1. The most common method (pictured above) is to sign a new certificate by calling the configured CA. Typically, this is Istiod.
   1. If the certificate is not yet expired, the `SecretManager` also can return a cache response. In practice, this would
       only happen in cases where Envoy were to re-request a resource, which is fairly rare.

			objectTags:     "tag1=value1",
			objectModTime:  time.Now().UTC().Add(-24 * time.Hour), // Created 1 day ago
			expectedAction: DeleteAction,
		},
		// Should remove - empty prefix, tags match, object is expired based on specified Days
		{

	if !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel) {
		s.WriteString("\n")
		s.WriteString(cred.Expiration.String())
	}
	return s.String()
}

// IsExpired - returns whether Credential is expired or not.
func (cred Credentials) IsExpired() bool {
	if cred.Expiration.IsZero() || cred.Expiration.Equal(timeSentinel) {
		return false
	}

	return cred.Expiration.Before(time.Now().UTC())
}

    // it still should only have executed once due to memoization
    assertEquals(1, countingSupplier.calls);

    Thread.sleep(150);

    assertEquals(20, (int) memoizedSupplier.get());
    // old value expired
    assertEquals(2, countingSupplier.calls);

    assertEquals(20, (int) memoizedSupplier.get());
    // it still should only have executed twice due to memoization
    assertEquals(2, countingSupplier.calls);
  }

    // it still should only have executed once due to memoization
    assertEquals(1, countingSupplier.calls);

    Thread.sleep(150);

    assertEquals(20, (int) memoizedSupplier.get());
    // old value expired
    assertEquals(2, countingSupplier.calls);

    assertEquals(20, (int) memoizedSupplier.get());
    // it still should only have executed twice due to memoization
    assertEquals(2, countingSupplier.calls);
  }

labels.defaultLabelValue=Default Label
labels.designFileName=File Name
labels.incrementalCrawling=Check Last Modified
labels.errorCount=Error Count
labels.errorLog=Error Log
labels.errorName=Error Name
labels.expiredTime=Expired
labels.expires=Expired
labels.failureCountThreshold=Failure Count
labels.fileConfigName=File System Config Name
labels.fileName=File name
labels.handlerName=Handler Name
labels.handlerParameter=Parameters

        new RemovalListener<Integer, Integer>() {
          @Override
          public void onRemoval(RemovalNotification<Integer, Integer> notification) {
            switch (notification.getCause()) {
              case EXPIRED:
                stats[0]++;
                break;
              case EXPLICIT:
                stats[1]++;
                break;
              case REPLACED:
                stats[2]++;

                    if (time > maxAge || time < 0) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("role info is expired: {} > {}", time, maxAge);
                        }
                        return;
                    }
                } catch (final NumberFormatException e) {

        public String propertiesPath;

        @Option(name = "-e", aliases = "--expires", metaVar = "expires", usage = "Expires for documents")
        public String expires;

        @Option(name = "-h", aliases = "--hotThread", metaVar = "hotThread", usage = "Interval for Hot Thread logging")
        public Integer hotThread;

        "Logon failure: account logon time restriction violation.",
        "Logon failure: user not allowed to log on to this computer.",
        "Logon failure: the specified account password has expired.",
        "Logon failure: account currently disabled.",
        "No mapping between account names and security IDs was done.",
        "The security ID structure is invalid.",
        "All pipe instances are busy.",