@Override
    public boolean isUpdateRequired(Artifact artifact, ArtifactRepository repository) {
        File file = artifact.getFile();

        ArtifactRepositoryPolicy policy = artifact.isSnapshot() ? repository.getSnapshots() : repository.getReleases();

        if (!policy.isEnabled()) {
            if (getLogger().isDebugEnabled()) {
                getLogger()

		// associated policy when credentials are used.
		claims[roleArnClaim] = roleArn.String()
	} else {
		// If no role policy is configured, then we use claims from the
		// JWT. This is a MinIO STS API specific value, this value
		// should be set and configured on your identity provider as
		// part of JWT custom claims.
		policySet, ok := policy.GetPoliciesFromClaims(claims, iamPolicyClaimNameOpenID())

    }

    @Test
    @DisplayName("resolveSids(DcerpcHandle,...) throws SmbException on unexpected retval")
    void resolveSids_throwsOnUnexpectedRetval() throws Exception {
        SIDCacheImpl cache = new SIDCacheImpl(mock(CIFSContext.class));
        DcerpcHandle handle = mock(DcerpcHandle.class);
        LsaPolicyHandle policy = mock(LsaPolicyHandle.class);

 * This class implements the LSARPC close handle operation for closing
 * LSA policy handles when they are no longer needed.
 */
public class MsrpcLsarClose extends lsarpc.LsarClose {

    /**
     * Creates a new request to close an LSA policy handle.
     *
     * @param policyHandle the policy handle to close
     */
    public MsrpcLsarClose(final LsaPolicyHandle policyHandle) {

# Security Policy

## Supported Versions

We support the past two Go releases (for example, Go 1.17.x and Go 1.18.x when Go 1.18.x is the latest stable release).

See https://go.dev/wiki/Go-Release-Cycle and in particular the
[Release Maintenance](https://go.dev/wiki/Go-Release-Cycle#release-maintenance)
part of that page.

## Reporting a Vulnerability

	idplugin "github.com/minio/minio/internal/config/identity/plugin"
	polplugin "github.com/minio/minio/internal/config/policy/plugin"
	"github.com/minio/minio/internal/config/storageclass"
	"github.com/minio/minio/internal/config/subnet"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"
)

// DelConfigKVHandler - DELETE /minio/admin/v3/del-config-kv

			// parent is an STS account. Such accounts may have a policy mapped
			// on the parent user, so we load them. This is not needed for the
			// initial server startup, however, it is needed for the case where
			// the STS account's policy mapping (for example in LDAP mode) may
			// be changed and the user's policy mapping in memory is stale
			// (because the policy change notification was missed by the current
			// server).
			//

    - Copy the `Secret` to clipboard.
    - This value is needed for `MINIO_IDENTITY_OPENID_CLIENT_SECRET` for MinIO.

- Go to Users
  - Click on the user
  - Attribute, add a new attribute `Key` is `policy`, `Value` is name of the `policy` on MinIO (ex: `readwrite`)
  - Add and Save

- Go to Clients
  - Click on `account`
  - Settings, set `Valid Redirect URIs` to `*`, expand `Advanced Settings` and set `Access Token Lifespan` to `1 Hours`

	"errors"
	"fmt"
	"net/http"

	"github.com/minio/kms-go/kes"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/auth"
	"github.com/minio/minio/internal/config"
	"github.com/minio/pkg/v3/policy"
)

// validateAdminReq will validate request against and return whether it is allowed.
// If any of the supplied actions are allowed it will be successful.
// If nil ObjectLayer is returned, the operation is not permitted.

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...