From ee832ddc29a4ad3d4381b7103441ef014b2ac302 Mon Sep 17 00:00:00 2001 From: Jon Johnson Date: Fri, 20 Dec 2024 11:03:00 -0800 Subject: [PATCH] Refresh creds after 30 minutes For fairly large uploads, we might have expired creds during an upload retry. This forces a cred refresh after 30 minutes to ensure we aren't using expired credentials on retry. Signed-off-by: Jon Johnson --- internal/provider/provider.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 023eb6a..1efd19b 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -2,6 +2,7 @@ package provider import ( "context" + "time" "chainguard.dev/apko/pkg/apk/apk" "github.com/google/go-containerregistry/pkg/authn" @@ -100,7 +101,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest, return } - kc := authn.NewMultiKeychain(google.Keychain, authn.DefaultKeychain) + kc := authn.NewMultiKeychain(google.Keychain, authn.RefreshingKeychain(authn.DefaultKeychain, 30*time.Minute)) ropts := []remote.Option{ remote.WithAuthFromKeychain(kc), remote.WithUserAgent("terraform-provider-apko/" + p.version),