From 92174438f6b19bb8b70261a44cff3c3f5eb70b49 Mon Sep 17 00:00:00 2001 From: Jay Lee Date: Fri, 18 Aug 2023 19:16:33 +0000 Subject: [PATCH] TLS 1.2 on IAM credentials api call also --- .github/workflows/build.yml | 2 -- src/gam/__init__.py | 7 +------ 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 71fe75ca..8b793379 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -637,8 +637,6 @@ jobs: $gam config domain "pdl.jaylee.us" save $gam config admin_email "${gam_user}" save $gam config enable_dasa false save - # temp attempt to fix Python 3.12 and WIF issues - $gam config tls_min_version TLSv1_2 save $gam oauth info $gam oauth refresh $gam config enable_dasa true save diff --git a/src/gam/__init__.py b/src/gam/__init__.py index ddb55df3..84eca509 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -4328,20 +4328,15 @@ class signjwtSignJwt(google.auth.crypt.Signer): def sign(self, message): ''' Call IAM Credentials SignJWT API to get our signed JWT ''' - print('step 1...') try: credentials, _ = google.auth.default(scopes=[API.IAM_SCOPE], request=getTLSv1_2Request()) except (google.auth.exceptions.DefaultCredentialsError, google.auth.exceptions.RefreshError) as e: systemErrorExit(API_ACCESS_DENIED_RC, str(e)) - print('step 2...') - httpObj = transportAuthorizedHttp(credentials, http=getHttpObj()) - print('step 3...') + httpObj = transportAuthorizedHttp(credentials, http=getHttpObj(override_min_tls='TLSv1_2')) iamc = getService(API.IAM_CREDENTIALS, httpObj) - print('step 4...') response = callGAPI(iamc.projects().serviceAccounts(), 'signJwt', name=self.name, body={'payload': json.dumps(message)}) - print('step 5...') signed_jwt = response.get('signedJwt') return signed_jwt