google: update compute token refresh

The shortest MDS token cache time is 4 minutes. The refresh window is updated
to 3 minutes and 45 seconds to give the MDS time to update it's cache.

This should make slow refreshes less likely to cause failures.

Done in https://github.com/googleapis/google-cloud-go/pull/9139 for the other auth library.

Change-Id: Ifa353248197d8998e6b0363d1f2821b45a0e6495
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/584815
Auto-Submit: Cody Oss <codyoss@google.com>
TryBot-Bypass: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
This commit is contained in:
Carl Lundin 2024-05-10 13:56:44 -07:00 коммит произвёл Gopher Robot
Родитель 84cb9f7f5c
Коммит 5fd42413ed
1 изменённых файлов: 4 добавлений и 1 удалений

Просмотреть файл

@ -252,7 +252,10 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
// Further information about retrieving access tokens from the GCE metadata // Further information about retrieving access tokens from the GCE metadata
// server can be found at https://cloud.google.com/compute/docs/authentication. // server can be found at https://cloud.google.com/compute/docs/authentication.
func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource { func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
return computeTokenSource(account, 0, scope...) // refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any
// refreshes earlier are a waste of compute.
earlyExpirySecs := 225 * time.Second
return computeTokenSource(account, earlyExpirySecs, scope...)
} }
func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource { func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {