--initial-cluster s1=http://0.0.0.0:2380 \
  --initial-cluster-token tkn \
  --initial-cluster-state new
```

You may also setup etcd with TLS following this documentation [here](https://coreos.com/etcd/docs/latest/op-guide/security.html)

### 3. Setup MinIO with etcd

MinIO server expects environment variable for etcd as `MINIO_ETCD_ENDPOINTS`, this environment variable takes many comma separated entries.

```

{* ../../docs_src/security/tutorial002.py hl[25] *}

## ユーザーの取得

`get_current_user` は作成した（偽物の）ユーティリティ関数を使って、 `str` としてトークンを受け取り、先ほどのPydanticの `User` モデルを返却します:

{* ../../docs_src/security/tutorial002.py hl[19:22,26:27] *}

## 現在のユーザーの注入

ですので、 `get_current_user` に対して同様に *path operation* の中で `Depends` を利用できます。

{* ../../docs_src/security/tutorial002.py hl[31] *}

import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import org.junit.Test;
import org.junit.runner.RunWith;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

/**
 * Simple test adaptable to show a failure in older versions of OkHttp

Если токен недействителен, то сразу же верните HTTP-ошибку.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Обновление *операции пути* `/token`

Создайте `timedelta` со временем истечения срока действия токена.

Создайте реальный токен доступа JWT и верните его

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

### Технические подробности о JWT ключе `sub`

 * a handle to a specific domain in the Security Account Manager.
 */
public class MsrpcSamrOpenDomain extends samr.SamrOpenDomain {

    /**
     * Creates a new request to open a domain handle.
     *
     * @param handle the SAM policy handle
     * @param access the desired access rights
     * @param sid the security identifier of the domain
     * @param domainHandle the domain handle to be populated

import com.google.common.collect.ImmutableSet;
import com.google.common.util.concurrent.FuturesGetChecked.GetCheckedTypeValidator;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.util.ArrayList;
import java.util.List;
import java.util.TooManyListenersException;
import java.util.concurrent.BrokenBarrierException;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginException;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;

 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.Certificate
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.platform.Platform

/**

     */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /**
     * Security signatures are supported flag.
     */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /**
     * Security signatures are required flag.
     */
    int FLAGS2_SECURITY_REQUIRE_SIGNATURES = 0x0010;
    /**
     * Extended security negotiation is supported flag.
     */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;

 */
package okhttp3.internal.platform.android

import android.net.http.X509TrustManagerExtensions
import java.lang.IllegalArgumentException
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck