Skip to content

Refresh authn.DefaultKeychain creds every 5 min#1624

Merged
jonjohnsonjr merged 1 commit intogoogle:mainfrom
jonjohnsonjr:refresh
Apr 5, 2023
Merged

Refresh authn.DefaultKeychain creds every 5 min#1624
jonjohnsonjr merged 1 commit intogoogle:mainfrom
jonjohnsonjr:refresh

Conversation

@jonjohnsonjr
Copy link
Copy Markdown
Collaborator

@jonjohnsonjr jonjohnsonjr commented Apr 5, 2023

Sometimes Authenticators stick around for a while and eventually expire. This changes modifies Authenticators returned by DefaultKeychain to re-resolve after 5 minutes to ensure the underlying creds are fresh.

The hard-coded 5 minutes should prevent us from spamming the underlying Keychain (it can be expensive) while also preventing the creds from expiring.

@jonjohnsonjr jonjohnsonjr requested a review from imjasonh April 5, 2023 18:08
imjasonh
imjasonh approved these changes Apr 5, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@imjasonh imjasonh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love it.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 5, 2023

Codecov Report

Merging #1624 (e01b487) into main (b8d1c0a) will increase coverage by 0.06%.
The diff coverage is 90.62%.

@@            Coverage Diff             @@
##             main    #1624      +/-   ##
==========================================
+ Coverage   72.75%   72.81%   +0.06%     
==========================================
  Files         118      118              
  Lines        9466     9498      +32     
==========================================
+ Hits         6887     6916      +29     
- Misses       1880     1882       +2     
- Partials      699      700       +1
Impacted Files Coverage Δ
pkg/authn/keychain.go 94.23% <90.62%> (-1.61%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@jonjohnsonjr
Refresh authn.DefaultKeychain creds every 5 min
29da376 
Sometimes Authenticators stick around for a while and eventually expire.
This changes modifies Authenticators returned by DefaultKeychain to
re-resolve after 5 minutes to ensure the underlying creds are fresh.

The hard-coded 5 minutes should prevent us from spamming the underlying
Keychain (it can be expensive) while also preventing the creds from
expiring.

This also exposes authn.RefreshingKeychain for others to use.
@jonjohnsonjr jonjohnsonjr merged commit 249d7e1 into google:main Apr 5, 2023
@jonjohnsonjr jonjohnsonjr deleted the refresh branch April 5, 2023 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@imjasonh imjasonh imjasonh approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonjohnsonjr @codecov-commenter @imjasonh