From 48ba6adf8a81aa877856dbe003ae48699be9800b Mon Sep 17 00:00:00 2001
From: Oleksii Kliukin <oleksii.kliukin@zalando.de>
Date: Tue, 21 Mar 2017 15:08:50 +0100
Subject: [PATCH] Avoid calling Team API with an expired token.

Previously, the controller fetched the Oauth token once at start, so eventually the token would expire and the operator could not create new users. This commit makes the operator fetch the token before each call to the Teams API.
---
 pkg/cluster/util.go          |  1 +
 pkg/controller/controller.go |  7 +------
 pkg/util/teams/teams.go      | 13 +++++++++----
 pkg/util/util.go             |  2 +-
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/pkg/cluster/util.go b/pkg/cluster/util.go
index ee788e670..7cdb0ded3 100644
--- a/pkg/cluster/util.go
+++ b/pkg/cluster/util.go
@@ -127,6 +127,7 @@ func (c *Cluster) getTeamMembers() ([]string, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Can't get team info: %s", err)
 	}
+	c.logger.Debugf("Got from the Team API: %v", teamInfo)
 
 	return teamInfo.Members, nil
 }
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index b883b4be3..4a11eb1bc 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -68,12 +68,7 @@ func (c *Controller) initController() {
 		c.logger.Fatalf("Can't register ThirdPartyResource: %s", err)
 	}
 
-	token, err := c.getOAuthToken()
-	if err != nil {
-		c.logger.Errorf("Can't get OAuth token: %s", err)
-	} else {
-		c.config.TeamsAPIClient.OAuthToken = token
-	}
+	c.config.TeamsAPIClient.RefreshTokenAction = c.getOAuthToken
 
 	// Postgresqls
 	clusterLw := &cache.ListWatch{
diff --git a/pkg/util/teams/teams.go b/pkg/util/teams/teams.go
index 6811c48fb..0f8913809 100644
--- a/pkg/util/teams/teams.go
+++ b/pkg/util/teams/teams.go
@@ -36,9 +36,9 @@ type Team struct {
 }
 
 type TeamsAPI struct {
-	url        string
-	httpClient *http.Client
-	OAuthToken string
+	url                string
+	httpClient         *http.Client
+	RefreshTokenAction func() (string, error)
 }
 
 func NewTeamsAPI(url string) *TeamsAPI {
@@ -51,13 +51,18 @@ func NewTeamsAPI(url string) *TeamsAPI {
 }
 
 func (t *TeamsAPI) TeamInfo(teamId string) (*Team, error) {
+	// TODO: avoid getting a new token on every call to the Teams API.
+	token, err := t.RefreshTokenAction()
+	if err != nil {
+		return nil, err
+	}
 	url := fmt.Sprintf("%s/teams/%s", t.url, teamId)
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	req.Header.Add("Authorization", "Bearer "+t.OAuthToken)
+	req.Header.Add("Authorization", "Bearer "+token)
 	resp, err := t.httpClient.Do(req)
 	if err != nil {
 		return nil, err
diff --git a/pkg/util/util.go b/pkg/util/util.go
index f085e8da6..cfd73538b 100644
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -1,9 +1,9 @@
 package util
 
 import (
+	"fmt"
 	"math/rand"
 	"time"
-	"fmt"
 
 	"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
 	"k8s.io/client-go/pkg/api/v1"