`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already ### Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

`buckets[].policy` - can be one of none|download|upload|public - `buckets[].purge` - purge if bucket exists already 33# Create policies after install Install the chart, specifying the policies you want to create after install: ```bash helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio ``` Description of the configuration parameters used above...

      - presence: {}
- rules:
  - matches:
    - notDestinationPorts:
      - 9090
name: converted_peer_authentication_strict-and-permissive-mtls
scope: WORKLOAD_SELECTOR
```

### List of Amazon S3 Bucket API's not supported on MinIO

- BucketACL (Use [bucket policies](https://min.io/docs/minio/linux/administration/identity-access-management/policy-based-access-control.html) instead)
- BucketCORS (CORS enabled by default on all buckets for all HTTP verbs, you can optionally restrict the CORS domains)

	Rules     [][][]*PolicyMatch `json:"rules"`
}

type ZtunnelDump struct {
	Workloads     []*ZtunnelWorkload       `json:"workloads"`
	Services      []*ZtunnelService        `json:"services"`
	Policies      []*ZtunnelPolicy         `json:"policies"`
	Certificates  []*CertsDump             `json:"certificates"`
	WorkloadState map[string]WorkloadState `json:"workloadState"`
}

type CertsDump struct {
	Identity  string  `json:"identity"`

	}

	time.Sleep(4 * time.Second)

	policies, err := globalIAMSys.PolicyDBGet(ucreds.AccessKey)
	if err != nil {
		t.Fatalf("unable to get policy to credential, %s", err)
	}

	if len(policies) == 0 {
		t.Fatal("no policies found")
	}

	if policies[0] != "consoleAdmin" {
		t.Fatalf("expected 'consoleAdmin', %s", policies[0])
	}
}

- Creation and deletion of buckets and objects
- Creation and deletion of all IAM users, groups, policies and their mappings to users or groups
- Creation of STS credentials
- Creation and deletion of service accounts (except those owned by the root user)
- Changes to Bucket features such as:
  - Bucket Policies
  - Bucket Tags
  - Bucket Object-Lock configurations (including retention and legal hold configuration)

		Use:   "policy",
		Short: "Retrieves policies for the specified Ztunnel pod.",
		Long:  `Retrieve information about policies for the Ztunnel instance.`,
		Example: `  # Retrieve summary about policy configuration for a randomly chosen ztunnel.
  istioctl ztunnel-config policies

  # Retrieve full policy dump of workloads for a given Ztunnel instance.
  istioctl ztunnel-config policies <ztunnel-name[.namespace]> -o json
`,