1. Export existing PodSecurityPolicy objects:
  * `kubectl get podsecuritypolicies -o yaml > psp.yaml`
2. Review and delete any PodSecurityPolicy objects you do not want all pod-creating users to be able to use (NOTE: Privileged users that were making use of those policies will also lose access to those policies). For example:
  * `kubectl delete podsecuritypolicies/my-privileged-policy`
3. After upgrading to 1.5.5, re-create the exported PodSecurityPolicy objects:

  /**
   * Returns the composition of two functions. For {@code f: A->B} and {@code g: B->C}, composition
   * is defined as the function h such that {@code h(a) == g(f(a))} for each {@code a}.
   *
   * <p><b>JRE users and Android users who opt in to library desugaring:</b> use {@code
   * g.compose(f)} or (probably clearer) {@code f.andThen(g)} instead. Note that it is not
   * serializable.
   *
   * @param g the second function to apply

   open, and any responsibility can be carried by a contributor who demonstrates the required
   capacity and competence.

 * **Be considerate**: People use our work, and we depend on the work of others. Consider users and
   colleagues before taking action. For example, changes to code, infrastructure, policy, and
   documentation may negatively impact others.

Date:   Sat Jun 15 11:27:17 2019 -0700

    [security] Match ${aws:username} exactly instead of prefix match (#7791)

    This PR fixes a security issue where an IAM user based
    on his policy is granted more privileges than restricted
    by the users IAM policy.

    This is due to an issue of prefix based Matcher() function
    which was incorrectly matching prefix based on resource
    prefixes instead of exact match.
```

}
```

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Casdoor user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

MinIO server configuration file allows users to provide topology that allows for heterogeneous hostnames, allowing MinIO to deployed in pre-existing environments without any further OS level configurations.

  "detail": "Not authenticated"
}
```

### 비활성된 유저

이제 비활성된 사용자로 시도하고, 인증해봅시다:

유저명: `alice`

패스워드: `secret2`

그리고 `/users/me` 경로와 함께 `GET` 작업을 사용해 봅시다.

다음과 같은 "Inactive user" 오류가 발생합니다:

```JSON
{
  "detail": "Inactive user"
}
```

## 요약

이제 API에 대한 `username` 및 `password`를 기반으로 완전한 보안 시스템을 구현할 수 있는 도구가 있습니다.

latency, reduced cpu/memory consumption (~4mb per monitored node).
  * Pods now have a security context which allows users to specify:
     * attributes which apply to the whole pod:
        * User ID
        * Whether all containers should be non-root
        * Supplemental Groups
        * FSGroup - a special supplemental group
        * SELinux options

        That's a lot of work they are doing, but if more FastAPI users came to help others like them just a little bit more, it would be much less effort for them (and you and me 😅).

        By asking questions in a structured way (following this) it will be much easier to help you.

    # - - - - - - - - - -/

    # /- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    # o applicationOutsideSqlMap: (NotRequired - Default map:{})
    #  You can set additional users.
    #  Elements of this map are as below:
    #   o key of map: a relative path to the application project from DBFlute client
    #   o sqlDirectory: SQL directory as a relative path from the application directory