// set during decommissioning.
	if reqInfo := logger.GetReqInfo(ctx); reqInfo != nil {
		reqInfo.PopulateTagsMap(opts.Tags)
	}
	ctx = logger.SetAuditEntry(ctx, &entry)
	logger.AuditLog(ctx, nil, nil, nil)
}

func newTLSConfig(getCert certs.GetCertificateFunc) *tls.Config {
	if getCert == nil {
		return nil
	}

	tlsConfig := &tls.Config{
		PreferServerCipherSuites: true,

     * Clears sensitive authentication data
     */
    void clearSensitiveData();

    /**
     * Gets authentication metadata for auditing
     *
     * @return authentication metadata
     */
    AuthenticationMetadata getMetadata();

    /**
     * Authentication metadata for auditing and logging
     */
    class AuthenticationMetadata {
        private final String username;
        private final String domain;

			VersionID:    oi.VersionID,
			UserDefined:  oi.UserDefined,
			NoAuditLog:   true,
			DataMovement: true,
			SrcPoolIdx:   poolIdx,
		})
		if err != nil {
			return fmt.Errorf("rebalanceObject: NewMultipartUpload() %w", err)
		}
		defer z.AbortMultipartUpload(ctx, bucket, oi.Name, res.UploadID, ObjectOptions{NoAuditLog: true})

		parts := make([]CompletePart, len(oi.Parts))

			VersionID:    objInfo.VersionID,
			UserDefined:  objInfo.UserDefined,
			NoAuditLog:   true,
			SrcPoolIdx:   idx,
			DataMovement: true,
		})
		if err != nil {
			return fmt.Errorf("decommissionObject: NewMultipartUpload() %w", err)
		}
		defer z.AbortMultipartUpload(ctx, bucket, objInfo.Name, res.UploadID, ObjectOptions{NoAuditLog: true})
		parts := make([]CompletePart, len(objInfo.Parts))

		[]MetricDescriptor{
			webhookFailedMessagesMD,
			webhookQueueLengthMD,
			webhookTotalMessagesMD,
		},
		loadLoggerWebhookMetrics,
	)

	auditMG := NewMetricsGroup(auditCollectorPath,
		[]MetricDescriptor{
			auditFailedMessagesMD,
			auditTargetQueueLengthMD,
			auditTotalMessagesMD,
		},
		loadAuditMetrics,
	)

	if lrw.ttfbBody != 0 {
		return lrw.ttfbBody
	}
	return lrw.ttfbHeader
}

// NewResponseRecorder - returns a wrapped response writer to trap
// http status codes for auditing purposes.
func NewResponseRecorder(w http.ResponseWriter) *ResponseRecorder {
	rf, _ := w.(io.ReaderFrom)
	return &ResponseRecorder{
		ResponseWriter: w,
		ReaderFrom:     rf,
		StatusCode:     http.StatusOK,

    /** Maximum length of script text included in warning log messages. Configurable via DI. */
    protected int maxScriptLogLength = 200;

    /** Whether to log script execution details for auditing purposes. Configurable via DI. */
    protected boolean scriptAuditLogEnabled;

    private Cache<String, CachedScript> scriptCache;

    /**
     * Default constructor for GroovyEngine.
     */

// update metadata.
func (er erasureObjects) CopyObject(ctx context.Context, srcBucket, srcObject, dstBucket, dstObject string, srcInfo ObjectInfo, srcOpts, dstOpts ObjectOptions) (oi ObjectInfo, err error) {
	if !dstOpts.NoAuditLog {
		auditObjectErasureSet(ctx, "CopyObject", dstObject, &er)
	}

	// This call shouldn't be used for anything other than metadata updates or adding self referential versions.
	if !srcInfo.metadataOnly {

	EvalRetentionBypassFn EvalRetentionBypassFn // only set for enforcing retention bypass on DeleteObject.

	FastGetObjInfo bool // Only for S3 Head/Get Object calls for now
	NoAuditLog     bool // Only set for decom, rebalance, to avoid double audits.
}

// WalkOptions provides filtering, marker and other Walk() specific options.
type WalkOptions struct {

* Advanced auditing is the default auditing mechanism at `v1beta1`. The new version introduces the following changes:

  * The `--audit-policy-file` option is required if the `AdvancedAuditing` feature is not explicitly turned off (`--feature-gates=AdvancedAuditing=false`) on the API server.
  * The audit log file defaults to JSON encoding when using the advanced auditing feature gate.