- Azure auth module for kubectl now requests login after refresh token expires. ([#86481](https://github.com/kubernetes/kubernetes/pull/86481), [@tdihp](https://github.com/tdihp)) [SIG API Machinery and Auth]

   * useful in testing, or to disable caching temporarily without a code change.
   *
   * <p>Expired entries may be counted in {@link Cache#size}, but will never be visible to read or
   * write operations. Expired entries are cleaned up as part of the routine maintenance described
   * in the class javadoc.
   *

            return children.containsKey(name);
        } finally {
            lock.readLock().unlock();
        }
    }

    /**
     * Check if cache entry is expired
     *
     * @return true if expired
     */
    public boolean isExpired() {
        return System.currentTimeMillis() - lastUpdateTime > maxAge;
    }

    /**
     * Check if cache needs refresh
     *

			expectedRespStatus: http.StatusForbidden,
			accessKey:          "",
			secretKey:          "",
			dates:              []any{},
			policy:             ``,
		},
		// Expired document
		{
			objectName:         "test",
			data:               []byte("Hello, World"),
			expectedRespStatus: http.StatusForbidden,
			accessKey:          credentials.AccessKey,

        }
    }

    /**
     * Rotate all expired keys based on configured interval
     */
    private void rotateExpiredKeys() {
        if (closed) {
            return;
        }

        long now = System.currentTimeMillis();
        java.util.List<String> sessionsToRotate = new java.util.ArrayList<>();

        // Find expired keys

    }

    @Test
    void testGetTrustedDomains_ExpiredCache() throws IOException, SmbAuthException {
        // Set up an expired cache entry
        Dfs.CacheEntry expiredEntry = new Dfs.CacheEntry(-1); // Expired
        testDfs._domains = expiredEntry;
        testDfs.setDisabled(true); // Set disabled to avoid NullPointerException

        when(auth.getDomain()).thenReturn("domain.com");

     *
     * @param ref the referral response
     * @param reqPath the requested path
     * @param expire the expiration time
     * @param consumed the number of characters consumed from the path
     * @return referral data
     */
    public static DfsReferralDataImpl fromReferral(final Referral ref, final String reqPath, final long expire, final int consumed) {
        final DfsReferralDataImpl dr = new DfsReferralDataImpl();

	if err != nil {
		return err
	}
	if numDays <= 0 {
		return errLifecycleInvalidDays
	}
	*eDays = ExpirationDays(numDays)
	return nil
}

// MarshalXML encodes number of days to expire if it is non-zero and
// encodes empty string otherwise
func (eDays ExpirationDays) MarshalXML(e *xml.Encoder, startElement xml.StartElement) error {
	if eDays == 0 {
		return nil
	}

	ID      string `json:"id"`
	Enabled bool   `json:"enabled"`
}

// Standard errors.
var (
	ErrNotImplemented     = errors.New("function not implemented")
	ErrAccessTokenExpired = errors.New("access_token expired or unauthorized")
)

// Provider implements identity provider specific admin operations, such as
// looking up users, fetching additional attributes etc.
type Provider interface {

   * Load cookies from the jar for an HTTP request to [url]. This method returns a possibly
   * empty list of cookies for the network request.
   *
   * Simple implementations will return the accepted cookies that have not yet expired and that
   * [match][Cookie.matches] [url].
   */
  fun loadForRequest(url: HttpUrl): List<Cookie>

  companion object {
    /** A cookie jar that never accepts any cookies. */
    @JvmField