./mc cp /etc/hosts myminio/test-bucket

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json

            return
          }

          // https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
          // https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
          // https://stackoverflow.com/questions/36240279/how-do-i-extract-the-pre-master-secret-using-an-openssl-based-client

          // TLSv1.2 Events
          // Produced ClientHello handshake message

        with:
          role-to-assume: arn:aws:iam::992382829881:role/GHASecrets_gradle_all
          secret-ids: |
            ORG_TEAM_GITHUB_ACCESS_TOKEN, gha/gradle/_all/ORG_TEAM_GITHUB_ACCESS_TOKEN

      - uses: actions/checkout@v6

      - name: GitHub CODEOWNERS Validator

	// The identifiers for the temporary security credentials that the operation
	// returns.
	AssumedRoleUser AssumedRoleUser `xml:",omitempty"`

	// The temporary security credentials, which include an access key ID, a secret
	// access key, and a security (or session) token.
	//
	// Note: The size of the security token that STS APIs return is not fixed. We
	// strongly recommend that you make no assumptions about the maximum size. As

	}

	if target == "" {
		target = Default
	}

	if redactSecrets {
		// If the configuration parameter is a secret, make sure to redact it when
		// we return.
		helpKV, _ := HelpSubSysMap[subSys].Lookup(cfgParam)
		if helpKV.Secret {
			defer func() {
				value = ""
				isRedacted = true
			}()
		}
	}

	envVar := getEnvVarName(subSys, target, cfgParam)

#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
  - id: example-app
    redirectURIs:
      - 'http://localhost:8080/oauth2/callback'
    name: 'Example App'
    secret: ZXhhbXBsZS1hcHAtc2VjcmV0

connectors:
  - type: mockCallback
    id: mock
    name: Example

# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true

 * and 5.x clients.</p>
 *
 * <p>Example usage:</p>
 * <pre>{@code
 * CredentialsConfig config = new CredentialsConfig();
 * config.setUsername("user");
 * config.setPassword("secret");
 *
 * // For NTLM authentication
 * config.setType(CredentialsType.NTLM);
 * config.setDomain("MYDOMAIN");
 * config.setWorkstation("MYWORKSTATION");
 * }</pre>
 */
public class CredentialsConfig {

          export VAULT_TOKEN
          export eql_test_credentials_file="$(pwd)/x-pack/plugin/eql/qa/correctness/credentials.gcs.json"
          vault read -field=credentials.gcs.json secret/elasticsearch-ci/eql_test_credentials > ${eql_test_credentials_file}
          unset VAULT_TOKEN
          set -x

```
kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
# optionally, remove the old secret
kubectl delete secret --namespace=federation federation-apiserver-secret
```

	if !compareSignatureV2(v2Auth, expectedAuth) {
		return ErrSignatureDoesNotMatch
	}
	return ErrNone
}

func calculateSignatureV2(stringToSign string, secret string) string {
	hm := hmac.New(sha1.New, []byte(secret))
	hm.Write([]byte(stringToSign))
	return base64.StdEncoding.EncodeToString(hm.Sum(nil))
}

// Return signature-v2 for the presigned request.