From cf827d8c89ddfad23b79cefa0830d9ea814e9c41 Mon Sep 17 00:00:00 2001 From: Karanjot Singh Date: Mon, 27 Jan 2025 14:35:06 +0530 Subject: [PATCH 1/3] Set max validity seconds to 157680000 to avoid keycloack issues (2038 problem) Signed-off-by: Karanjot Singh --- atlan/assets/token_client_test.go | 2 +- atlan/model/structs/api_tokens.go | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/atlan/assets/token_client_test.go b/atlan/assets/token_client_test.go index 71e37c0..c074228 100644 --- a/atlan/assets/token_client_test.go +++ b/atlan/assets/token_client_test.go @@ -13,7 +13,7 @@ import ( var ( TestDisplayName = atlan.MakeUnique("test-api-token") TestDescription = atlan.MakeUnique("Test API Token Description") - MaxValiditySeconds = 409968000 + MaxValiditySeconds = 157680000 ) func TestIntegrationTokenClient(t *testing.T) { diff --git a/atlan/model/structs/api_tokens.go b/atlan/model/structs/api_tokens.go index ad6a193..436acc2 100644 --- a/atlan/model/structs/api_tokens.go +++ b/atlan/model/structs/api_tokens.go @@ -3,9 +3,11 @@ package structs import ( "encoding/json" "fmt" + "math" ) const ServiceAccount = "SERVICE_ACCOUNT_" +const MaxValidity = 157680000 // ApiTokenPersona represents a linked persona in the API token model. type ApiTokenPersona struct { @@ -135,9 +137,10 @@ type ApiTokenRequest struct { func (r *ApiTokenRequest) SetMaxValidity() { if r.ValiditySeconds != nil { if *r.ValiditySeconds < 0 { - *r.ValiditySeconds = 409968000 - } else if *r.ValiditySeconds > 409968000 { - *r.ValiditySeconds = 409968000 + *r.ValiditySeconds = MaxValidity // Treat negative numbers as "infinite" (never expire) + } else if *r.ValiditySeconds > MaxValidity { + // Otherwise use "infinite" as the ceiling for values + *r.ValiditySeconds = int(math.Min(float64(*r.ValiditySeconds), MaxValidity)) } } if r.Personas == nil { From 9bbda0d0010e25d41952ab92a3b90e8787399382 Mon Sep 17 00:00:00 2001 From: Karanjot Singh Date: Mon, 27 Jan 2025 14:44:30 +0530 Subject: [PATCH 2/3] chore: fix lint errors Signed-off-by: Karanjot Singh --- atlan/model/structs/api_tokens.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/atlan/model/structs/api_tokens.go b/atlan/model/structs/api_tokens.go index 436acc2..1570cef 100644 --- a/atlan/model/structs/api_tokens.go +++ b/atlan/model/structs/api_tokens.go @@ -6,8 +6,10 @@ import ( "math" ) -const ServiceAccount = "SERVICE_ACCOUNT_" -const MaxValidity = 157680000 +const ( + ServiceAccount = "SERVICE_ACCOUNT_" + MaxValidity = 157680000 +) // ApiTokenPersona represents a linked persona in the API token model. type ApiTokenPersona struct { From 6ae52401704cc67819cfd3951f1494adb00e23f6 Mon Sep 17 00:00:00 2001 From: Karanjot Singh Date: Mon, 27 Jan 2025 15:22:46 +0530 Subject: [PATCH 3/3] chore: Add a comment notifying the change Signed-off-by: Karanjot Singh --- atlan/model/structs/api_tokens.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/atlan/model/structs/api_tokens.go b/atlan/model/structs/api_tokens.go index 1570cef..ecaa386 100644 --- a/atlan/model/structs/api_tokens.go +++ b/atlan/model/structs/api_tokens.go @@ -8,7 +8,10 @@ import ( const ( ServiceAccount = "SERVICE_ACCOUNT_" - MaxValidity = 157680000 + // The value was previously set to 13 years (409968000 secs). + // It has been reverted to 5 years due to an integer overflow issue in Keycloak. + // https://github.com/keycloak/keycloak/issues/19671 + MaxValidity = 157680000 // 5 years in seconds ) // ApiTokenPersona represents a linked persona in the API token model.