}
  }

  @Benchmark
  public boolean timeFindCaller(int reps) {
    return timeFindCaller(reps, recursionCount);
  }

  private boolean timeFindCaller(int reps, int recurse) {
    return recurse > 0 ? timeFindCaller(reps, recurse - 1) : mode.timeIt(reps, breakAt);
  }

    }
  }

  @Benchmark
  public boolean timeFindCaller(int reps) {
    return timeFindCaller(reps, recursionCount);
  }

  private boolean timeFindCaller(int reps, int recurse) {
    return recurse > 0 ? timeFindCaller(reps, recurse - 1) : mode.timeIt(reps, breakAt);
  }

	}
	for _, secret := range secretDump.DynamicActiveSecrets {
		// check the ROOTCA from secret dump
		if secret.Name == "ROOTCA" {
			var returnStr string
			var returnErr error
			strCA, err := c.configDump.GetRootCAFromSecretConfigDump(secret.GetSecret())
			if err != nil {
				returnStr = ""
				returnErr = fmt.Errorf("can not dump ROOTCA from secret: %v", err)
			} else {
				returnStr = strCA

    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200
    assert response.json() == {
        "grant_type": "password",
        "username": "johndoe",
        "password": "secret",
        "scopes": [],
        "client_id": None,
        "client_secret": None,
    }

	return saName + "-istio-remote-secret-token"
}

func secretReferencesServiceAccount(serviceAccount *v1.ServiceAccount, secret *v1.Secret) error {
	if secret.Type != v1.SecretTypeServiceAccountToken ||
		secret.Annotations[v1.ServiceAccountNameKey] != serviceAccount.Name {
		return fmt.Errorf("secret %s/%s does not reference ServiceAccount %s",
			secret.Namespace, secret.Name, serviceAccount.Name)
	}
	return nil
}

        "/items/", headers={"X-Token": "fake-super-secret-token", "X-Key": "invalid"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Key header invalid"}


@needs_py39
def test_get_valid_headers(client: TestClient):
    response = client.get(
        "/items/",
        headers={
            "X-Token": "fake-super-secret-token",
            "X-Key": "fake-super-secret-key",

            sources:
              - configMap:
                  name: {{ template "minio.fullname" . }}
              - secret:
                  name: {{ template "minio.secretName" . }}
              {{- range (concat .Values.users (default (list) .Values.svcaccts)) }}
              {{- if .existingSecret }}
              - secret:
                  name: {{ tpl .existingSecret $ }}
                  items:

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2023-05-15T01:32:52.262Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {

		expected   []string
		unexpected []string
	}{
		{
			name:       "test tabular output with no secret items is equivalent to the header",
			format:     TABULAR,
			items:      []SecretItem{},
			expected:   []string{},
			unexpected: secretItemColumns,
		},
		{
			name:   "test tabular output with a single secret item",
			format: TABULAR,
			items: []SecretItem{
				{
					Name:        "olinger",

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2024-10-25T13:26:36.591Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {