17785: Fixes ApiClientAuthorization.ExpiresAt type.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

diff --git a/lib/controller/federation.go b/lib/controller/federation.go
index cd69727ecb5d2fac27f2777905ad4ba0b5bd4ef7..e7d6e29b88c1f683f981a1ee5df2b53cf7c862af 100644 (file)
--- a/lib/controller/federation.go
+++ b/lib/controller/federation.go
@@ -214,10 +214,9 @@ VALUES ($1, $2, CURRENT_TIMESTAMP AT TIME ZONE 'UTC' + INTERVAL '2 weeks', $3,
        }
 
        return &arvados.APIClientAuthorization{
-               UUID:      uuid,
-               APIToken:  token,
-               ExpiresAt: "",
-               Scopes:    scopes}, nil
+               UUID:     uuid,
+               APIToken: token,
+               Scopes:   scopes}, nil
 }
 
 // Extract the auth token supplied in req, and replace it with a

diff --git a/lib/controller/federation_test.go b/lib/controller/federation_test.go
index eb398695bf0b1e369cdfdc9ca871a77128413b08..a3b198ffc9788bfeb53eb38daeecb66c82af6161 100644 (file)
--- a/lib/controller/federation_test.go
+++ b/lib/controller/federation_test.go
@@ -721,7 +721,7 @@ func (s *FederationSuite) TestCreateRemoteContainerRequestCheckRuntimeToken(c *c
        var aca arvados.APIClientAuthorization
        c.Check(json.NewDecoder(resp.Body).Decode(&aca), check.IsNil)
        c.Check(aca.ExpiresAt, check.NotNil) // Time.Now()+BlobSigningTTL
-       t, _ := time.Parse(time.RFC3339Nano, aca.ExpiresAt)
+       t := aca.ExpiresAt
        c.Check(t.After(time.Now().Add(s.testHandler.Cluster.API.MaxTokenLifetime.Duration())), check.Equals, true)
        c.Check(t.Before(time.Now().Add(s.testHandler.Cluster.Collections.BlobSigningTTL.Duration())), check.Equals, true)
 }

diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index 3c7b01baad1361735ebe37b4ef6df7157d1eb750..2b20491a04a426f50dbb354b9c8e0a7e86f833ea 100644 (file)
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -147,13 +147,13 @@ func (conn *Conn) CreateAPIClientAuthorization(ctx context.Context, rootToken st
                        tokensecret = tokenparts[2]
                }
        }
-       var exp sql.NullString
+       var exp sql.NullTime
        var scopes []byte
        err = tx.QueryRowxContext(ctx, "select uuid, api_token, expires_at, scopes from api_client_authorizations where api_token=$1", tokensecret).Scan(&resp.UUID, &resp.APIToken, &exp, &scopes)
        if err != nil {
                return
        }
-       resp.ExpiresAt = exp.String
+       resp.ExpiresAt = exp.Time
        if len(scopes) > 0 {
                err = json.Unmarshal(scopes, &resp.Scopes)
                if err != nil {

diff --git a/lib/controller/localdb/login_oidc.go b/lib/controller/localdb/login_oidc.go
index 6182469ac378d58b1e1f864bf4d98a6b48a022fb..e076f7e1289c2b7ad48c6b7fb7e8782fd85ff1ce 100644 (file)
--- a/lib/controller/localdb/login_oidc.go
+++ b/lib/controller/localdb/login_oidc.go
@@ -408,11 +408,8 @@ func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) er
                // cached positive result
                aca := cached.(arvados.APIClientAuthorization)
                var expiring bool
-               if aca.ExpiresAt != "" {
-                       t, err := time.Parse(time.RFC3339Nano, aca.ExpiresAt)
-                       if err != nil {
-                               return fmt.Errorf("error parsing expires_at value: %w", err)
-                       }
+               if !aca.ExpiresAt.IsZero() {
+                       t := aca.ExpiresAt
                        expiring = t.Before(time.Now().Add(time.Minute))
                }
                if !expiring {
@@ -505,7 +502,7 @@ func (ta *oidcTokenAuthorizer) registerToken(ctx context.Context, tok string) er
        if err != nil {
                return err
        }
-       aca.ExpiresAt = exp.Format(time.RFC3339Nano)
+       aca.ExpiresAt = exp
        ta.cache.Add(tok, aca)
        return nil
 }

diff --git a/sdk/go/arvados/api_client_authorization.go b/sdk/go/arvados/api_client_authorization.go
index 686caf49d5426a9e32462e20c037cccd5b975652..c920d2dc348ede29355f3f062a5e1b445e4e02c3 100644 (file)
--- a/sdk/go/arvados/api_client_authorization.go
+++ b/sdk/go/arvados/api_client_authorization.go
@@ -15,7 +15,7 @@ type APIClientAuthorization struct {
        CreatedByIPAddress   string    `json:"created_by_ip_address"`
        DefaultOwnerUUID     string    `json:"default_owner_uuid"`
        Etag                 string    `json:"etag"`
-       ExpiresAt            string    `json:"expires_at"`
+       ExpiresAt            time.Time `json:"expires_at"`
        LastUsedAt           time.Time `json:"last_used_at"`
        LastUsedByIPAddress  string    `json:"last_used_by_ip_address"`
        ModifiedAt           time.Time `json:"modified_at"`