/*
|
Copyright 2018 The Kubernetes Authors.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
you may not use this file except in compliance with the License.
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
distributed under the License is distributed on an "AS IS" BASIS,
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
See the License for the specific language governing permissions and
|
limitations under the License.
|
*/
|
|
package exec
|
|
import (
|
"sync"
|
"time"
|
|
"k8s.io/client-go/tools/metrics"
|
)
|
|
type certificateExpirationTracker struct {
|
mu sync.RWMutex
|
m map[*Authenticator]time.Time
|
metricSet func(*time.Time)
|
}
|
|
var expirationMetrics = &certificateExpirationTracker{
|
m: map[*Authenticator]time.Time{},
|
metricSet: func(e *time.Time) {
|
metrics.ClientCertExpiry.Set(e)
|
},
|
}
|
|
// set stores the given expiration time and updates the updates the certificate
|
// expiry metric to the earliest expiration time.
|
func (c *certificateExpirationTracker) set(a *Authenticator, t time.Time) {
|
c.mu.Lock()
|
defer c.mu.Unlock()
|
c.m[a] = t
|
|
earliest := time.Time{}
|
for _, t := range c.m {
|
if t.IsZero() {
|
continue
|
}
|
if earliest.IsZero() || earliest.After(t) {
|
earliest = t
|
}
|
}
|
if earliest.IsZero() {
|
c.metricSet(nil)
|
} else {
|
c.metricSet(&earliest)
|
}
|
}
|
