SUPPORTS_PUT,
  SUPPORTS_REMOVE,
  FAILS_FAST_ON_CONCURRENT_MODIFICATION,
  /**
   * Indicates that the constructor or factory method of a map, usually an immutable map, throws an
   * {@link IllegalArgumentException} when presented with duplicate keys instead of discarding all
   * but one.
   */
  REJECTS_DUPLICATES_AT_CREATION,

  GENERAL_PURPOSE(SUPPORTS_PUT, SUPPORTS_REMOVE);

  private final Set<Feature<? super Map>> implied;

   * Object#toString}.
   */
  NON_STANDARD_TOSTRING,

  /**
   * Indicates that the constructor or factory method of a collection, usually an immutable set,
   * throws an {@link IllegalArgumentException} when presented with duplicate elements instead of
   * collapsing them to a single element or including duplicate instances in the collection.
   */
  REJECTS_DUPLICATES_AT_CREATION,

  SUPPORTS_ADD,
  SUPPORTS_REMOVE,

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

	// which means the policy exceeded the allowed space.
	PackedPolicySize int `xml:",omitempty"`

	// The issuing authority of the web identity token presented. For OpenID Connect
	// ID tokens, this contains the value of the iss field. For OAuth 2.0 id_tokens,
	// this contains the value of the ProviderId parameter that was passed in the
	// AssumeRoleWithWebIdentity request.

import java.util.Collections;

/**
 * An {@link ClusterException} is a data structure that allows for some code to "throw multiple
 * exceptions", or something close to it. The prototypical code that calls for this class is
 * presented below:
 *
 * <pre>
 * void runManyThings({@literal List<ThingToRun>} thingsToRun) {
 *   for (ThingToRun thingToRun : thingsToRun) {
 *     thingToRun.run(); // say this may throw an exception, but you want to

message APIGroupDiscovery {
  // Standard object's metadata.
  // The only field completed will be name. For instance, resourceVersion will be empty.
  // name is the name of the API group whose discovery information is presented here.
  // name is allowed to be "" to represent the legacy, ungroupified resources.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional

 *
 *  * Application Layer Protocol Negotiation (ALPN) enables the HTTPS port (443) to be used to
 *    negotiate HTTP/2.
 *
 * Unfortunately, older HTTPS servers refuse to connect when such options are presented. Rather than
 * avoiding these options entirely, this class allows a connection to be attempted with modern
 * options and then retried without them should the attempt fail.
 *
 * ## Connection Reuse
 *

message TokenReviewSpec {
  // Token is the opaque bearer token.
  // +optional
  optional string token = 1;

  // Audiences is a list of the identifiers that the resource server presented
  // with the token identifies as. Audience-aware token authenticators will
  // verify that the token was intended for at least one of the audiences in
  // this list. If no audiences are provided, the audience will default to the

                                      verifying a presented server certificate.'
                                    type: string
                                  caCrl:
                                    description: 'OPTIONAL: The path to the file containing
                                      the certificate revocation list (CRL) to use
                                      in verifying a presented server certificate.'

    // yet absolute. This is needed because server certificates do not normally contain absolute
    // names or patterns, but they should be treated as absolute. At the same time, any hostname
    // presented to this method should also be treated as absolute for the purposes of matching
    // to the server certificate.
    //   www.android.com  matches www.android.com
    //   www.android.com  matches www.android.com.