"application/whoispp-query",
				"application/whoispp-response",
				"application/winhlp",
				"application/wita",
				"application/wordperfect5.1",
				"application/wsdl+xml",
				"application/wspolicy+xml",
				"application/x-123",
				"application/x-abiword",
				"application/x-ace-compressed",
				"application/x-axcrypt",
				"application/x-adobe-indesign",
				"application/x-adobe-indesign-interchange",

	return args
}

// PolicyToBucketAccessPolicy converts a MinIO policy into a minio-go policy data structure.
func PolicyToBucketAccessPolicy(bucketPolicy *policy.BucketPolicy) (*miniogopolicy.BucketAccessPolicy, error) {
	// Return empty BucketAccessPolicy for empty bucket policy.
	if bucketPolicy == nil {
		return &miniogopolicy.BucketAccessPolicy{Version: policy.DefaultVersion}, nil
	}

	data, err := json.Marshal(bucketPolicy)

	"github.com/minio/pkg/v3/policy"
	"github.com/minio/pkg/v3/policy/condition"
)

func getAnonReadOnlyBucketPolicy(bucketName string) *policy.BucketPolicy {
	return &policy.BucketPolicy{
		Version: policy.DefaultVersion,
		Statements: []policy.BPStatement{
			policy.NewBPStatement(
				"",
				policy.Allow,
				policy.NewPrincipal("*"),
				policy.NewActionSet(policy.GetBucketLocationAction, policy.ListBucketAction),

	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"
)

const (
	// As per AWS S3 specification, 20KiB policy JSON data is allowed.
	maxBucketPolicySize = 20 * humanize.KiByte

	// Policy configuration file.
	bucketPolicyConfig = "policy.json"
)

// PutBucketPolicyHandler - This HTTP handler stores given bucket policy configuration as per

  <mime-type type="application/wordperfect5.1"/>
  <mime-type type="application/wsdl+xml">
    <glob pattern="*.wsdl"/>
  </mime-type>
  <mime-type type="application/wspolicy+xml">
    <glob pattern="*.wspolicy"/>
  </mime-type>
  
  <mime-type type="image/x-tga">
     <alias type="image/x-targa"/>
     <!-- trailer bytes: 54 52 55 45 56 49 53 49 4F 4E 2D 58 46 49 4C 45 2E 00

	}

	return cfg, nil
}

// GetCSPolicy - Get the Content security Policy
func (browseCfg *Config) GetCSPolicy() string {
	configLock.RLock()
	defer configLock.RUnlock()
	return browseCfg.CSPPolicy
}

// GetHSTSSeconds - Get the Content security Policy
func (browseCfg *Config) GetHSTSSeconds() int {
	configLock.RLock()
	defer configLock.RUnlock()

```

To associate the policy with an LDAP user or group, use the full DN of the user or group:

```sh
mc idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
```

```sh
mc idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```

To remove a policy association, use the similar `detach` command:

```sh

	}

	// 4. Verify the policy appears in listing
	ps, err := s.adm.ListCannedPolicies(ctx)
	if err != nil {
		c.Fatalf("policy list err: %v", err)
	}
	_, ok := ps[policy]
	if !ok {
		c.Fatalf("policy was missing!")
	}

	// 5. Check that policy cannot be deleted when attached to a user.
	err = s.adm.RemoveCannedPolicy(ctx, policy)
	if err == nil {

   Matching subsets: 
      (Non-matching subsets v1)
   No Traffic Policy
VirtualService: bookinfo
   Route to host "productpage" with weight 30%
   Route to host "productpage2" with weight 20%
   Route to host "productpage3" with weight 50%
   Match: /prefix*
`,
		},
		// have traffic policy
		{
			k8sConfigs: []runtime.Object{
				&corev1.Service{
					ObjectMeta: metav1.ObjectMeta{

		c.Fatalf("Unable to detach user policy: %v", err)
	}

	_, err = ldapID.Retrieve()
	if err == nil {
		c.Fatalf("Expected to fail to create a user with no associated policy!")
	}

	// Set policy via group and validate policy assignment.
	groupDN := "cn=projectb,ou=groups,ou=swengg,dc=min,dc=io"
	groupReq := madmin.PolicyAssociationReq{
		Policies: []string{policy},
		Group:    groupDN,
	}