force 1hour expiry for default 1 year valid tokens (#1086)

microsoft · Sep 28, 2023 · 87c9e03 · 87c9e03
1 parent 37f65ca
commit 87c9e03
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/source/plugins/ruby/KubernetesApiClient.rb b/source/plugins/ruby/KubernetesApiClient.rb
@@ -127,6 +127,10 @@ def getTokenStr
               @Log.warn("The token is not a JWT.")
               @@TokenExpiry = DateTime.now.to_time.to_i + Constants::LEGACY_SERVICE_ACCOUNT_TOKEN_EXPIRY_SECONDS
             end
+            # By default without explicit token mount, token expiry is one year so setting expiry to 1hour to refresh token periodically
+            if (@@TokenExpiry - DateTime.now.to_time.to_i).abs > Constants::LEGACY_SERVICE_ACCOUNT_TOKEN_EXPIRY_SECONDS
+              @@TokenExpiry = DateTime.now.to_time.to_i + Constants::LEGACY_SERVICE_ACCOUNT_TOKEN_EXPIRY_SECONDS
+            end
           else
             @Log.warn("Unable to read token string from #{@@TokenFileName}: #{error}")
             @@TokenExpiry = DateTime.now.to_time.to_i