From b7c84c607ebf8dc7136d450a3e910d2a3c898330 Mon Sep 17 00:00:00 2001
From: "anton.lysina" <alysina@gmail.com>
Date: Mon, 15 Jan 2024 23:45:45 +0100
Subject: [PATCH] add token cache

Signed-off-by: anton.lysina <alysina@gmail.com>
---
 pkg/scalers/azure_pipelines_scaler.go | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/pkg/scalers/azure_pipelines_scaler.go b/pkg/scalers/azure_pipelines_scaler.go
index bc5a1d48933..e3b61095fe7 100644
--- a/pkg/scalers/azure_pipelines_scaler.go
+++ b/pkg/scalers/azure_pipelines_scaler.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/go-logr/logr"
@@ -32,7 +33,6 @@ type JobRequests struct {
 }
 
 const (
-	// Azure storage resource is "https://storage.azure.com/" in all cloud environments
 	devopsResource = "499b84ac-1321-427f-aa17-267ca6975798/.default"
 )
 
@@ -150,8 +150,9 @@ type azurePipelinesMetadata struct {
 }
 
 type authContext struct {
-	cred *azidentity.ChainedTokenCredential
-	pat  string
+	cred  *azidentity.ChainedTokenCredential
+	pat   string
+	token *azcore.AccessToken
 }
 
 // NewAzurePipelinesScaler creates a new AzurePipelinesScaler
@@ -246,8 +247,9 @@ func parseAzurePipelinesMetadata(ctx context.Context, logger logr.Logger, config
 	}
 	// Trim any trailing new lines from the Azure Pipelines PAT
 	meta.authContext = authContext{
-		pat:  strings.TrimSuffix(pat, "\n"),
-		cred: cred,
+		pat:   strings.TrimSuffix(pat, "\n"),
+		cred:  cred,
+		token: nil,
 	}
 
 	if val, ok := config.TriggerMetadata["parent"]; ok && val != "" {
@@ -349,6 +351,12 @@ func validatePoolID(ctx context.Context, logger logr.Logger, poolID string, meta
 }
 
 func getToken(ctx context.Context, metadata *azurePipelinesMetadata, scope string) (string, error) {
+	if metadata.authContext.token != nil {
+		//if token expires after more then minute from now let's reuse
+		if metadata.authContext.token.ExpiresOn.After(time.Now().Add(time.Second * 60)) {
+			return metadata.authContext.token.Token, nil
+		}
+	}
 	token, err := metadata.authContext.cred.GetToken(ctx, policy.TokenRequestOptions{
 		Scopes: []string{
 			scope,
@@ -358,7 +366,10 @@ func getToken(ctx context.Context, metadata *azurePipelinesMetadata, scope strin
 	if err != nil {
 		return "", err
 	}
-	return token.Token, nil
+
+	metadata.authContext.token = &token
+
+	return metadata.authContext.token.Token, nil
 }
 
 func getAzurePipelineRequest(ctx context.Context, logger logr.Logger, urlString string, metadata *azurePipelinesMetadata, podIdentity kedav1alpha1.AuthPodIdentity, httpClient *http.Client) ([]byte, error) {