refresh GCP tokens if <55 mins of life left

Signed-off-by: Jake Sanders <[email protected]>

Author: Jake Sanders

config/kube_config.py

@@ -32,7 +32,7 @@
 from .config_exception import ConfigException
 from .dateutil import UTC, format_rfc3339, parse_rfc3339
 
-EXPIRY_SKEW_PREVENTION_DELAY = datetime.timedelta(minutes=5)
+MINIMUM_TOKEN_TIME_REMAINING = datetime.timedelta(minutes=55)
 KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', '~/.kube/config')
 _temp_files = {}
 
@@ -62,8 +62,8 @@ def _create_temp_file_with_content(content):
     return name
 
 
-def _is_expired(expiry):
-    return ((parse_rfc3339(expiry) - EXPIRY_SKEW_PREVENTION_DELAY) <=
+def _is_stale(expiry):
+    return ((parse_rfc3339(expiry) - MINIMUM_TOKEN_TIME_REMAINING) <=
             datetime.datetime.utcnow().replace(tzinfo=UTC))
 
 
@@ -198,7 +198,7 @@ def _load_gcp_token(self):
         if (('config' not in provider) or
                 ('access-token' not in provider['config']) or
                 ('expiry' in provider['config'] and
-                 _is_expired(provider['config']['expiry']))):
+                 _is_stale(provider['config']['expiry']))):
             # token is not available or expired, refresh it
             self._refresh_gcp_token()
 
@@ -243,7 +243,7 @@ def _load_oid_token(self):
         expire = jwt_attributes.get('exp')
 
         if ((expire is not None) and
-            (_is_expired(datetime.datetime.fromtimestamp(expire,
+            (_is_stale(datetime.datetime.fromtimestamp(expire,
                                                          tz=UTC)))):
             self._refresh_oidc(provider)