Merge pull request #1 from homedepot/google-token-expiry-threshold

Google token expiry threshold
homedepot · Mar 26, 2021 · a08b616 · a08b616
2 parents b0b31de + 608c541
commit a08b616
Show file tree

Hide file tree

Showing 6 changed files with 112 additions and 151 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 /arcade
+*.coverprofile
diff --git a/pkg/google/client.go b/pkg/google/client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/gin-gonic/gin"
+	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 )
 
@@ -18,7 +19,7 @@ var clientScopes = []string{
 //go:generate counterfeiter . Client
 
 type Client interface {
-	NewToken() (string, error)
+	NewToken() (*oauth2.Token, error)
 }
 
 func NewClient() Client {
@@ -27,18 +28,18 @@ func NewClient() Client {
 
 type client struct{}
 
-func (client) NewToken() (string, error) {
+func (client) NewToken() (*oauth2.Token, error) {
 	tokenSource, err := google.DefaultTokenSource(context.Background(), clientScopes...)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	token, err := tokenSource.Token()
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
-	return token.AccessToken, nil
+	return token, nil
 }
 
 func Instance(c *gin.Context) Client {

diff --git a/pkg/google/googlefakes/fake_client.go b/pkg/google/googlefakes/fake_client.go
diff --git a/pkg/http/token.go b/pkg/http/token.go
@@ -9,18 +9,19 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/homedepot/arcade/pkg/google"
 	"github.com/homedepot/arcade/pkg/rancher"
+	"golang.org/x/oauth2"
 )
 
 var (
-	err             error
-	googleMux       sync.Mutex
-	t               time.Time
-	token           string
-	expiration      = 1 * time.Minute
-	rancherMux      sync.Mutex
-	kubeconfigToken rancher.KubeconfigToken
+	err              error
+	googleMux        sync.Mutex
+	googleExpiration time.Time
+	googleToken      *oauth2.Token
+	rancherMux       sync.Mutex
+	kubeconfigToken  rancher.KubeconfigToken
 )
 
+// GetToken returns a new access token for a given provider.
 func GetToken(c *gin.Context) {
 	provider := c.Query("provider")
 
@@ -39,19 +40,21 @@ func getGoogleToken(c *gin.Context) {
 	googleMux.Lock()
 	defer googleMux.Unlock()
 
-	if time.Since(t) > expiration || token == "" {
+	if time.Now().UTC().After(googleExpiration) || googleToken == nil {
 		googleClient := google.Instance(c)
 
-		token, err = googleClient.NewToken()
+		googleToken, err = googleClient.NewToken()
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 			return
 		}
 
-		t = time.Now().In(time.UTC)
+		// Set the expiration for the Google token to be 90% expiry-threshold.
+		// Expiry looks something like '2021-03-26 15:53:24.513497 -0400 EDT m=+3599.302993422'
+		googleExpiration = time.Now().UTC().Add((time.Until(googleToken.Expiry) / 10) * 9)
 	}
 
-	c.JSON(http.StatusOK, gin.H{"token": token})
+	c.JSON(http.StatusOK, gin.H{"token": googleToken.AccessToken})
 }
 
 func getRancherToken(c *gin.Context) {

diff --git a/pkg/http/token_test.go b/pkg/http/token_test.go
@@ -17,6 +17,7 @@ import (
 	"github.com/homedepot/arcade/pkg/rancher/rancherfakes"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
+	"golang.org/x/oauth2"
 )
 
 type Tokens struct {
@@ -33,9 +34,11 @@ var (
 	res               *http.Response
 	tokens            Tokens
 	fakeGoogleClient  *googlefakes.FakeClient
-	fakeGoogleToken   = "fake-google-token"
 	fakeRancherClient *rancherfakes.FakeClient
-	fakeRancherToken  = rancher.KubeconfigToken{
+	fakeGoogleToken   = &oauth2.Token{
+		AccessToken: "fake-google-token",
+	}
+	fakeRancherToken = rancher.KubeconfigToken{
 		Token: "fake-rancher-token",
 	}
 	expiredRancherToken = rancher.KubeconfigToken{
@@ -49,6 +52,11 @@ var (
 )
 
 var _ = Describe("Token", func() {
+	BeforeEach(func() {
+		// Disable debug logging.
+		gin.SetMode(gin.ReleaseMode)
+	})
+
 	Describe("#GetToken", func() {
 		When("provider is not supported", func() {
 			BeforeEach(func() {
@@ -109,7 +117,7 @@ var _ = Describe("Token", func() {
 
 		When("getting a new token from google fails", func() {
 			BeforeEach(func() {
-				fakeGoogleClient.NewTokenReturns("", errors.New("error getting token from google"))
+				fakeGoogleClient.NewTokenReturns(nil, errors.New("error getting token from google"))
 			})
 
 			It("returns an internal server error", func() {