Fix timestamp format for SSOCredentialFetcher

[nateprewitt]

The timestamp format for SSO credentials was originally intended to be an RFC 3339 style timestamp in UTC. Due to a typo in the original AssumeRole implementation, the timezone is being converted to UTC instead of a literal Z. We're going to correct the SSO implementation since the current timestamp is incompatible with the other AWS SDKs. The AssumeRole timestamp will be left unchanged for now to preserve as much backwards compatibility as possible.

Customers that are upgrading should have their timestamp format updated on their next login or credential refresh with SSO.

[codecov-io]

Codecov Report

Merging #2250 (0429522) into develop (96f9740) will decrease coverage by 0.39%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #2250      +/-   ##
===========================================
- Coverage    98.25%   97.86%   -0.40%     
===========================================
  Files           58       58              
  Lines        10857    10877      +20     
===========================================
- Hits         10668    10645      -23     
- Misses         189      232      +43     

Impacted Files	Coverage Δ
botocore/credentials.py	98.64% <100.00%> (+<0.01%)	⬆️
botocore/compat.py	72.15% <0.00%> (-22.16%)	⬇️
botocore/hooks.py	95.18% <0.00%> (-0.81%)	⬇️
botocore/waiter.py	98.24% <0.00%> (-0.44%)	⬇️
botocore/awsrequest.py	97.22% <0.00%> (-0.35%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 96f9740...0429522. Read the comment docs.

[benkehoe]

Technically, shouldn't _serialize_rfc3339_timestamp verify something like value.tzinfo == utc() before writing the zulu time format, and otherwise write it out with the offset from the tzinfo?

[miketheman]

Technically, shouldn't _serialize_rfc3339_timestamp verify something like value.tzinfo == utc() before writing the zulu time format, and otherwise write it out with the offset from the tzinfo?

It appears that the value being passed in is generated from a timestamp, and the tz is being set as utc.
So long as this remains a private function, and is called with a value set correctly, then it should be fine, but it is good defensive practice to validate, or at least document in the function's docstring.

[nateprewitt]

Agreed, we should add a docstring here for the private function so it's clear we're expecting the datetime to already be in UTC.

[kyleknap]

Thanks! 🚢