diff --git a/tests/test_cli.py b/tests/test_cli.py index f4d0c33..f65ccd1 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -4,7 +4,7 @@ import pathlib import tempfile import uuid -from datetime import datetime, timedelta +from datetime import datetime, timedelta, timezone from random import randint from unittest import TestCase @@ -125,7 +125,7 @@ def setUp(self) -> None: "startUrl": "https://petshop.awsapps.com/start", "region": "ap-southeast-2", "accessToken": "longTextA.AverylOngText", - "expiresAt": f"{str((datetime.utcnow() + timedelta(hours=3)).isoformat())[:-7]}UTC", + "expiresAt": f"{str((datetime.now(timezone.utc) + timedelta(hours=3)).isoformat())[:-7]}UTC", "clientId": "longTextA", "clientSecret": "longTextA", # pragma: allowlist secret "refreshToken": "longTextA" # pragma: allowlist secret @@ -144,7 +144,7 @@ def setUp(self) -> None: 'accessKeyId': 'does-not-matter', 'secretAccessKey': '', 'sessionToken': 'VeryLongBase664String==', - 'expiration': datetime.utcnow().timestamp() + 'expiration': datetime.now(timezone.utc).timestamp() } } @@ -450,7 +450,7 @@ def test_sso_cache_refresh_token_does_not_exist(self): "startUrl": "https://petshop.awsapps.com/start", "region": "ap-southeast-2", "accessToken": "longTextA.AverylOngText", - "expiresAt": f"{str((datetime.utcnow() + timedelta(hours=3)).isoformat())[:-7]}UTC", + "expiresAt": f"{str((datetime.now(timezone.utc) + timedelta(hours=3)).isoformat())[:-7]}UTC", "clientId": "longTextA", "clientSecret": "longTextA", # pragma: allowlist secret # Simulate 'refreshToken' does not exist in sso cache json file. diff --git a/yawsso/core.py b/yawsso/core.py index d949cec..873a524 100644 --- a/yawsso/core.py +++ b/yawsso/core.py @@ -48,7 +48,7 @@ def update_aws_cli_v1_credentials(profile_name, profile, credentials): # set expiration ts_expires_millisecond = credentials["expiration"] - dt_utc = str(datetime.utcfromtimestamp(ts_expires_millisecond / 1000.0).isoformat() + '+0000') + dt_utc = str(datetime.fromtimestamp(ts_expires_millisecond / 1000.0, timezone.utc).isoformat() + '+0000') config.set(profile_name, "aws_session_expiration", dt_utc) # set region @@ -72,6 +72,7 @@ def parse_assume_role_credentials_expiry(dt_str): def parse_credentials_file_session_expiry(dt_str): datetime_format_in_cred_file_aws_session_expiration = "%Y-%m-%dT%H:%M:%S+0000" # 2020-06-14T17:13:26+0000 expires_utc = datetime.strptime(dt_str, datetime_format_in_cred_file_aws_session_expiration) + expires_utc = expires_utc.replace(tzinfo=timezone.utc) return expires_utc @@ -190,7 +191,7 @@ def fetch_credentials_with_assume_role(profile_name, profile): f"to a maximum of one hour. Well, you can always `yawsso` again when session expired!") duration_seconds = Constant.ROLE_CHAINING_DURATION_SECONDS.value - utc_now_ts = int(datetime.utcnow().replace(tzinfo=timezone.utc).timestamp()) + utc_now_ts = int(datetime.now(timezone.utc).replace(tzinfo=timezone.utc).timestamp()) cmd_assume_role_cred = f"{aws_bin} sts assume-role " \ f"--output json " \ f"--profile {profile['source_profile']} " \ @@ -228,7 +229,7 @@ def eager_sync_source_profile(source_profile_name, source_profile): if config.has_section(source_profile_name): cred_profile = dict(config.items(source_profile_name)) session_expires_utc = parse_credentials_file_session_expiry(cred_profile['aws_session_expiration']) - if datetime.utcnow() > session_expires_utc: + if datetime.now(timezone.utc) > session_expires_utc: logger.log(TRACE, f"Eagerly sync source_profile `{source_profile_name}`") credentials = fetch_credentials(source_profile_name, source_profile) update_aws_cli_v1_credentials(source_profile_name, source_profile, credentials)