//go:build darwin || freebsd || openbsd || netbsd
// +build darwin freebsd openbsd netbsd

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//

//go:build freebsd || netbsd || openbsd || darwin
// +build freebsd netbsd openbsd darwin

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//

//go:build !linux && !netbsd && !freebsd && !darwin && !openbsd
// +build !linux,!netbsd,!freebsd,!darwin,!openbsd

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or

        1 * visitor.onEnd()
        0 * visitor._
    }

    def normalizesHtmlElementNamesToLowercase() {
        when:
        lexer.pushText("<P></End>")
        lexer.visit(visitor)

        then:
        1 * visitor.onStartHtmlElement('p')
        1 * visitor.onStartHtmlElementComplete('p')
        1 * visitor.onEndHtmlElement('end')
        1 * visitor.onEnd()
        0 * visitor._
    }

OPA is a lightweight general-purpose policy engine that can be co-located with MinIO server, in this document we talk about how to use OPA HTTP API to authorize requests. It can be used with any type of credentials (STS based like OpenID or LDAP, regular IAM users or service accounts).

OPA is enabled through MinIO's Access Management Plugin feature.

## Get started

### 1. Start OPA in a container

```sh
podman run -it \
    --name opa \

pkg math/bits (netbsd-arm64), const UintSize = 64
pkg math/bits (netbsd-arm64-cgo), const UintSize = 64
pkg math/bits (openbsd-386), const UintSize = 32
pkg math/bits (openbsd-386-cgo), const UintSize = 32
pkg math/bits (openbsd-amd64), const UintSize = 64
pkg math/bits (openbsd-amd64-cgo), const UintSize = 64
pkg math/bits (windows-386), const UintSize = 32
pkg math/bits (windows-amd64), const UintSize = 64

//go:build !windows && !darwin && !openbsd && !plan9
// +build !windows,!darwin,!openbsd,!plan9

// Copyright (c) 2015-2023 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//

   * {@link java.util.Collections#checkedCollection(java.util.Collection, Class)} can suppress it
   * with {@code FeatureSpecificTestSuiteBuilder.suppressing()} until <a
   * href="https://bugs.openjdk.org/browse/JDK-6409434">JDK-6409434</a> is fixed. It's unclear
   * whether nulls were to be permitted or forbidden, but presumably the eventual fix will be to

   * {@link java.util.Collections#checkedCollection(java.util.Collection, Class)} can suppress it
   * with {@code FeatureSpecificTestSuiteBuilder.suppressing()} until <a
   * href="https://bugs.openjdk.org/browse/JDK-6409434">JDK-6409434</a> is fixed. It's unclear
   * whether nulls were to be permitted or forbidden, but presumably the eventual fix will be to

# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex

# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#