return [pet1, pet2]


client = TestClient(app)


def test_filter_top_level_model():
    response = client.post(
        "/users", json={"email": "******@****.***", "password": "secret"}
    )
    assert response.json() == {"email": "******@****.***"}


def test_filter_second_level_model():
    response = client.get("/pets/1")
    assert response.json() == {
        "name": "Nibbler",

 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.admin;

import org.codelibs.fess.annotation.Secured;
import org.codelibs.fess.app.web.admin.accesstoken.AdminAccesstokenAction;
import org.codelibs.fess.app.web.admin.backup.AdminBackupAction;
import org.codelibs.fess.app.web.admin.badword.AdminBadwordAction;

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://10.96.0.1:443
  name: local
contexts:
- context:
    cluster: local
    user: istio-cni
  name: istio-cni-context
current-context: istio-cni-context
kind: Config
preferences: {}
users:
- name: istio-cni
  user:

👆 🔜 👀 👩‍💻 🔢 💖:

<img src="/img/tutorial/security/image07.png">

✔ 🈸 🎏 🌌 ⏭.

⚙️ 🎓:

🆔: `johndoe`
🔐: `secret`

/// check

👀 👈 🕳 📟 🔢 🔐 "`secret`", 👥 🕴 ✔️ #️⃣ ⏬.

///

<img src="/img/tutorial/security/image08.png">

🤙 🔗 `/users/me/`, 👆 🔜 🤚 📨:

```JSON
{
  "username": "johndoe",

У Pydantic-моделей есть метод `.dict()`, который возвращает `dict` с данными модели.

Поэтому, если мы создадим Pydantic-объект `user_in` таким способом:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

и затем вызовем:

```Python
user_dict = user_in.dict()
```

* O **modelo de saída** não deve ter uma senha.
* O **modelo de banco de dados** provavelmente precisaria ter uma senha criptografada.

/// danger

Nunca armazene senhas em texto simples dos usuários. Sempre armazene uma "hash segura" que você pode verificar depois.

Se não souber, você aprenderá o que é uma "senha hash" nos [capítulos de segurança](security/simple-oauth2.md#password-hashing){.internal-link target=_blank}.

///

			wantException:  true, // "istioctl proxy-config bootstrap invalid" should fail
		},
		{ // secret invalid
			args:           strings.Split("secret invalid", " "),
			expectedString: "unable to retrieve Pod: pods \"invalid\" not found",
			wantException:  true, // "istioctl proxy-config secret invalid" should fail
		},
		{ // endpoint invalid
			args:           strings.Split("endpoint invalid", " "),

	type: TYPE # valid values are "minio"
	bucket: BUCKET
	prefix: PREFIX
	# NOTE: if source is remote then target must be "local"
	# endpoint: ENDPOINT
	# credentials:
	#   accessKey: ACCESS-KEY
	#   secretKey: SECRET-KEY
	#   sessionToken: SESSION-TOKEN # Available when rotating credentials are used

  # target where the objects must be replicated
  target:
	type: TYPE # valid values are "minio"
	bucket: BUCKET
	prefix: PREFIX

Pydantic-Modelle haben eine `.dict()`-Methode, die ein `dict` mit den Daten des Modells zurückgibt.

Wenn wir also ein Pydantic-Objekt `user_in` erstellen, etwa so:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

und wir rufen seine `.dict()`-Methode auf:

```Python
user_dict = user_in.dict()
```

	}

	sKey, err := GlobalKMS.MAC(GlobalContext, &kms.MACRequest{Message: []byte("root secret key")})
	if err != nil {
		// Here, we must have permission. Otherwise, we would have failed earlier.
		logger.Fatal(err, "Unable to generate root secret key using KMS")
	}

	accessKey, err := auth.GenerateAccessKey(20, bytes.NewReader(aKey))
	if err != nil {