification targets")

			"X-Amz-Server-Side-Encryption":                []string{""},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
			"X-Amz-Server-Side-Encryption-Context":        []string{""},
		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5

//
// This list should be kept alphabetically sorted, do not hastily edit.
var resourceList = []string{
	"acl",
	"cors",
	"delete",
	"encryption",
	"legal-hold",
	"lifecycle",
	"location",
	"logging",
	"notification",
	"partNumber",
	"policy",
	"requestPayment",
	"response-cache-control",
	"response-content-disposition",

	// MetaSealedKeyKMS is the sealed object encryption key in case of SSE-KMS
	MetaSealedKeyKMS = "X-Minio-Internal-Server-Side-Encryption-Kms-Sealed-Key"

	// MetaKeyID is the KMS master key ID used to generate/encrypt the data
	// encryption key (DEK).
	MetaKeyID = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id"
	// MetaDataEncryptionKey is the sealed data encryption key (DEK) received from

		}
		// Try to generate a data encryption key. Only try to create key if this fails.
		// This implicitly checks that we can communicate to KES.
		// We don't treat a policy error as failure condition since MinIO may not have the permission
		// to create keys - just to generate/decrypt data encryption keys.

//
//	For example: ceb8853ddc5086cc4ab9e149f8f09c88-5
//
// However, this scheme is only used for multipart objects that are
// not encrypted.
//
// # Server-side Encryption
//
// S3 specifies three types of server-side-encryption - SSE-C, SSE-S3
// and SSE-KMS - with different semantics w.r.t. ETags.
// In case of SSE-S3, the ETag of an object is computed the same as

	AmzFwdHeaderSSE                   = "x-amz-fwd-header-x-amz-server-side-encryption"
	AmzFwdHeaderSSEC                  = "x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm"
	AmzFwdHeaderSSEKMSID              = "x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id"
	AmzFwdHeaderSSECMD5               = "x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5"

			Description: `comma separated wildcard mime-types` + defaultHelpPostfix(MimeTypes),
			Optional:    true,
			Type:        "csv",
		},
		config.HelpKV{
			Key:         AllowEncrypted,
			Description: `enable 'encryption' along with compression`,
			Optional:    true,
			Type:        "on|off",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,