clusterUsageBucketsCollectorPath collectorPath = "/cluster/usage/buckets"
	clusterErasureSetCollectorPath   collectorPath = "/cluster/erasure-set"
	clusterAuditCollectorPath        collectorPath = "/cluster/audit"
	clusterNotificationCollectorPath collectorPath = "/cluster/notification"
	clusterIAMCollectorPath          collectorPath = "/cluster/iam"
)

const (
	clusterBasePath = "/cluster"
)

  * The `--audit-policy-file` option is required if the `AdvancedAuditing` feature is not explicitly turned off (`--feature-gates=AdvancedAuditing=false`) on the API server.
  * The audit log file defaults to JSON encoding when using the advanced auditing feature gate.
  * An audit policy file without either an `apiVersion` or a `kind` field may be treated as invalid.

## Audit Metrics

| Name                              | Description                                               |
|:----------------------------------|:----------------------------------------------------------|
| `minio_audit_failed_messages`     | Total number of messages that failed to send since start. |

	// ReplicateIncoming - audit trail of inline replication
	ReplicateIncoming = "replicate:incoming"
	// ReplicateIncomingDelete - audit trail of inline replication of deletes.
	ReplicateIncomingDelete = "replicate:incoming:delete"

	// ReplicateHeal - audit trail for healing of failed/pending replications
	ReplicateHeal = "replicate:heal"
	// ReplicateHealDelete - audit trail of healing of failed/pending delete replications.

	d.maxSleep = maxWait
	d.cycle = make(chan struct{})
	return nil
}

const (
	// ILMExpiry - audit trail for ILM expiry
	ILMExpiry = "ilm:expiry"
	// ILMFreeVersionDelete - audit trail for ILM free-version delete
	ILMFreeVersionDelete = "ilm:free-version-delete"
	// ILMTransition - audit trail for ILM transitioning.
	ILMTransition = " ilm:transition"
)

  // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;

  // warnings is a list of warning messages to return to the requesting API client.

  // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;

  // warnings is a list of warning messages to return to the requesting API client.

	}

	domain := globalDomainNames
	services := madmin.Services{
		KMS:           fetchKMSStatus(),
		KMSStatus:     fetchKMSStatusV2(ctx),
		LDAP:          ldap,
		Logger:        log,
		Audit:         audit,
		Notifications: notifyTarget,
	}

	return madmin.InfoMessage{
		Mode:          string(mode),
		Domain:        domain,
		Region:        globalSite.Region,

	// the call to `parseForm` below), but return failure only after we are
	// able to validate that it is a valid STS request, so that we are able
	// to send an appropriate audit log.
	user, apiErrCode := checkAssumeRoleAuth(ctx, r)

	if err := parseForm(r); err != nil {
		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err)
		return
	}

- `audit.k8s.io/v1beta1` and `audit.k8s.io/v1alpha1` audit policy configuration and audit events are deprecated in favor of `audit.k8s.io/v1`, available since v1.13. kube-apiserver invocations that specify alpha or beta policy configurations with `--audit-policy-file`, or explicitly request alpha or beta audit events with `--audit-log-version` / `--audit-webhook-version` must update to use `audit.k8s.io/v1` and accept `audit.k8s.io/v1` events prior...