Reuse Token for serviceAccount credentials (#1238)

2017-05-16 12:37:36 -07:00
parent 3773797869
commit 3419b42955
1 changed files with 15 additions and 7 deletions
--- a/credentials/oauth/oauth.go
+++ b/credentials/oauth/oauth.go
@ -37,6 +37,7 @@ package oauth
 import (
 	"fmt"
 	"io/ioutil"
+	"sync"

 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
@ -132,20 +133,27 @@ func NewComputeEngine() credentials.PerRPCCredentials {

 // serviceAccount represents PerRPCCredentials via JWT signing key.
 type serviceAccount struct {
+	mu     sync.Mutex
 	config *jwt.Config
+	t      *oauth2.Token
 }

-func (s serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
-	token, err := s.config.TokenSource(ctx).Token()
-	if err != nil {
-		return nil, err
+func (s *serviceAccount) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if !s.t.Valid() {
+		var err error
+		s.t, err = s.config.TokenSource(ctx).Token()
+		if err != nil {
+			return nil, err
+		}
 	}
 	return map[string]string{
-		"authorization": token.TokenType + " " + token.AccessToken,
+		"authorization": s.t.TokenType + " " + s.t.AccessToken,
 	}, nil
 }

-func (s serviceAccount) RequireTransportSecurity() bool {
+func (s *serviceAccount) RequireTransportSecurity() bool {
 	return true
 }

@ -156,7 +164,7 @@ func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (credentials.PerR
 	if err != nil {
 		return nil, err
 	}
-	return serviceAccount{config: config}, nil
+	return &serviceAccount{config: config}, nil
 }

 // NewServiceAccountFromFile constructs the PerRPCCredentials using the JSON key file