Renew on-demand rather than on a schedule

Naatan · Naatan · commit f695c94c011c · 2024-06-13T10:36:56.000-07:00
diff --git a/cmd/state-svc/internal/resolver/resolver.go b/cmd/state-svc/internal/resolver/resolver.go
@@ -77,8 +77,8 @@ func New(cfg *config.Instance, an *sync.Client, auth *authentication.Auth) (*Res
 
 	mostRecentActivity := ptr.To(time.Now())
 	pollAuth := poller.New(pollRateDuration, func() (interface{}, error) {
-		if err := auth.MaybeRenew(time.Now().Add(pollRateDuration)); err != nil {
-			return nil, errs.Wrap(err, "Could not renew auth")
+		if auth.SyncRequired() {
+			return nil, auth.Sync()
 		}
 		return nil, nil
 	})
@@ -278,8 +278,8 @@ func (r *Resolver) GetProcessesInUse(ctx context.Context, execDir string) ([]*gr
 }
 
 func (r *Resolver) GetJwt(ctx context.Context) (*graph.Jwt, error) {
-	if r.auth.SyncRequired() {
-		return nil, r.auth.Sync()
+	if err := r.auth.MaybeRenew(); err != nil {
+		return nil, errs.Wrap(err, "Could not renew auth token")
 	}
 
 	if !r.auth.Authenticated() {
diff --git a/pkg/platform/authentication/auth.go b/pkg/platform/authentication/auth.go
@@ -36,9 +36,6 @@ type ErrTokenRequired struct{ *locale.LocalizedError }
 
 var errNotYetGranted = locale.NewInputError("err_auth_device_noauth")
 
-// jwtKeepaliveDuration determines how long after the last state tool interaction we want to keep the JWT alive.
-const jwtKeepaliveDuration = (6 * time.Hour)
-
 // jwtLifetime is the lifetime of the JWT. This is defined by the API, but the API doesn't communicate this.
 // We drop a minute from this to avoid race conditions with the API.
 const jwtLifetime = (1 * time.Hour) - (1 * time.Minute)
@@ -123,8 +120,9 @@ func (s *Auth) Sync() error {
 	return nil
 }
 
-// MaybeRenew will renew the JWT if it is set to expire before the provided cutoff
-func (s *Auth) MaybeRenew(cutoff time.Time) error {
+// MaybeRenew will renew the JWT if it has expired
+// This should only be called from the state-svc.
+func (s *Auth) MaybeRenew() error {
 	// If we're out of sync then we should just always renew
 	if s.SyncRequired() {
 		err := s.Sync()
@@ -139,8 +137,8 @@ func (s *Auth) MaybeRenew(cutoff time.Time) error {
 		return nil
 	}
 
-	if s.cutoffReached(cutoff) {
-		logging.Debug("Refreshing JWT as it will expire before the cutoff (%s)", cutoff.String())
+	if s.cutoffReached(time.Now()) {
+		logging.Debug("Refreshing JWT as has expired")
 		return s.AuthenticateWithToken(s.AvailableAPIToken())
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -77,8 +77,8 @@ func New(cfg config.Instance, an sync.Client, auth authentication.Auth) (Res`
`77`	`77`
`78`	`78`	`mostRecentActivity := ptr.To(time.Now())`
`79`	`79`	`pollAuth := poller.New(pollRateDuration, func() (interface{}, error) {`
`80`		`- if err := auth.MaybeRenew(time.Now().Add(pollRateDuration)); err != nil {`
`81`		`- return nil, errs.Wrap(err, "Could not renew auth")`
	`80`	`+ if auth.SyncRequired() {`
	`81`	`+ return nil, auth.Sync()`
`82`	`82`	`}`
`83`	`83`	`return nil, nil`
`84`	`84`	`})`
`@@ -278,8 +278,8 @@ func (r Resolver) GetProcessesInUse(ctx context.Context, execDir string) ([]gr`
`278`	`278`	`}`
`279`	`279`
`280`	`280`	`func (r Resolver) GetJwt(ctx context.Context) (graph.Jwt, error) {`
`281`		`- if r.auth.SyncRequired() {`
`282`		`- return nil, r.auth.Sync()`
	`281`	`+ if err := r.auth.MaybeRenew(); err != nil {`
	`282`	`+ return nil, errs.Wrap(err, "Could not renew auth token")`
`283`	`283`	`}`
`284`	`284`
`285`	`285`	`if !r.auth.Authenticated() {`