From d759a7ce99d1d03774ac005178480bcd717d299a Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Thu, 8 Aug 2019 15:44:57 -0700 Subject: [PATCH] Fix time formatting of Expiration field in STS (#8043) Without explicit conversion to UTC() from Unix time the zone information is lost, this leads to XML marshallers marshaling the time into a wrong format. This PR fixes the compatibility issue with AWS STS API by keeping Expiration format close to ISO8601 or RFC3339 Fixes #8041 --- docs/sts/assume-role.md | 2 +- docs/sts/client-grants.md | 2 +- docs/sts/web-identity.md | 2 +- pkg/auth/credentials.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sts/assume-role.md b/docs/sts/assume-role.md index ee19345b6..62c4fba79 100644 --- a/docs/sts/assume-role.md +++ b/docs/sts/assume-role.md @@ -59,7 +59,7 @@ http://minio:9000/?Action=AssumeRole&DurationSeconds=3600&Version=2011-06-15&Pol Y4RJU1RNFGK48LGO9I2S sYLRKS1Z7hSjluf6gEbb9066hnx315wHTiACPAjg - 2018-11-09T16:51:11-08:00 + 2019-08-08T20:26:12Z eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJZNFJKVTFSTkZHSzQ4TEdPOUkyUyIsImF1ZCI6IlBvRWdYUDZ1Vk80NUlzRU5SbmdEWGo1QXU1WWEiLCJhenAiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiZXhwIjoxNTQxODExMDcxLCJpYXQiOjE1NDE4MDc0NzEsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIiwianRpIjoiYTBiMjc2MjktZWUxYS00M2JmLTg3MzktZjMzNzRhNGNkYmMwIn0.ewHqKVFTaP-j_kgZrcOEKroNUjk10GEp8bqQjxBbYVovV0nHO985VnRESFbcT6XMDDKHZiWqN2vi_ETX_u3Q-w diff --git a/docs/sts/client-grants.md b/docs/sts/client-grants.md index 99c7a0f68..6edc1f748 100644 --- a/docs/sts/client-grants.md +++ b/docs/sts/client-grants.md @@ -64,7 +64,7 @@ http://minio.cluster:9000?Action=AssumeRoleWithClientGrants&DurationSeconds=3600 Y4RJU1RNFGK48LGO9I2S sYLRKS1Z7hSjluf6gEbb9066hnx315wHTiACPAjg - 2018-11-09T16:51:11-08:00 + 2019-08-08T20:26:12Z eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJZNFJKVTFSTkZHSzQ4TEdPOUkyUyIsImF1ZCI6IlBvRWdYUDZ1Vk80NUlzRU5SbmdEWGo1QXU1WWEiLCJhenAiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiZXhwIjoxNTQxODExMDcxLCJpYXQiOjE1NDE4MDc0NzEsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIiwianRpIjoiYTBiMjc2MjktZWUxYS00M2JmLTg3MzktZjMzNzRhNGNkYmMwIn0.ewHqKVFTaP-j_kgZrcOEKroNUjk10GEp8bqQjxBbYVovV0nHO985VnRESFbcT6XMDDKHZiWqN2vi_ETX_u3Q-w diff --git a/docs/sts/web-identity.md b/docs/sts/web-identity.md index 1f5bcf3c3..eb79b34c7 100644 --- a/docs/sts/web-identity.md +++ b/docs/sts/web-identity.md @@ -62,7 +62,7 @@ http://minio.cluster:9000?Action=AssumeRoleWithWebIdentity&DurationSeconds=3600& Y4RJU1RNFGK48LGO9I2S sYLRKS1Z7hSjluf6gEbb9066hnx315wHTiACPAjg - 2018-11-09T16:51:11-08:00 + 2019-08-08T20:26:12Z eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJZNFJKVTFSTkZHSzQ4TEdPOUkyUyIsImF1ZCI6IlBvRWdYUDZ1Vk80NUlzRU5SbmdEWGo1QXU1WWEiLCJhenAiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiZXhwIjoxNTQxODExMDcxLCJpYXQiOjE1NDE4MDc0NzEsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIiwianRpIjoiYTBiMjc2MjktZWUxYS00M2JmLTg3MzktZjMzNzRhNGNkYmMwIn0.ewHqKVFTaP-j_kgZrcOEKroNUjk10GEp8bqQjxBbYVovV0nHO985VnRESFbcT6XMDDKHZiWqN2vi_ETX_u3Q-w diff --git a/pkg/auth/credentials.go b/pkg/auth/credentials.go index 1be04c637..04f5b9619 100644 --- a/pkg/auth/credentials.go +++ b/pkg/auth/credentials.go @@ -170,7 +170,7 @@ func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string) m["accessKey"] = cred.AccessKey jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.MapClaims(m)) - cred.Expiration = time.Unix(expiry, 0) + cred.Expiration = time.Unix(expiry, 0).UTC() cred.SessionToken, err = jwt.SignedString([]byte(tokenSecret)) if err != nil { return cred, err