`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

		// part of JWT custom claims.
		policySet, ok := policy.GetPoliciesFromClaims(claims, iamPolicyClaimNameOpenID())
		policies := strings.Join(policySet.ToSlice(), ",")
		if ok {
			policyName = globalIAMSys.CurrentPolicies(policies)
		}

		if newGlobalAuthZPluginFn() == nil {
			if !ok {
				writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue,

				if policy.IsEmpty() {
					err = globalIAMSys.DeletePolicy(ctx, policyName, true)
					removed.Policies = append(removed.Policies, policyName)
				} else {
					_, err = globalIAMSys.SetPolicy(ctx, policyName, policy)
					added.Policies = append(added.Policies, policyName)
				}
				if err != nil {
					writeErrorResponseJSON(ctx, w, importError(ctx, err, allPoliciesFile, policyName), r.URL)

Use [`mc admin policy`](https://docs.min.io/community/minio-object-store/reference/minio-mc-admin/mc-admin-policy.html) to create canned policies. Server provides a default set of canned policies namely `writeonly`, `readonly` and `readwrite` *(these policies apply to all resources on the server)*. These can be overridden by custom policies using `mc admin policy` command.

	}

	time.Sleep(4 * time.Second)

	policies, err := globalIAMSys.PolicyDBGet(ucreds.AccessKey)
	if err != nil {
		t.Fatalf("unable to get policy to credential, %s", err)
	}

	if len(policies) == 0 {
		t.Fatal("no policies found")
	}

	if policies[0] != "consoleAdmin" {
		t.Fatalf("expected 'consoleAdmin', %s", policies[0])
	}
}

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

- Creation and deletion of buckets and objects
- Creation and deletion of all IAM users, groups, policies and their mappings to users or groups
- Creation of STS credentials
- Creation and deletion of service accounts (except those owned by the root user)
- Changes to Bucket features such as:
  - Bucket Policies
  - Bucket Tags
  - Bucket Object-Lock configurations (including retention and legal hold configuration)

{{- if or .Values.buckets .Values.users .Values.policies .Values.customCommands .Values.svcaccts }}
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ template "minio.fullname" . }}-post-job
  labels:
    app: {{ template "minio.name" . }}-post-job
    chart: {{ template "minio.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
  annotations:
    "helm.sh/hook": post-install,post-upgrade