{Status: Enabled, Priority: 1, DeleteMarkerReplication: DeleteMarkerReplication{Status: Enabled}, DeleteReplication: DeleteReplication{Status: Disabled}, Destination: Destination{Bucket: "destinationbucket", ARN: "arn:minio:replication:xxx::destinationbucket"}},
			},
		},

		}
		e.ReplicationStats.ReplicaSize += other.ReplicationStats.ReplicaSize
		e.ReplicationStats.ReplicaCount += other.ReplicationStats.ReplicaCount
		for arn, stat := range other.ReplicationStats.Targets {
			st := e.ReplicationStats.Targets[arn]
			e.ReplicationStats.Targets[arn] = replicationStats{
				PendingSize:     stat.PendingSize + st.PendingSize,
				FailedSize:      stat.FailedSize + st.FailedSize,

		zb0001--
		field, err = dc.ReadMapKeyPtr()
		if err != nil {
			err = msgp.WrapError(err)
			return
		}
		switch msgp.UnsafeString(field) {
		case "Arn":
			z.Arn, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Arn")
				return
			}
		case "ResetID":
			z.ResetID, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "ResetID")
				return

		}, nil

	default:
		return AuthNResponse{}, fmt.Errorf("Invalid status code %d from auth plugin", resp.StatusCode)
	}
}

// GetRoleInfo - returns ARN to policies map.
func (o *AuthNPlugin) GetRoleInfo() map[arn.ARN]string {
	return map[arn.ARN]string{
		o.args.RoleARN: o.args.RolePolicy,
	}
}

// checkConnectivity returns true if we are able to connect to the plugin
// service.

}

// HasExistingObjectReplication returns true if any of the rule returns 'ExistingObjects' replication.
func (c Config) HasExistingObjectReplication(arn string) (hasARN, isEnabled bool) {
	for _, rule := range c.Rules {
		if rule.Destination.ARN == arn || c.RoleArn == arn {
			if !hasARN {
				hasARN = true
			}
			if rule.ExistingObjectReplication.Status == Enabled {
				return true, true
			}
		}
	}

	token := r.Form.Get(stsToken)
	if token == "" {
		token = r.Form.Get(stsWebIdentityToken)
	}

	accessToken := r.Form.Get(stsWebIdentityAccessToken)

	// RoleARN parameter processing: If a role ARN is given in the request, we
	// use that and validate the authentication request. If not, we assume this
	// is an STS request for a claim based IDP (if one is present) and set
	// roleArn = openid.DummyRoleARN.
	//

		return arns
	}
	region := globalSite.Region
	for targetID, target := range evnot.targetList.TargetMap() {
		// httpclient target is part of ListenNotification
		// which doesn't need to be listed as part of the ARN list
		// This list is only meant for external targets, filter
		// this out pro-actively.
		if !strings.HasPrefix(targetID.ID, "httpclient+") {
			if onlyActive {
				if _, err := target.IsActive(); err != nil {

	// Validation code
	switch {
	case conf.AWSRoleWebIdentityTokenFile == "" && conf.AWSRoleARN != "" || conf.AWSRoleWebIdentityTokenFile != "" && conf.AWSRoleARN == "":
		return nil, errors.New("both the token file and the role ARN are required")
	case conf.AccessKey == "" && conf.SecretKey != "" || conf.AccessKey != "" && conf.SecretKey == "":
		return nil, errors.New("both the access and secret keys are required")

readonlyexamplepolic # statements: # - resources: # - 'arn:aws:s3:::example*/*' # actions: # - "s3:GetObject" # - resources: # - 'arn:aws:s3:::example*' # actions: # - "s3:GetBucketLocation" # - "s3:ListBucket" # - "s3:ListBucketMultipartU" ## conditionsexample policy creates all access to example bucket with aws:username="johndoe" and source ip range 10.0.0.0/8 and 192.168.0.0/24 only # - name: conditionsexample # statements: # - resources: # - 'arn:aws:s3:::example/*' # actions: # - 's3:*' # conditions:...

		targetUser, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser)
		if err != nil {
			// if not found, check if DN
			if strings.Contains(err.Error(), "User DN not found for:") {
				if isDN {
					// warn user that DNs are not allowed
					writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErrWithErr(ErrAdminLDAPExpectedLoginName, err), r.URL)
				} else {