sid_t *sid;
	} LsarDnsDomainInfo;

	enum {
		POLICY_INFO_AUDIT_EVENTS   = 2,
		POLICY_INFO_PRIMARY_DOMAIN = 3,
		POLICY_INFO_ACCOUNT_DOMAIN = 5,
		POLICY_INFO_SERVER_ROLE    = 6,
		POLICY_INFO_MODIFICATION   = 9,
		POLICY_INFO_DNS_DOMAIN     = 12
	};

	typedef [switch_type(short)] union {
		[case(POLICY_INFO_ACCOUNT_DOMAIN)] LsarDomainInfo account_domain;
		[case(POLICY_INFO_DNS_DOMAIN)] LsarDnsDomainInfo dns_domain;

		sid_t *sid;
	} LsarDnsDomainInfo;

	enum {
		POLICY_INFO_AUDIT_EVENTS   = 2,
		POLICY_INFO_PRIMARY_DOMAIN = 3,
		POLICY_INFO_ACCOUNT_DOMAIN = 5,
		POLICY_INFO_SERVER_ROLE    = 6,
		POLICY_INFO_MODIFICATION   = 9,
		POLICY_INFO_DNS_DOMAIN     = 12
	};

	typedef [switch_type(short)] union {
		[case(POLICY_INFO_ACCOUNT_DOMAIN)] LsarDomainInfo account_domain;
		[case(POLICY_INFO_DNS_DOMAIN)] LsarDnsDomainInfo dns_domain;

	}

	roleArn := policy.Args{Claims: cred.Claims}.GetRoleArn()
	policySetFromClaims, hasPolicyClaim := policy.GetPoliciesFromClaims(cred.Claims, iamPolicyClaimNameOpenID())
	var effectivePolicy policy.Policy

	var buf []byte
	switch {
	case accountName == globalActiveCred.AccessKey:
		for _, policy := range policy.DefaultPolicies {
			if policy.Name == "consoleAdmin" {

	"github.com/minio/minio/internal/config"
	"github.com/minio/pkg/v2/env"
	xnet "github.com/minio/pkg/v2/net"
	"github.com/minio/pkg/v2/policy"
)

// Env IAM OPA URL
const (
	URL       = "url"
	AuthToken = "auth_token"

	EnvPolicyOpaURL       = "MINIO_POLICY_OPA_URL"
	EnvPolicyOpaAuthToken = "MINIO_POLICY_OPA_AUTH_TOKEN"
)

// DefaultKVS - default config for OPA config
var (
	DefaultKVS = config.KVS{
		config.KV{

		// Key which doesn't start with user/user1/filename
		{Bucket: "testbucket", Key: "myfile.txt", XAmzDate: "20160727T000000Z", XAmzMetaUUID: "14365123651274", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
		// Incorrect bucket name.

// error returned in IAM subsystem when policy doesn't exist.
var errNoSuchPolicy = errors.New("Specified canned policy does not exist")

// error returned when policy to be deleted is in use.
var errPolicyInUse = errors.New("Specified policy is in use and cannot be deleted.")

// error returned when more than a single policy is specified when only one is
// expected.

  /**
   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
   *
   * @since 30.0
   */
  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
      "Cross-Origin-Embedder-Policy-Report-Only";
  /**
   * The HTTP Cross-Origin-Opener-Policy header field name.

		// KMS Policy APIs
		kmsRouter.Methods(http.MethodPost).Path(version+"/policy/assign").HandlerFunc(gz(httpTraceAll(kmsAPI.KMSAssignPolicyHandler))).Queries("policy", "{policy:.*}")
		kmsRouter.Methods(http.MethodGet).Path(version+"/policy/describe").HandlerFunc(gz(httpTraceAll(kmsAPI.KMSDescribePolicyHandler))).Queries("policy", "{policy:.*}")

```yaml

  fun evictAll() {
    delegate.evictAll()
  }

  /**
   * Sets a policy that applies to [address].
   * Overwrites any existing policy for that address.
   */
  @ExperimentalOkHttpApi
  fun setPolicy(
    address: Address,
    policy: AddressPolicy,
  ) {
    delegate.setPolicy(address, policy)
  }

  /**
   * A policy for how the pool should treat a specific address.
   */
  class AddressPolicy(