It is strongly recommended that different namespaces are used, with different service accounts.
In particular access to the security-critical production components (root CA, policy, control)
should be locked down and restricted.  The new installer allows multiple instances of
policy/control/telemetry - so testing/staging of new settings and versions can be performed
by a different role than the prod version.

| jti        | _string_       | Unique identifier for the JWT token.                                                                                                                                                    |
| policy     | _string_       | Canned policy name to be applied for STS credentials. (Recommended)                                                                                                                     |

  optional string whenDeleted = 1;

  // whenScaled specifies what happens to PVCs created from StatefulSet
  // VolumeClaimTemplates when the StatefulSet is scaled down. The default
  // policy of `Retain` causes PVCs to not be affected by a scaledown. The
  // `Delete` policy causes the associated PVCs for any excess pods above
  // the replica count to be deleted.
  optional string whenScaled = 2;
}

}
```

Now you have successfully configured Dex IdP with MinIO.

> NOTE: Dex supports groups with external connectors so you can use `groups` as policy claim instead of `name`.

```
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
```

and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`

## Explore Further

sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS

```

#### Dispatcher

By default MockWebServer uses a queue to specify a series of responses. Use a
Dispatcher (`import okhttp3.mockwebserver.Dispatcher`) to handle requests using another policy. One natural policy is to
dispatch on the request path.
You can, for example, filter the request instead of using `server.enqueue()`.

```java
final Dispatcher dispatcher = new Dispatcher() {

    @Override

# Security Policy

## Supported Versions

Information about supported Istio versions can be found on the
[Support Announcements] page on Istio's website.

## Reporting a Vulnerability

Instructions for reporting a vulnerability can be found on the
[Istio Security Vulnerabilities] page. The Istio Product Security Working Group receives
vulnerability and security issue reports, and the company affiliation of the members of

  // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
  // Likewise, if you want to write a policy that specifies that no egress is allowed,
  // you must specify a policyTypes value that include "Egress" (since such a policy would not include
  // an Egress section and would otherwise default to just [ "Ingress" ]).

  // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
  // Likewise, if you want to write a policy that specifies that no egress is allowed,
  // you must specify a policyTypes value that include "Egress" (since such a policy would not include
  // an egress section and would otherwise default to just [ "Ingress" ]).

# Security Policy

Security is very important for FastAPI and its community. 🔒

Learn more about it below. 👇

## Versions

The latest version of FastAPI is supported.

You are encouraged to [write tests](https://fastapi.tiangolo.com/tutorial/testing/) for your application and update your FastAPI version frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**.