From 7978ef89206ff43f558d70dcce83288354da5bab Mon Sep 17 00:00:00 2001 From: Jake Sanders Date: Mon, 2 Jul 2018 19:37:12 -0700 Subject: [PATCH] Refresh GCP tokens if <55 mins of life left Signed-off-by: Jake Sanders --- config/kube_config.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/config/kube_config.py b/config/kube_config.py index 5698a5c6..93676d0b 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -32,7 +32,8 @@ from .config_exception import ConfigException from .dateutil import UTC, format_rfc3339, parse_rfc3339 -EXPIRY_SKEW_PREVENTION_DELAY = datetime.timedelta(minutes=5) +EXPIRY_TIME_SKEW = datetime.timedelta(minutes=5) +MINIMUM_GCP_TOKEN_TIME_REMAINING = datetime.timedelta(minutes=55) KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', '~/.kube/config') _temp_files = {} @@ -62,8 +63,16 @@ def _create_temp_file_with_content(content): return name +def _is_stale(expiry): + return _has_min_lifespan(expiry, MINIMUM_GCP_TOKEN_TIME_REMAINING) + + def _is_expired(expiry): - return ((parse_rfc3339(expiry) - EXPIRY_SKEW_PREVENTION_DELAY) <= + return _has_min_lifespan(expiry, EXPIRY_TIME_SKEW) + + +def _has_min_lifespan(expiry, min_lifespan): + return ((parse_rfc3339(expiry) - min_lifespan) <= datetime.datetime.utcnow().replace(tzinfo=UTC)) @@ -198,7 +207,7 @@ def _load_gcp_token(self): if (('config' not in provider) or ('access-token' not in provider['config']) or ('expiry' in provider['config'] and - _is_expired(provider['config']['expiry']))): + _is_stale(provider['config']['expiry']))): # token is not available or expired, refresh it self._refresh_gcp_token()