### SIG CLI

* You can now use the `base64decode` function in kubectl go templates to decode base64-encoded data, such as `kubectl get secret SECRET -o go-template='{{ .data.KEY | base64decode }}'`. ([#60755](https://github.com/kubernetes/kubernetes/pull/60755), [@glb](https://github.com/glb))

* Use the mounted "/var/run/secrets/kubernetes.io/serviceaccount/token" as the token file for running in-cluster based e2e testing. ([#69273](https://github.com/kubernetes/kubernetes/pull/69273), [@dims](https://github.com/dims))

///

## Manejo de tokens JWT

Importa los módulos instalados.

Crea una clave secreta aleatoria que se usará para firmar los tokens JWT.

Para generar una clave secreta segura al azar usa el comando:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

		if cred.ParentUser != globalActiveCred.AccessKey || cred.IsTemp() {
			secret = nsecret
		}
	}
	if cred.IsServiceAccount() {
		token = cred.SessionToken
		secret = cred.SecretKey
	}

	if token != "" {
		claims, err := getClaimsFromTokenWithSecret(token, secret)
		if err != nil {
			return nil, toAPIErrorCode(r.Context(), err)
		}
		return claims.Map(), ErrNone
	}

	claims := xjwt.NewMapClaims()

///

## Manipular tokens JWT

Importe os módulos instalados.

Crie uma chave secreta aleatória que será usada para assinar os tokens JWT.

Para gerar uma chave secreta aleatória e segura, use o comando:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7

```JSON
{
  "detail": "Not authenticated"
}
```

### 🔕 👩‍💻

🔜 🔄 ⏮️ 🔕 👩‍💻, 🔓 ⏮️:

👩‍💻: `alice`

🔐: `secret2`

& 🔄 ⚙️ 🛠️ `GET` ⏮️ ➡ `/users/me`.

👆 🔜 🤚 "🔕 👩‍💻" ❌, 💖:

```JSON
{
  "detail": "Inactive user"
}
```

## 🌃

```JSON
{
  "detail": "Not authenticated"
}
```

### Inaktiver Benutzer

Versuchen Sie es nun mit einem inaktiven Benutzer und authentisieren Sie sich mit:

Benutzer: `alice`.

Passwort: `secret2`.

Und versuchen Sie, die Operation `GET` mit dem Pfad `/users/me` zu verwenden.

Sie erhalten die Fehlermeldung „Inactive user“:

```JSON
{
  "detail": "Inactive user"
}
```

```JSON
{
  "detail": "Not authenticated"
}
```

### Usuario inactivo

Ahora prueba con un usuario inactivo, autentícate con:

Usuario: `alice`

Contraseña: `secret2`

Y trata de usar la operación `GET` con la path `/users/me`.

Obtendrás un error de "Usuario inactivo", como:

```JSON
{
  "detail": "Inactive user"
}
```

## Recapitulación

```JSON
{
  "detail": "Not authenticated"
}
```

### Inactive user { #inactive-user }

Now try with an inactive user, authenticate with:

User: `alice`

Password: `secret2`

And try to use the operation `GET` with the path `/users/me`.

You will get an "Inactive user" error, like:

```JSON
{
  "detail": "Inactive user"
}
```

## Recap { #recap }

- Reverts breaking change to inline AzureFile volumes in v1.18.15-v1.18.17; referenced secrets are now correctly searched for in the same namespace as the pod as in previous releases. ([#100397](https://github.com/kubernetes/kubernetes/pull/100397), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]