Skip to content
Permalink
Browse files
fix: remove 1 hour limit for impersonated token (#490)
Cloud IAM now supports extended 12h lifespan for access token.
  • Loading branch information
shinfan committed Oct 15, 2020
1 parent 1a10a4a commit 927e3d5598e2d2b06512b27f4210994c65b26f59
@@ -218,9 +218,6 @@ private ImpersonatedCredentials(Builder builder) {
if (this.scopes == null) {
throw new IllegalStateException(SCOPE_EMPTY_ERROR);
}
if (this.lifetime > ONE_HOUR_IN_SECONDS) {
throw new IllegalStateException(LIFETIME_EXCEEDED_ERROR);
}
}

@Override
@@ -110,7 +110,6 @@ public class ImpersonatedCredentialsTest extends BaseSerializationTest {
Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only");
private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
private static final int VALID_LIFETIME = 300;
private static final int INVALID_LIFETIME = 3800;
private static JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();

private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'";
@@ -198,24 +197,6 @@ public void refreshAccessToken_malformedTarget() throws IOException {
}
}

@Test()
public void credential_with_invalid_lifetime() throws IOException, IllegalStateException {

GoogleCredentials sourceCredentials = getSourceCredentials();
try {
ImpersonatedCredentials targetCredentials =
ImpersonatedCredentials.create(
sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, INVALID_LIFETIME);
targetCredentials.refreshAccessToken().getTokenValue();
fail(
String.format(
"Should throw exception with message containing '%s'",
"lifetime must be less than or equal to 3600"));
} catch (IllegalStateException expected) {
assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 3600"));
}
}

@Test()
public void credential_with_invalid_scope() throws IOException, IllegalStateException {

0 comments on commit 927e3d5

Please sign in to comment.