Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to use Ignore packages #420

Open
lucemia opened this issue Sep 1, 2021 · 4 comments · May be fixed by #430
Open

How to use Ignore packages #420

lucemia opened this issue Sep 1, 2021 · 4 comments · May be fixed by #430

Comments

@lucemia
Copy link

lucemia commented Sep 1, 2021

While I use freezegun with google storage api, I got the following error.

google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', {'error': 'invalid_grant', 'error_description': 'Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.'})

I think ignore packages may solve the problem. Ref: #185

Sometimes it's desired to ignore FreezeGun behaviour for particular packages (i.e. libraries). It's possible to ignore them for a single invocation:

I tried add ["google", "google.auth", "google.cloud"] in ignore list, but still got the same error.

from google.cloud import storage
import freezegun

ig_ms = ["google", "google.oauth2", "urllib3", "google.cloud"]
freezegun.configure(extend_ignore_list=ig_ms)


with freezegun.freeze_time("2017-05-21", ignore=ig_ms):
    client = storage.Client()

    print(list(client.list_buckets()))

I am confused about how to use Ignore Packages correctly.
For example:

import urllib3
import freezegun

with freezegun.freeze_time("2017-05-21", ignore=['urllib3']):
    http = urllib3.PoolManager()
    resp = http.request("GET", "https://httpbin.org/robots.txt")
    print(resp.status)

whether I add urllib3 to ignore list or not,
it will still raise SystemTimeWarning: System time is way off (before 2020-07-01). This will probably lead to SSL verification errors

@ale-hm
Copy link

ale-hm commented Sep 10, 2021

This also impacting snowflake-connector-python as well since snowflake would attempt to verify with OCSP and failed due to timing issue. It doesn't seem like the ignore list isn't honored. I checked the method _should_use_real_time and it seems like it's not matching correctly for some reason.

@ale-hm
Copy link

ale-hm commented Sep 10, 2021

@lucemia I found a potential bug of freezegun that causes the issue for Google API:

For the google library, it uses google.auth._helpers.utcnow.utcnow() to request for a JWT token expiration, which in turn calls datetime.datetime.utcnow(). Freezegun override the datetime.datetime.utcnow with FakeDatetime.utcnow() method and this stub method unfortunately doesn't check against the ignore list.

The temporary fix is to monkey patch freezegun as follow:

def monkey_patch_freezegun_for_google_api():
    import freezegun

    def utcnow():
        if freezegun.api._should_use_real_time():
            result = freezegun.api.real_datetime.utcnow()
        else:
            result = freezegun.api.FakeDatetime._time_to_freeze()
        return freezegun.api.datetime_to_fakedatetime(result)

    freezegun.configure(
        extend_ignore_list=[
            "google",
        ]
    )

    setattr(freezegun.api.FakeDatetime, "utcnow", utcnow)


monkey_patch_freezegun_for_google_api()

@ale-hm
Copy link

ale-hm commented Sep 10, 2021

Also, for snowflake connector, freezegun breaks the OCSP validation, and so far the solution is to use the insecure_mode. I had to apply this universally using the snowflake.connector.connection.DEFAULT_CONFIGURATION

    from snowflake.connector.connection import DEFAULT_CONFIGURATION
    DEFAULT_CONFIGURATION["insecure_mode"] = (True, bool)

pegler added a commit to pegler/freezegun that referenced this issue Nov 19, 2021
@pegler pegler linked a pull request Nov 19, 2021 that will close this issue
pegler added a commit to pegler/freezegun that referenced this issue Nov 19, 2021
pegler added a commit to pegler/freezegun that referenced this issue Nov 19, 2021
@wowkin2
Copy link

wowkin2 commented Jun 23, 2022

Thanks for the patch @ale-hm - it helped.

Had exception:
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.', {'error': 'invalid_grant', 'error_description': 'Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values in the JWT claim.'})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants