# up-to-date, and that each module accurately documents the evil things
# that its dependencies do.
#
# For more information, look at ThirdPartyAuditTask.groovy in buildSrc/

#
# Ruleset to fail on java internal apis, using this logic:
# http://docs.oracle.com/javase/8/docs/api/java/lang/SecurityManager.html#checkPackageAccess-java.lang.String-
#
# // The list may change at any time, regenerated with:

## Concepts

- If an object is under legal hold, it cannot be deleted unless the legal hold is explicitly removed for the respective version id. DeleteObjectVersion() would fail otherwise.
- In `Compliance` mode, objects cannot be deleted by anyone until retention period has expired for the given version id. If user has governance bypass permissions, an object's retention date can be extended in `Compliance` mode.

mc cp /etc/issue myminio/test
mc admin user add myminio foo foobar123
export MC_HOST_foo=http://foo:foobar123@localhost:9000
mc ls foo
mc cp /etc/issue myminio/test/issue2
```

Only the last operation would fail with a permissions error.

## Configuration

Access Management Plugin can be configured with environment variables:

```sh
$ mc admin config set myminio policy_plugin --env
KEY:

    // TODO: write a test that shows pooled connections detect HTTP/1.0 (vs. HTTP/1.1)
    fail("TODO")
  }

  @Test
  @Disabled
  fun postBodiesRetransmittedOnAuthProblems() {
    fail("TODO")
  }

  @Test
  @Disabled
  fun cookiesAndTrailers() {
    // Do cookie headers get processed too many times?
    fail("TODO")
  }

  @Test
  fun emptyRequestHeaderValueIsAllowed() {

connectToMinio # Use a check-sleep-check loop to wait for MinIO service to be available connectToMinio() { SCHEME=$1 ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts set -e ; # fail if we can't read the keys. ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; set +e ; # The connections to minio are allowed to fail. echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; $MC_COMMAND...

./mc admin policy info minio1 rw
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy info minio2 rw
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy info minio3 rw
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin user info minio1 foobar

                 * be cached and cause other types to fail even though they may
                 * not be the authority for the name. For example, if a WINS lookup
                 * for FOO fails and caches unknownAddress for FOO, a subsequent
                 * lookup for FOO using BCAST should not fail because of that
                 * name cached from WINS.
                 *

        assertNotNull(service);
    }

    @Test
    public void test_setupStoreCondition_nullInput() {
        try {
            crawlingInfoService.setupStoreCondition(null);
            fail("Should throw FessSystemException for null input");
        } catch (final FessSystemException e) {
            assertEquals("Crawling Session is null.", e.getMessage());
        }
    }

    @Test

    expectUnchanged();
  }

  @CollectionSize.Require(ZERO)
  @ListFeature.Require(absent = SUPPORTS_SET)
  public void testSet_unsupportedByEmptyList() {
    try {
      getList().set(0, e3());
      fail("set() should throw UnsupportedOperationException or IndexOutOfBoundsException");
    } catch (UnsupportedOperationException | IndexOutOfBoundsException expected) {
    }
    expectUnchanged();
  }

				return nil, errInvalidAccessKeyID
			}
			return []byte(cred.SecretKey), nil
		} // this means claims.AccessKey == rootAccessKey
		if !globalAPIConfig.permitRootAccess() {
			// if root access is disabled, fail this request.
			return nil, errAccessKeyDisabled
		}
		return []byte(globalActiveCred.SecretKey), nil
	}); err != nil {
		return claims, nil, false, errAuthentication
	}
	owner := true
	var groups []string