Skip to content
Permalink
Browse files
fix: use default timeout if given 0 for ImpersonatedCredentials (#527)
* fix: use default timeout if given 0 for ImpersonatedCredentials

* update
  • Loading branch information
arithmetic1728 committed Dec 31, 2020
1 parent 1b98d5c commit ec74870c372a33d4157b45bb5d59ad7464fb2238
@@ -91,6 +91,7 @@ public class ImpersonatedCredentials extends GoogleCredentials
private static final long serialVersionUID = -2133257318957488431L;
private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private static final int TWELVE_HOURS_IN_SECONDS = 43200;
private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
private static final String CLOUD_PLATFORM_SCOPE =
"https://www.googleapis.com/auth/cloud-platform";
private static final String IAM_ACCESS_TOKEN_ENDPOINT =
@@ -120,7 +121,8 @@ public class ImpersonatedCredentials extends GoogleCredentials
* value should be at most 3600. However, you can follow <a
* href='https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-oauth'>these
* instructions</a> to set up the service account and extend the maximum lifetime to 43200 (12
* hours).
* hours). If the given lifetime is 0, default value 3600 will be used instead when creating
* the credentials.
* @param transportFactory HTTP transport factory that creates the transport used to get access
* tokens
* @return new credentials
@@ -159,6 +161,8 @@ public static ImpersonatedCredentials create(
* instructions</a> to set up the service account and extend the maximum lifetime to 43200 (12
* hours).
* https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-oauth
* If the given lifetime is 0, default value 3600 will be used instead when creating the
* credentials.
* @return new credentials
*/
public static ImpersonatedCredentials create(
@@ -186,6 +190,10 @@ public String getAccount() {
return this.targetPrincipal;
}

int getLifetime() {
return this.lifetime;
}

/**
* Signs the provided bytes using the private key associated with the impersonated service account
*
@@ -355,7 +363,7 @@ public static class Builder extends GoogleCredentials.Builder {
private String targetPrincipal;
private List<String> delegates;
private List<String> scopes;
private int lifetime;
private int lifetime = DEFAULT_LIFETIME_IN_SECONDS;
private HttpTransportFactory transportFactory;

protected Builder() {}
@@ -402,7 +410,7 @@ public List<String> getScopes() {
}

public Builder setLifetime(int lifetime) {
this.lifetime = lifetime;
this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime;
return this;
}

@@ -198,6 +198,15 @@ public void refreshAccessToken_malformedTarget() throws IOException {
}
}

@Test()
public void credential_with_zero_lifetime() throws IOException, IllegalStateException {
GoogleCredentials sourceCredentials = getSourceCredentials();
ImpersonatedCredentials targetCredentials =
ImpersonatedCredentials.create(
sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, 0);
assertEquals(3600, targetCredentials.getLifetime());
}

@Test()
public void credential_with_invalid_lifetime() throws IOException, IllegalStateException {

0 comments on commit ec74870

Please sign in to comment.