From ac642646198ff9bb391a4ff042a86081a59e9708 Mon Sep 17 00:00:00 2001
From: Stewart Miles <stewart@agentic.ai>
Date: Fri, 26 Aug 2022 13:52:42 -0700
Subject: [PATCH] Fix socket leak in impersonated_credentials

impersonated_credentials.Credentials.sign_bytes() created
a session that wasn't closed leaking a socket. This fixes
the issue by always closing the requests session after
a signing request is complete.

Fixes #1122
---
 google/auth/impersonated_credentials.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py
index 4d0c4f0f1..f978b64ef 100644
--- a/google/auth/impersonated_credentials.py
+++ b/google/auth/impersonated_credentials.py
@@ -288,9 +288,12 @@ def sign_bytes(self, message):
 
         authed_session = AuthorizedSession(self._source_credentials)
 
-        response = authed_session.post(
-            url=iam_sign_endpoint, headers=headers, json=body
-        )
+        try:
+            response = authed_session.post(
+                url=iam_sign_endpoint, headers=headers, json=body
+            )
+        finally:
+            authed_session.close()
 
         if response.status_code != http_client.OK:
             raise exceptions.TransportError(