set & exists # Since PURGE is user input, check explicitly for `true` if [ $PURGE = true ]; then if checkBucketExists $BUCKET ; then echo "Purging bucket '$BUCKET'." set +e ; # don't exit if this fails ${MC} rm -r --force myminio/$BUCKET set -e ; # reset `e` as active else echo "Bucket '$BUCKET' does not exist, skipping purge." fi fi # Create the bucket if it does not exist if ! checkBucketExists $BUCKET ; then echo "Creating bucket '$BUCKET'" ${MC} mb myminio/$BUCKET else echo "Bucket '$BUCKET' already...

allow {
 input.action != "s3:PutObject"
 input.owner == false
}
EOF
```

Then load the policy via OPA's REST API.

```
curl -X PUT --data-binary @example.rego \
  localhost:8181/v1/policies/putobject
```

### 4. Setup MinIO with OPA

Set the `MINIO_POLICY_PLUGIN_URL` as the endpoint that MinIO should send authorization requests to. Then start the server.

```sh

///

## Hướng dẫn nâng cao

Cũng có một **Hướng dẫn nâng cao** mà bạn có thể đọc nó sau **Hướng dẫn sử dụng**.

**Hướng dẫn sử dụng nâng cao**, xây dựng dựa trên cái này, sử dụng các khái niệm tương tự, và dạy bạn những tính năng mở rộng.

Nhưng bạn nên đọc **Hướng dẫn sử dụng** đầu tiên (những gì bạn đang đọc).

        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v5
        with:
          # To allow latest-changes to commit to the main branch
          token: ${{ secrets.FASTAPI_LATEST_CHANGES }}
      # Allow debugging with tmate
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3

We convert this iterable object into a proper `list` with `list(data.items())`.

Then with `random.choice()` we can get a **random value** from the list, so, we get a tuple with `(id, name)`. It will be something like `("imdb-tt0371724", "The Hitchhiker's Guide to the Galaxy")`.

Then we **assign those two values** of the tuple to the variables `id` and `name`.

          if [ -z "$container_name" ]; then
            echo "Error: failed to find a container created from the 'opengauss/opengauss:7.0.0-RC1.B023' image."
            exit 1
          fi
          max_retries=12
          retry_count=0
          if [ -t 0 ]; then
            TTY_FLAG="-t"
          else
            TTY_FLAG=""
          fi

	if err != nil {
		c.Fatalf("bucket create error: %v", err)
	}

	// Generate web identity STS token by interacting with OpenID IDP.
	token, err := MockOpenIDTestUserInteraction(ctx, testAppParams, "******@****.***", "dillon")
	if err != nil {
		c.Fatalf("mock user err: %v", err)
	}
	// fmt.Printf("TOKEN: %s\n", token)

	webID := cr.STSWebIdentity{
		Client:      s.TestSuiteCommon.client,

  private final boolean plusForSpace;

  /**
   * An array of flags where for any {@code char c} if {@code safeOctets[c]} is true then {@code c}
   * should remain unmodified in the output. If {@code c >= safeOctets.length} then it should be
   * escaped.
   */
  private final boolean[] safeOctets;

  /**

Then we use the request directly, and extract the body as `bytes`. This means that FastAPI won't even try to parse the request payload as JSON.

And then in our code, we parse that YAML content directly, and then we are again using the same Pydantic model to validate the YAML content:

//// tab | Pydantic v2

            throw new SsoLoginException("could not validate nonce", e);
        }
    }

    /**
     * Obtains an access token using a refresh token.
     * @param refreshToken The refresh token to use for token acquisition.
     * @return The authentication result containing the access token.
     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {