Merge pull request #90413 from PurelyApplied/nil-expiry

Improve error message when refresh token expiry is nil.
2025-07-23 11:50:44 +00:00 · 2020-04-24 15:32:07 -07:00 · 2020-04-24 15:32:07 -07:00 · 7297fbd0ce
commit 7297fbd0ce
parent 5555cc1cf9 5ea1cef4c5
2 changed files with 18 additions and 1 deletions
--- a/pkg/kubelet/token/token_manager.go
+++ b/pkg/kubelet/token/token_manager.go
@ -168,7 +168,9 @@ func (m *Manager) expired(t *authenticationv1.TokenRequest) bool {
 // ttl, or if the token is older than 24 hours.
 func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {
 	if tr.Spec.ExpirationSeconds == nil {
-		klog.Errorf("expiration seconds was nil for tr: %#v", tr)
+		cpy := tr.DeepCopy()
+		cpy.Status.Token = ""
+		klog.Errorf("expiration seconds was nil for tr: %#v", cpy)
 		return false
 	}
 	now := m.clock.Now()
--- a/pkg/kubelet/token/token_manager_test.go
+++ b/pkg/kubelet/token/token_manager_test.go
@ -130,6 +130,7 @@ func TestRequiresRefresh(t *testing.T) {
 	cases := []struct {
 		now, exp      time.Time
 		expectRefresh bool
+		requestTweaks func(*authenticationv1.TokenRequest)
 	}{
 		{
 			now:           start.Add(10 * time.Minute),
@ -151,6 +152,15 @@ func TestRequiresRefresh(t *testing.T) {
 			exp:           start.Add(60 * time.Minute),
 			expectRefresh: true,
 		},
+		{
+			// expiry will be overwritten by the tweak below.
+			now:           start.Add(0 * time.Minute),
+			exp:           start.Add(60 * time.Minute),
+			expectRefresh: false,
+			requestTweaks: func(tr *authenticationv1.TokenRequest) {
+				tr.Spec.ExpirationSeconds = nil
+			},
+		},
 	}

 	for i, c := range cases {
@ -165,6 +175,11 @@ func TestRequiresRefresh(t *testing.T) {
 					ExpirationTimestamp: metav1.Time{Time: c.exp},
 				},
 			}
+
+			if c.requestTweaks != nil {
+				c.requestTweaks(tr)
+			}
+
 			mgr := NewManager(nil)
 			mgr.clock = clock