Skip to content

Increase the amount of time an auth token is considered "valid" #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 25, 2025
Merged

Increase the amount of time an auth token is considered "valid" #183

merged 2 commits into from
Jun 25, 2025

Conversation

rafibarash
Copy link
Contributor

@rafibarash rafibarash commented Jun 25, 2025
edited
Loading

Up until last year an auth token was considered valid if it didn't expire in the next 10 seconds, but this was changed to 255s last year in https://github.com/googleapis/google-cloud-go/pull/9139/files. This is causing issues with tokens returned from GKE Metadata server, which may be almost expired, expecting a refresh in the background. Let's revert to the previous behavior of allowing tokens to be used until they're within 10s of expiry, and then refreshing them at that time.

It would be more optimal to refresh in the background, but for now I want to do this simpler fix and revert to our previous behavior.

Fixes #182.

@rafibarash
Use custom auth token validation and allow tokens that expire up to 1…
04bdde1 
…0s from now, instead of token.IsValid(), which only allows tokens that expire up to 255s from now.
@rafibarash
Merge branch 'master' into token
3756569
@rafibarash rafibarash requested review from kmontg, ardagnir and jedouard1994 and removed request for kmontg and jedouard1994 June 25, 2025 20:25
@rafibarash rafibarash changed the title Increase the amount of time an auth token is considered "valid" from 255s -> 10s. Increase the amount of time an auth token is considered "valid" Jun 25, 2025
@rafibarash rafibarash merged commit e4e0596 into GoogleCloudPlatform:master Jun 25, 2025
8 checks passed
@rafibarash rafibarash deleted the token branch June 25, 2025 21:32
dziemba added a commit to dziemba/buildbuddy that referenced this pull request Jul 31, 2025
@dziemba
Upgrade bundled docker-credential-gcr to v2.1.30
7f0a131 
https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/tag/v2.1.30

Contains a fix that avoids rare credentials errors when using GCE/GKE
metadata server: GoogleCloudPlatform/docker-credential-gcr#183
@dziemba dziemba mentioned this pull request Jul 31, 2025
Merged
sluongng pushed a commit to dziemba/buildbuddy that referenced this pull request Aug 5, 2025
@dziemba @sluongng
Upgrade bundled docker-credential-gcr to v2.1.30
a7dc559 
https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/tag/v2.1.30

Contains a fix that avoids rare credentials errors when using GCE/GKE
metadata server: GoogleCloudPlatform/docker-credential-gcr#183
sluongng pushed a commit to buildbuddy-io/buildbuddy that referenced this pull request Aug 5, 2025
@dziemba
Upgrade bundled docker-credential-gcr to v2.1.30 (#9992)
3a7417c 
https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/tag/v2.1.30

Contains a fix that avoids rare credentials errors when using GCE/GKE
metadata server:
GoogleCloudPlatform/docker-credential-gcr#183
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MeBaranov MeBaranov MeBaranov approved these changes

@ardagnir ardagnir Awaiting requested review from ardagnir

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Increase the amount of time an auth token is considered "valid" for
2 participants
@rafibarash @MeBaranov