google: update compute token refresh
The shortest MDS token cache time is 4 minutes. The refresh window is updated
to 3 minutes and 45 seconds to give the MDS time to update it's cache.
This should make slow refreshes less likely to cause failures.
Done in https://github.com/googleapis/google-cloud-go/pull/9139 for the other auth library.
Change-Id: Ifa353248197d8998e6b0363d1f2821b45a0e6495
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/584815
Auto-Submit: Cody Oss <codyoss@google.com>
TryBot-Bypass: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
diff --git a/google/google.go b/google/google.go
index ba931c2..7b82e7a 100644
--- a/google/google.go
+++ b/google/google.go
@@ -252,7 +252,10 @@
// Further information about retrieving access tokens from the GCE metadata
// server can be found at https://cloud.google.com/compute/docs/authentication.
func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
- return computeTokenSource(account, 0, scope...)
+ // refresh 3 minutes and 45 seconds early. The shortest MDS cache is currently 4 minutes, so any
+ // refreshes earlier are a waste of compute.
+ earlyExpirySecs := 225 * time.Second
+ return computeTokenSource(account, earlyExpirySecs, scope...)
}
func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {