}


    SmbFileOutputStream ( SmbFile file, boolean append, int openFlags, int access, int sharing ) throws SmbException {
        this.file = file;
        this.append = append;
        this.openFlags = openFlags;
        this.sharing = sharing;
        this.access = access | SmbConstants.FILE_WRITE_DATA;

        try ( SmbTreeHandleImpl th = file.ensureTreeConnected() ) {

application/access             mdf              # Microsoft Access
#application/excel              xls              # Microsoft Excel
application/vnd.ms-excel       xls              # Microsoft Excel
application/font-tdpfr         pfr              # TrueDoc Portable Font Resource
application/futuresplash       spl              # Macromedia Flash
application/hep                hep              # Hummingbird Host Explorer Profiles

		valid       bool
		expectedErr error
	}{
		// Valid access and secret keys with minimum length.
		{alphaNumericTable[:accessKeyMinLen], alphaNumericTable[:secretKeyMinLen], true, nil},
		// Valid access and/or secret keys are longer than minimum length.
		{alphaNumericTable[:accessKeyMinLen+1], alphaNumericTable[:secretKeyMinLen+1], true, nil},
		// Smaller access key.

		c.Fatalf("bucket creat error: %v", err)
	}

	// 2. Create a user, associate policy and verify access
	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}
	// 2.1 check that user does not have any access to the bucket
	uClient := s.getUserClient(c, accessKey, secretKey, "")

OPA is enabled through MinIO's Access Management Plugin feature.

## Get started

### 1. Start OPA in a container

```sh
podman run -it \
    --name opa \
    --publish 8181:8181 \
    docker.io/openpolicyagent/opa:0.40.0-rootless \

  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ##
  #loadBalancerSourceRanges:
  #   - 10.10.10.0/24
  loadBalancerSourceRanges: []

  ## service.externalTrafficPolicy minio service external traffic policy

    /**
     * Opens the file for random access
     * 
     * @param mode
     *            access mode (r|rw)
     * @param sharing
     *            flags indicating for which operations others may concurrently open the file
     * @return random access file, needs to be closed when finished
     * @throws CIFSException
     * 
     */

var errVolumeNotEmpty = StorageErr("volume is not empty")

// errVolumeAccessDenied - cannot access volume, insufficient permissions.
var errVolumeAccessDenied = StorageErr("volume access denied")

// errFileAccessDenied - cannot access file, insufficient permissions.
var errFileAccessDenied = StorageErr("file access denied")

// errFileCorrupt - file has an unexpected size, or is not readable

		return nil, err
	}

	return clnt, nil
}

func main() {
	flag.StringVar(&sourceEndpoint, "source-endpoint", "https://play.min.io", "S3 endpoint URL")
	flag.StringVar(&sourceAccessKey, "source-access-key", "Q3AM3UQ867SPQQA43P2F", "S3 Access Key")
	flag.StringVar(&sourceSecretKey, "source-secret-key", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG", "S3 Secret Key")
	flag.StringVar(&sourceBucket, "source-bucket", "", "Select a specific bucket")

		`Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`,
	)

	ErrMissingEnvCredentialRootPassword = newErrFn(
		"Missing credential environment variable, \""+EnvRootPassword+"\"",
		"Environment variable \""+EnvRootPassword+"\" is missing",