| Params        | Value                                          |
| :--           | :--                                            |

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         ClaimName,
			Description: `JWT canned policy claim name` + defaultHelpPostfix(ClaimName),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         Scopes,

if [[ -n "$TFCI_BUILD_PIP_PACKAGE_ADDITIONAL_WHEEL_NAMES" ]]; then
  # Re-build the wheel with the same config, but with different name(s), if any.
  # This is done after the rename_and_verify_wheel.sh run above, not to have
  # to contend with extra wheels there.
  for wheel_name in ${TFCI_BUILD_PIP_PACKAGE_ADDITIONAL_WHEEL_NAMES}; do
    echo "Building for additional WHEEL_NAME: ${wheel_name}"
    CURRENT_WHEEL_NAME_ARG="--repo_env=WHEEL_NAME=${wheel_name}"

client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"

import java.util.concurrent.TimeUnit
import kotlin.test.assertFailsWith
import mockwebserver3.MockResponse
import mockwebserver3.MockWebServer
import mockwebserver3.junit5.StartStop
import okhttp3.CallEvent.CallEnd
import okhttp3.CallEvent.CallStart
import okhttp3.CallEvent.ConnectEnd
import okhttp3.CallEvent.ConnectStart
import okhttp3.CallEvent.ConnectionAcquired
import okhttp3.CallEvent.ConnectionReleased

  }

  data class CallStart(
    override val timestampNs: Long,
    override val call: Call,
  ) : CallEvent()

  data class CallEnd(
    override val timestampNs: Long,
    override val call: Call,
  ) : CallEvent() {
    override fun closes(event: CallEvent): Boolean = event is CallStart && call == event.call
  }

  data class CallFailed(

    }

    override fun secureConnectEnd(
      call: Call,
      handshake: Handshake?,
    ) {
      logger.removeHandler(loggerHandler)
    }

    override fun callEnd(call: Call) {
      // Cleanup log handler if failed.
      logger.removeHandler(loggerHandler)
    }

    override fun connectionAcquired(
      call: Call,
      connection: Connection,
    ) {

| policy     | _string_       | Canned policy name to be applied for STS credentials. (Recommended)                                                                                                                     |

  - SSE (Server Side Encryption)
  - Replication (Server Side Replication)

## Prerequisites

- It is assumed you have users created and configured with relevant access policies, to start with
  use basic "readwrite" canned policy to test all the operations before you finalize on what level
  of restrictions are needed for a user.

- No "admin:*" operations are needed for FTP/SFTP access to the bucket(s) and object(s), so you may

// error returned in IAM subsystem when a group is disabled
var errGroupDisabled = errors.New("Specified group is disabled")

// error returned in IAM subsystem when policy doesn't exist.
var errNoSuchPolicy = errors.New("Specified canned policy does not exist")

// error returned when policy to be deleted is in use.
var errPolicyInUse = errors.New("Specified policy is in use and cannot be deleted.")