- By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric `serviceaccount_stale_tokens_total` can be used to monitor for workloads that are depending on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container. If that metric indicates no existing workloads are depending on extended lifetimes, injected token lifetime can be...

        // Refresh should clear the cache
        auth.refresh();
        Subject afterRefresh = auth.getSubject();
        // After refresh, may succeed or fail depending on JAAS configuration
        // Just verify that refresh doesn't break the authenticator
        assertNotNull(auth, "Authenticator should remain usable after refresh");
    }

    @Test

    assertEquals(Integer.valueOf(2), cache.getUnchecked(2));
    assertEquals(expectedLoads, loader.getLoadCount());
    assertEquals(expectedReloads, loader.getReloadCount());

    // refresh 0
    ticker.advance(1, MILLISECONDS);
    assertEquals(Integer.valueOf(1), cache.getUnchecked(0));
    expectedReloads++;
    assertEquals(Integer.valueOf(1), cache.getUnchecked(1));

     * Get the security subject associated with these credentials.
     * @return subject associated with the credentials
     */
    Subject getSubject();

    /**
     * Refresh the credentials.
     * @throws CIFSException if refresh fails
     */
    void refresh() throws CIFSException;

        }
    }

    @Test
    @DisplayName("refresh succeeds when not configured to fail")
    void refresh_success() throws Exception {
        TestCredentials creds = new TestCredentials("Z", false, false, new Subject(), false);
        // Should not throw
        assertDoesNotThrow(creds::refresh);
    }

    @Test
    @DisplayName("refresh throws CIFSException when configured to fail")

    }

    public void test_refresh() {
        List<LabelType> labelTypeList = createTestLabelTypeList();

        try {
            labelTypeHelper.refresh(labelTypeList);
        } catch (Exception e) {
            fail("refresh() should not throw an exception: " + e.getMessage());
        }
    }

    public void test_matchLocale() {

    assertEquals(Integer.valueOf(2), cache.getUnchecked(2));
    assertEquals(expectedLoads, loader.getLoadCount());
    assertEquals(expectedReloads, loader.getReloadCount());

    // refresh 0
    ticker.advance(1, MILLISECONDS);
    assertEquals(Integer.valueOf(1), cache.getUnchecked(0));
    expectedReloads++;
    assertEquals(Integer.valueOf(1), cache.getUnchecked(1));

        while (idList.size() > 0 && count < NUM) {
            final String id = idList.get(0);
            checkDeleteMethod(getItemEndpointSuffix() + "/" + id.toString());
            refresh();
            idList = getIdList(searchBody);
            count += 1;
        }
    }

    @AfterAll
    protected static void tearDownAll() {
        deleteTestToken();
    }

            op.setRefreshPolicy(Constants.TRUE);
        });

        final LabelTypeHelper labelTypeHelper = ComponentUtil.getLabelTypeHelper();
        if (labelTypeHelper != null) {
            labelTypeHelper.refresh(getLabelTypeList());
        }
    }

    /**
     * Set up list conditions.
     *
     * @param cb The condition bean.
     * @param labelTypePager The pager for label types.
     */

     * @return true if expired
     */
    public boolean isExpired() {
        return System.currentTimeMillis() - lastUpdateTime > maxAge;
    }

    /**
     * Check if cache needs refresh
     *
     * @return true if refresh needed
     */
    public boolean needsRefresh() {
        return isExpired() || hasChanges;
    }

    /**
     * Mark the cache as complete (full enumeration cached)
     */