).int()
    .default(DEFAULT_TIMEOUT)

  val followRedirects: Boolean by option("-L", "--location").help("Follow redirects").flag()

  val allowInsecure: Boolean by option("-k", "--insecure").help("Allow connections to SSL sites without certs").flag()

  val showHeaders: Boolean by option("-i", "--include").help("Include protocol headers in the output").flag()

                if (optSelectedProject.isPresent()) {
                    resolvedOptionalProjects.add(optSelectedProject.get());
                    if (activation.activationSettings().recurse()) {
                        resolvedOptionalProjects.addAll(getChildProjects(optSelectedProject.get(), request));
                    }
                } else {
                    unresolvedSelectors.add(activation);

if [ "${expected_checksum}" != "${got_checksum}" ]; then
	echo "BUG: decommission failed on encrypted objects: expected ${expected_checksum} got ${got_checksum}"
	exit 1
fi

./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned

			case *ast.TypeSpec:
				if isDeprecated(n.Doc) {
					mark(n.Name)
				}
				return true // recurse into struct or interface type
			case *ast.StructType:
				return true // recurse into fields
			case *ast.InterfaceType:
				return true // recurse into methods
			case *ast.FieldList:
				return true // recurse into fields
			case *ast.ValueSpec:
				if isDeprecated(n.Doc) {
					for _, id := range n.Names {

	defer store.unlock()

	secret, err := getTokenSigningKey()
	if err != nil {
		return err
	}

	var revoked bool
	for _, ui := range cache.iamSTSAccountsMap {
		if ui.Credentials.ParentUser != parentUser {
			continue
		}
		if tokenRevokeType != "" {
			claims, err := getClaimsFromTokenWithSecret(ui.Credentials.SessionToken, secret)
			if err != nil {

Vous pouvez utiliser <a href="https://www.docker.com/" class="external-link" target="_blank">**Docker**</a> pour le déploiement. Il présente plusieurs avantages comme la sécurité, la réplicabilité, la simplicité de développement, etc.

Si vous utilisez Docker, vous pouvez utiliser l'image Docker officielle :

        options.addOption(Option.builder(Character.toString(NON_RECURSIVE))
                .longOpt("non-recursive")
                .desc(
                        "Do not recurse into sub-projects. When used together with -pl, do not recurse into sub-projects of selected aggregators")
                .build());
        options.addOption(Option.builder(Character.toString(UPDATE_SNAPSHOTS))
                .longOpt("update-snapshots")

可以看到如下用户界面：

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image07.png">

用与上一章同样的方式实现应用授权。

使用如下凭证：

用户名: `johndoe` 密码: `secret`

/// check | 检查

注意，代码中没有明文密码**`secret`**，只保存了它的哈希值。

///

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image08.png">

调用 `/users/me/` 端点，收到下面的响应：

```JSON
{
  "username": "johndoe",

credentials without including MinIO default credentials. Instead, the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithClientGrants last for one hour. However, use...

   </ResponseMetadata>
</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.