TLS 1.2 on IAM credentials api call also

2026-06-28 09:51:36 +00:00 · 2023-08-18 19:16:33 +00:00
parent 0c85abf074
commit 92174438f6
2 changed files with 1 additions and 8 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -637,8 +637,6 @@ jobs:
             $gam config domain "pdl.jaylee.us" save
             $gam config admin_email "${gam_user}" save
             $gam config enable_dasa false save
-             # temp attempt to fix Python 3.12 and WIF issues
-             $gam config tls_min_version TLSv1_2 save
             $gam oauth info
             $gam oauth refresh
             $gam config enable_dasa true save 
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -4328,20 +4328,15 @@ class signjwtSignJwt(google.auth.crypt.Signer):

  def sign(self, message):
    ''' Call IAM Credentials SignJWT API to get our signed JWT '''
-    print('step 1...')
    try:
      credentials, _ = google.auth.default(scopes=[API.IAM_SCOPE],
                                           request=getTLSv1_2Request())
    except (google.auth.exceptions.DefaultCredentialsError, google.auth.exceptions.RefreshError) as e:
      systemErrorExit(API_ACCESS_DENIED_RC, str(e))
-    print('step 2...')
-    httpObj = transportAuthorizedHttp(credentials, http=getHttpObj())
-    print('step 3...')
+    httpObj = transportAuthorizedHttp(credentials, http=getHttpObj(override_min_tls='TLSv1_2'))
    iamc = getService(API.IAM_CREDENTIALS, httpObj)
-    print('step 4...')
    response = callGAPI(iamc.projects().serviceAccounts(), 'signJwt',
                        name=self.name, body={'payload': json.dumps(message)})
-    print('step 5...')
    signed_jwt = response.get('signedJwt')
    return signed_jwt