```JSON
{
  "detail": "Not authenticated"
}
```

### Usuário inativo

Agora tente com um usuário inativo, autentique-se com:

User: `alice`

Password: `secret2`

E tente usar a operação `GET` com o caminho `/users/me`.

Você receberá um erro "Usuário inativo", como:

```JSON
{
  "detail": "Inactive user"
}
```

## Recaptulando

	testServiceAccountName = "test-service-account"
)

func makeServiceAccount(secrets ...string) *v1.ServiceAccount {
	sa := &v1.ServiceAccount{
		ObjectMeta: metav1.ObjectMeta{
			Name:      testServiceAccountName,
			Namespace: testNamespace,
		},
	}

	for _, secret := range secrets {
		sa.Secrets = append(sa.Secrets, v1.ObjectReference{
			Name:      secret,
			Namespace: testNamespace,
		})
	}

	return sa
}

)

// printSecretItemsTabular prints the secret in table format
func (w *sdsWriter) printSecretItemsTabular(secrets []SecretItem) error {
	if len(secrets) == 0 {
		fmt.Fprintln(w.w, "No secret items to show.")
		return nil
	}
	var hasUnknownTrustDomain bool
	for _, secret := range secrets {
		if secret.SecretMeta.TrustDomain == "" {
			hasUnknownTrustDomain = true
			break
		}
	}

			return nil, fmt.Errorf("failed building warming secret %s: %v",
				activeSecret.Name, err)
		}
		for _, secret := range secrets {
			if activeSecret.VersionInfo == "uninitialized" {
				secret.State = "UNINITIALIZED"
			}
		}
		proxySecretItems = append(proxySecretItems, secrets...)
	}
	return proxySecretItems, nil
}

	secretConfigCmd := &cobra.Command{
		Use:   "secret [<type>/]<name>[.<namespace>]",
		Short: "Retrieves secret configuration for the Envoy in the specified pod",
		Long:  `Retrieve information about secret configuration for the Envoy instance in the specified pod.`,
		Example: `  # Retrieve full secret configuration for a given pod from Envoy.
  istioctl proxy-config secret <pod-name[.namespace]>

        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GCR
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCP_CREDS }}
      -
        name: Login to AR

        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          command: pages deploy ./site --project-name=${{ env.PROJECT_NAME }} --branch=${{ env.BRANCH }}
      - name: Comment Deploy
        run: python ./scripts/deploy_docs_status.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Use a dependency to check if the username and password are correct.

For this, use the Python standard module <a href="https://docs.python.org/3/library/secrets.html" class="external-link" target="_blank">`secrets`</a> to check the username and password.

`secrets.compare_digest()` needs to take `bytes` or a `str` that only contains ASCII characters (the ones in English), this means it wouldn't work with characters like `á`, as in `Sebastián`.

        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCP_CREDS }}
      -
        name: Login to AR
        # Once this is verified, change the label's name. For now, we will piggyback on gcr.io actions.

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2023-05-15T01:32:52.262Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {