Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: expiration time of the ImpersonatedCredentials token depending on the current host's timezone #932

Merged
merged 10 commits into from
Aug 2, 2022
Merged

fix: expiration time of the ImpersonatedCredentials token depending on the current host's timezone #932

merged 10 commits into from
Aug 2, 2022
+102 −3

Conversation

ivan-f-n
Copy link
Contributor

Fix bug in ImpersonatedCredentials class where the date received as expirationTime was being incorrectly parsed, assuming the date was in the host's timezone instead of reading from the date string what timezone it was.

Fixes #931 ☕️

@ivan-f-n ivan-f-n requested a review from a team as a code owner June 23, 2022 10:45
@conventional-commit-lint-gcf
Copy link

conventional-commit-lint-gcf bot commented Jun 23, 2022
edited
Loading

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@google-cla
Copy link

google-cla bot commented Jun 23, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Jun 23, 2022
@ivan-f-n ivan-f-n changed the title Fix expiration time of the ImpersonatedCredentials token depending on the current host's timezone fix: expiration time of the ImpersonatedCredentials token depending on the current host's timezone Jun 23, 2022
@TimurSadykov
Copy link
Contributor

@lsirac can't you please take a look, possibly something applicable to other languages

@ivan-f-n ivan-f-n force-pushed the impersonated-creds-date-parsing branch from be67ac7 to 43aede8 Compare June 27, 2022 09:09
@lsirac
Copy link
Contributor

lsirac commented Jun 27, 2022

@aeitzman

aeitzman
aeitzman reviewed Jun 29, 2022
View reviewed changes
oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java

mockTransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
mockTransportFactory.transport.setAccessToken(ACCESS_TOKEN);
mockTransportFactory.transport.setExpireTime(getFormattedTime(c.getTime()));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this just be getDefaultExpireTime() now since the time zone isn't get set differently?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can't because we need the exact Date instance used to generate the date string to later assert it was parsed correctly

aeitzman
aeitzman approved these changes Jun 30, 2022
View reviewed changes
Copy link
Contributor

@aeitzman aeitzman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

TimurSadykov
TimurSadykov suggested changes Jul 14, 2022
View reviewed changes
Copy link
Contributor

@TimurSadykov TimurSadykov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credential should stay immutable

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java Outdated
@@ -110,6 +111,8 @@ public class ImpersonatedCredentials extends GoogleCredentials

private transient HttpTransportFactory transportFactory;

@VisibleForTesting transient Calendar calendar = Calendar.getInstance();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be private and implemented via builder.

Maybe you can use the same approach as custom lifetime in ServiceAccountCredentials:

google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

Line 666 in c21ec6c

public ServiceAccountCredentials createWithCustomLifetime(int lifetime) {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

@ivan-f-n ivan-f-n force-pushed the impersonated-creds-date-parsing branch from 93c9f85 to a3a3138 Compare July 14, 2022 11:16
@product-auto-label product-auto-label bot added size: xl Pull request size is extra large. and removed size: m Pull request size is medium. labels Jul 14, 2022
@generated-files-bot
Copy link

Warning: This pull request is touching the following templated files:

  • .kokoro/common.sh
  • .kokoro/release/stage.sh

ivan-f-n and others added 8 commits July 14, 2022 13:43
@ivan-f-n
fix: refreshAccessToken method of ImpersonatedCredentials class now o…
50d3a5c 
…btains the given expiration time date's timezone correctly instead of using local timezone
@ivan-f-n
Fix bug in ImpersonatedCredentials class where the date received as e…
8ad0f77 
…xpirationTime was being incorrectly parsed, assuming the date was in the default JVM timezone instead of reading from the date string what timezone it was.
@ivan-f-n
fix: formatting
bafd0ac
@lsirac @ivan-f-n
Merge branch 'main' into impersonated-creds-date-parsing
d85d431
@ivan-f-n
test: tests now change the timezone of the calendar used when parsing…
3576e93 
… the date instead of returning dates in different timezones

Expose to tests the calendar object used by the SimpleDateFormat object of the refreshAccessToken method in the ImpersonatedCredentials class
That way we stop relying on returning dates in different timezones in the expireTime returned by the mockTransportFactory
@ivan-f-n
chore: remove unnecessary method and add blank line between setup and…
4e12ce8 
… asserts
@lsirac @ivan-f-n
Merge branch 'main' into impersonated-creds-date-parsing
5a6937c
@ivan-f-n
fix: make calendar field private and modify it through builder
62d7b08
@ivan-f-n ivan-f-n force-pushed the impersonated-creds-date-parsing branch from a3a3138 to 62d7b08 Compare July 14, 2022 11:44
@product-auto-label product-auto-label bot added size: m Pull request size is medium. and removed size: xl Pull request size is extra large. labels Jul 14, 2022
TimurSadykov
TimurSadykov approved these changes Jul 21, 2022
View reviewed changes
Copy link
Contributor

@TimurSadykov TimurSadykov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@TimurSadykov
Copy link
Contributor

@ivan-f-n thanks for your contribution, please also sign Google cla, it is a quick process: https://cla.developers.google.com/

@ivan-f-n
Copy link
Contributor Author

@ivan-f-n thanks for your contribution, please also sign Google cla, it is a quick process: https://cla.developers.google.com/

Hi @TimurSadykov, the CLA is currently being sorted out by my company, should have an update later this week. Thanks for the patience! 🙏

@ivan-f-n ivan-f-n requested a review from a team as a code owner July 27, 2022 07:21
@ivan-f-n
Copy link
Contributor Author

ivan-f-n commented Aug 1, 2022

Hello @lsirac, @TimurSadykov
The CLA has finally been sorted out, sorry for the delay, could we move forward with this PR?

@lsirac
Merge branch 'main' into impersonated-creds-date-parsing

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
76aa904
TimurSadykov
TimurSadykov approved these changes Aug 2, 2022
View reviewed changes
Copy link
Contributor

@TimurSadykov TimurSadykov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@TimurSadykov TimurSadykov added kokoro:force-run Add this label to force Kokoro to re-run the tests. automerge Merge the pull request once unit tests and other checks pass. labels Aug 2, 2022
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 2, 2022
@gcf-merge-on-green gcf-merge-on-green bot merged commit 73af08a into googleapis:main Aug 2, 2022
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge Merge the pull request once unit tests and other checks pass. label Aug 2, 2022
@release-please release-please bot mentioned this pull request Aug 2, 2022
Merged
@release-please release-please bot mentioned this pull request Aug 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimurSadykov TimurSadykov

@aeitzman aeitzman

@lsirac lsirac

Assignees
No one assigned
Labels
size: m Pull request size is medium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OAuth2: Expiration time of the ImpersonatedCredentials token depends on the current host's timezone
5 participants
@ivan-f-n @TimurSadykov @lsirac @aeitzman @kokoro-team