},
                        "loadBalancingWeight": 1
                    }
                ],
                "loadBalancingWeight": 1
            }
        ],
        "policy": {
            "overprovisioningFactor": 140
        }
    },
    {
        "clusterName": "outbound|80||skywalking-ui.skywalking.svc.cluster.local",
        "endpoints": [
            {

      metadata:
        filterMetadata:
          istio:
            workload: istio-ingressgateway;istio-system;istio-ingressgateway;latest;Kubernetes
    loadBalancingWeight: 1
    locality: {}
  policy:
    overprovisioningFactor: 140
- clusterName: outbound|80||skywalking-ui.skywalking.svc.cluster.local
  endpoints:
  - lbEndpoints:
    - endpoint:
        address:
          socketAddress:

client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

In case of certificate-based authentication, MinIO has to map the client-provided certificate to an S3 policy. MinIO does this via the subject common name field of the X.509 certificate. So, MinIO will associate a certificate with a subject `CN = foobar` to a S3 policy named `foobar`.

roleArn":"arn:minio:iam:::role/nOybJqMNzNmroqEKq5D0","sa-policy":"inherited-policy","sub":"Cit1aWQ9ZGlsbG9uLG91"},"sessionPolicy":null,"status":"on","name":"","description":"","expiration":"1970-01-01T00:00:00Z"},"dillon-svcacct-1":{"parent":"oCnAoSQFtdVQtKwrB73j","accessKey":"dillon-svcacct-1","secretKey":"dillon-svcacct-1","groups":null,"claims":{"accessKey":"dillon-svcacct-1","parent":"oCnAoSQFtdVQtKwrB73j","sa-policy":"embedded-policy","sessionPolicy":"eyJWZXJzaW9uIjoiIiwi==","sessionPolicy-...

@Deprecated
class DefaultGraphConflictResolutionPolicyTest {
    GraphConflictResolutionPolicy policy;
    MetadataGraphEdge e1;
    MetadataGraphEdge e2;
    MetadataGraphEdge e3;

    // ------------------------------------------------------------------------------------------
    @BeforeEach
    void setUp() throws Exception {
        policy = new DefaultGraphConflictResolutionPolicy();

  // as pods that have status.conditions item with type="Ready",status="True".
  //
  // Valid policies are IfHealthyBudget and AlwaysAllow.
  // If no policy is specified, the default behavior will be used,
  // which corresponds to the IfHealthyBudget policy.
  //
  // IfHealthyBudget policy means that running pods (status.phase="Running"),
  // but not yet healthy can be evicted only if the guarded application is not

mc admin policy create myminio/ deny-non-sse-kms-pol ./docs/iam/policies/deny-non-sse-kms-objects.json
mc admin policy create myminio/ deny-invalid-sse-kms-pol ./docs/iam/policies/deny-objects-with-invalid-sse-kms-key-id.json

mc admin policy attach myminio deny-non-sse-kms-pol --user minio123
mc admin policy attach myminio deny-invalid-sse-kms-pol --user minio123
mc admin policy attach myminio consoleAdmin --user minio123

  fun evictAll() {
    delegate.evictAll()
  }

  /**
   * Sets a policy that applies to [address].
   * Overwrites any existing policy for that address.
   */
  @ExperimentalOkHttpApi
  fun setPolicy(
    address: Address,
    policy: AddressPolicy,
  ) {
    delegate.setPolicy(address, policy)
  }

  /**
   * A policy for how the pool should treat a specific address.
   */
  class AddressPolicy(