make threshold configurable

Author: richardkeit

README.md

@@ -21,6 +21,16 @@ export STAX_ACCESS_KEY=<your_access_key>
 export STAX_SECRET_KEY=<your_secret_key>
 ```
 
+*Optional configuration:*
+
+##### Authentication token expiry
+
+Allows configuration of the threshold to when the Auth library should re-cache the credentials
+*Suggested use when running within CI/CD tools to reduce overall auth calls*
+~~~bash
+export TOKEN_EXPIRY_THRESHOLD_IN_MINS=2 # Type: Integer representing minutes
+~~~
+
 ## Usage
 
 ### Read Accounts

staxapp/auth.py

@@ -1,5 +1,6 @@
 #!/usr/local/bin/python3
 from datetime import datetime, timedelta, timezone
+from os import environ
 
 import boto3
 from aws_requests_auth.aws_auth import AWSRequestsAuth
@@ -141,7 +142,7 @@ class ApiTokenAuth:
     def requests_auth(username, password, **kwargs):
         # Minimize the potentical for token to expire while still being used for auth (say within a lambda function)
         if StaxConfig.expiration and StaxConfig.expiration - timedelta(
-            minutes=10
+            minutes=int(environ.get("TOKEN_EXPIRY_THRESHOLD_IN_MINS", 1))
         ) > datetime.now(timezone.utc):
             return StaxConfig.auth
 

tests/test_auth.py

@@ -16,6 +16,7 @@
 from botocore.client import Config as BotoConfig
 from botocore.stub import Stubber, ANY
 from datetime import datetime, timedelta, timezone
+from os import environ
 
 from staxapp.api import Api
 from staxapp.auth import StaxAuth, ApiTokenAuth, RootAuth
@@ -325,9 +326,24 @@ def testApiTokenAuthExpiring(self, requests_auth_mock):
         )
         requests_auth_mock.assert_not_called()
 
+        requests_auth_mock.reset_mock()
+        ## expiration in 5 seconds from now, refresh to avoid token becoming stale used
+        StaxConfig.expiration = datetime.now(timezone.utc) + timedelta(seconds=5)
+
+        ApiTokenAuth.requests_auth(
+            "username",
+            "password",
+            srp_client=self.aws_srp_client,
+            cognito_client=self.cognito_client,
+        )
+        requests_auth_mock.assert_called_once()
+
+
         requests_auth_mock.reset_mock()
         ## expiration in 5 minutes from now, refresh to avoid token becoming stale used
-        StaxConfig.expiration = datetime.now(timezone.utc) + timedelta(minutes=5)
+        ## override default triggering library to not refresh
+        environ["TOKEN_EXPIRY_THRESHOLD_IN_MINS"] = "10"
+        StaxConfig.expiration = datetime.now(timezone.utc) + timedelta(minutes=2)
 
         ApiTokenAuth.requests_auth(
             "username",