-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(fac): Change the jwks cache duration from 1 day to 6 hours #1439
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,7 +33,7 @@ import { | |
const expect = chai.expect; | ||
|
||
const ONE_HOUR_IN_SECONDS = 60 * 60; | ||
const ONE_DAY_IN_SECONDS = 86400; | ||
const SIX_HOURS_IN_SECONDS = ONE_HOUR_IN_SECONDS * 6; | ||
const publicCertPath = '/robot/v1/metadata/x509/[email protected]'; | ||
const jwksPath = '/v1alpha/jwks'; | ||
|
||
|
@@ -709,24 +709,24 @@ describe('JwksFetcher', () => { | |
|
||
return keyFetcher.fetchPublicKeys().then(() => { | ||
expect(https.request).to.have.been.calledOnce; | ||
clock!.tick((ONE_DAY_IN_SECONDS - 1) * 1000); | ||
clock!.tick((SIX_HOURS_IN_SECONDS - 1) * 1000); | ||
return keyFetcher.fetchPublicKeys(); | ||
}).then(() => { | ||
expect(https.request).to.have.been.calledOnce; | ||
clock!.tick(ONE_DAY_IN_SECONDS * 1000); // 24 hours in milliseconds | ||
clock!.tick(SIX_HOURS_IN_SECONDS * 1000); // 6 hours in milliseconds | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think the assertion on clock ( There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need it because of the way
I think just doing There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does the compiler actually throw for these instances? We initialize clock as follows in some these tests:
After that compiler should see that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, even after initializing the compiler throws if the instance is used inside a promise chain. |
||
return keyFetcher.fetchPublicKeys(); | ||
}).then(() => { | ||
// App check keys do not contain cache headers so we cache the keys for 24 hours. | ||
// 24 hours has passed | ||
// App check keys do not contain cache headers so we cache the keys for 6 hours. | ||
// 6 hours has passed | ||
expect(https.request).to.have.been.calledTwice; | ||
clock!.tick((ONE_DAY_IN_SECONDS - 1) * 1000); | ||
clock!.tick((SIX_HOURS_IN_SECONDS - 1) * 1000); | ||
return keyFetcher.fetchPublicKeys(); | ||
}).then(() => { | ||
expect(https.request).to.have.been.calledTwice; | ||
clock!.tick(ONE_DAY_IN_SECONDS * 1000); | ||
clock!.tick(SIX_HOURS_IN_SECONDS * 1000); | ||
return keyFetcher.fetchPublicKeys(); | ||
}).then(() => { | ||
// 48 hours have passed | ||
// 12 hours have passed | ||
expect(https.request).to.have.been.calledThrice; | ||
}); | ||
}); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Time math is a bit strange here. It seems we are running assertions at:
00:00:00 (start; calledOnce)
05:59:59 (calledOnce)
11:59:59 (calledTwice)
17:59:58 (calledTwice)
23:59:58 (calledThrice)
Not really a problem. But just wanted to point it out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are currently checking the boundaries at 6 hour steps. Should this be cleaned up a bit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also check, 0, 5.59, 6, 11.59, 12, 17.59, 18 etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's kind of what I expected to see. But it's not a major issue. Feel free to disregard or address in a future PR.