Kubernetes Auth: Always load jwt from file, cached jwt could be expired

kubernetes_auth.go

@@ -16,6 +16,7 @@ func NewKubernetesAuth(c *Client, role string, opts ...KubernetesAuthOpt) (AuthP
 		Client:     c,
 		mountPoint: "kubernetes",
 		role:       role,
+		jwtPath:    defaultServiceAccountTokenPath,
 	}
 
 	for _, opt := range opts {
@@ -25,14 +26,6 @@ func NewKubernetesAuth(c *Client, role string, opts ...KubernetesAuthOpt) (AuthP
 		}
 	}
 
-	var err error
-	if k.jwt == "" {
-		k.jwt, err = loadJwt(defaultServiceAccountTokenPath)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	return k, nil
 }
 
@@ -41,6 +34,7 @@ type kubernetesAuth struct {
 	mountPoint string
 	role       string
 	jwt        string
+	jwtPath    string
 }
 
 func loadJwt(path string) (string, error) {
@@ -75,14 +69,24 @@ type kubernetesAuthConfig struct {
 }
 
 func (k kubernetesAuth) Auth() (*AuthResponse, error) {
+	var err error
+
+	jwt := k.jwt
+	if jwt == "" {
+		jwt, err = loadJwt(k.jwtPath)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	conf := &kubernetesAuthConfig{
 		Role: k.role,
-		JWT:  k.jwt,
+		JWT:  jwt,
 	}
 
 	res := &AuthResponse{}
 
-	err := k.Client.Write([]string{"v1", "auth", k.mountPoint, "login"}, conf, res, &RequestOptions{
+	err = k.Client.Write([]string{"v1", "auth", k.mountPoint, "login"}, conf, res, &RequestOptions{
 		SkipRenewal: true,
 	})
 	if err != nil {

kubernetes_auth_opts.go

@@ -20,12 +20,7 @@ func WithJwt(jwt string) KubernetesAuthOpt {
 
 func WithJwtFromFile(path string) KubernetesAuthOpt {
 	return func(k *kubernetesAuth) error {
-		jwt, err := loadJwt(path)
-		if err != nil {
-			return err
-		}
-
-		k.jwt = jwt
+		k.jwtPath = path
 
 		return nil
 	}

test/testdata/container_vault.go

@@ -9,7 +9,7 @@ import (
 	"github.com/testcontainers/testcontainers-go/wait"
 )
 
-var VaultVersions = []string{"1.6.7", "1.7.5", "1.8.4"}
+var VaultVersions = []string{"1.6.7", "1.7.5", "1.8.4", "1.9.3"}
 
 type VaultContainer struct {
 	container  testcontainers.Container