This is an automated email from the ASF dual-hosted git repository.
adutra pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new bbb7b4338 Use application-scope clock when generating GCP credentials
(#2241)
bbb7b4338 is described below
commit bbb7b433835a779e251f74b5089618a290d55cdc
Author: Alexandre Dutra <[email protected]>
AuthorDate: Tue Aug 5 11:47:17 2025 +0200
Use application-scope clock when generating GCP credentials (#2241)
This change also fixes a flaky test:
`StorageConfigurationTest.testCreateGcpCredentialsFromStaticToken`
---
.../storage/PolarisStorageIntegrationProviderImpl.java | 5 +++--
.../polaris/service/storage/StorageConfiguration.java | 7 ++++---
.../polaris/service/storage/StorageConfigurationTest.java | 13 ++++++++-----
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git
a/service/common/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java
b/service/common/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java
index d5eba55a1..97607e51e 100644
---
a/service/common/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java
+++
b/service/common/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java
@@ -26,6 +26,7 @@ import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
+import java.time.Clock;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
@@ -51,11 +52,11 @@ public class PolarisStorageIntegrationProviderImpl
implements PolarisStorageInte
@Inject
public PolarisStorageIntegrationProviderImpl(
- StorageConfiguration storageConfiguration, StsClientProvider
stsClientProvider) {
+ StorageConfiguration storageConfiguration, StsClientProvider
stsClientProvider, Clock clock) {
this(
stsClientProvider,
Optional.ofNullable(storageConfiguration.stsCredentials()),
- storageConfiguration.gcpCredentialsSupplier());
+ storageConfiguration.gcpCredentialsSupplier(clock));
}
public PolarisStorageIntegrationProviderImpl(
diff --git
a/service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java
b/service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java
index eb665ee30..5c83cca61 100644
---
a/service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java
+++
b/service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java
@@ -22,8 +22,8 @@ import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.Suppliers;
import java.io.IOException;
+import java.time.Clock;
import java.time.Duration;
-import java.time.Instant;
import java.util.Date;
import java.util.Optional;
import java.util.function.Supplier;
@@ -89,7 +89,7 @@ public interface StorageConfiguration {
}
}
- default Supplier<GoogleCredentials> gcpCredentialsSupplier() {
+ default Supplier<GoogleCredentials> gcpCredentialsSupplier(Clock clock) {
return Suppliers.memoize(
() -> {
if (gcpAccessToken().isEmpty()) {
@@ -103,7 +103,8 @@ public interface StorageConfiguration {
new AccessToken(
gcpAccessToken().get(),
new Date(
- Instant.now()
+ clock
+ .instant()
.plus(gcpAccessTokenLifespan().orElse(DEFAULT_TOKEN_LIFESPAN))
.toEpochMilli()));
return GoogleCredentials.create(accessToken);
diff --git
a/service/common/src/test/java/org/apache/polaris/service/storage/StorageConfigurationTest.java
b/service/common/src/test/java/org/apache/polaris/service/storage/StorageConfigurationTest.java
index 40bb12950..e76624966 100644
---
a/service/common/src/test/java/org/apache/polaris/service/storage/StorageConfigurationTest.java
+++
b/service/common/src/test/java/org/apache/polaris/service/storage/StorageConfigurationTest.java
@@ -26,8 +26,10 @@ import static org.mockito.Mockito.when;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
+import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
+import java.time.ZoneOffset;
import java.util.Optional;
import java.util.function.Supplier;
import org.junit.jupiter.api.Test;
@@ -135,8 +137,9 @@ public class StorageConfigurationTest {
@Test
public void testCreateGcpCredentialsFromStaticToken() {
+ Clock clock = Clock.fixed(Instant.now(), ZoneOffset.UTC);
Supplier<GoogleCredentials> supplier =
- configWithAwsCredentialsAndGcpToken().gcpCredentialsSupplier();
+ configWithAwsCredentialsAndGcpToken().gcpCredentialsSupplier(clock);
GoogleCredentials credentials = supplier.get();
assertThat(credentials).isNotNull();
@@ -144,9 +147,8 @@ public class StorageConfigurationTest {
AccessToken accessToken = credentials.getAccessToken();
assertThat(accessToken).isNotNull();
assertThat(accessToken.getTokenValue()).isEqualTo(TEST_GCP_TOKEN);
- long expectedExpiry =
Instant.now().plus(Duration.ofMinutes(20)).toEpochMilli();
- long actualExpiry = accessToken.getExpirationTime().getTime();
- assertThat(actualExpiry).isBetween(expectedExpiry - 500, expectedExpiry +
500);
+ assertThat(accessToken.getExpirationTime())
+ .isEqualTo(clock.instant().plus(Duration.ofMinutes(20)));
}
@Test
@@ -158,7 +160,8 @@ public class StorageConfigurationTest {
mockedStatic.when(GoogleCredentials::getApplicationDefault).thenReturn(mockDefaultCreds);
- Supplier<GoogleCredentials> supplier =
configWithoutGcpToken().gcpCredentialsSupplier();
+ Supplier<GoogleCredentials> supplier =
+ configWithoutGcpToken().gcpCredentialsSupplier(Clock.systemUTC());
GoogleCredentials result = supplier.get();
assertThat(result).isSameAs(mockDefaultCreds);
