Avoid calling Team API with an expired token.

Previously, the controller fetched the Oauth token once at start, so eventually the token would expire and the operator could not create new users. This commit makes the operator fetch the token before each call to the Teams API.

pkg/cluster/util.go

@@ -127,6 +127,7 @@ func (c *Cluster) getTeamMembers() ([]string, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Can't get team info: %s", err)
 	}
+	c.logger.Debugf("Got from the Team API: %v", teamInfo)
 
 	return teamInfo.Members, nil
 }

pkg/controller/controller.go

@@ -68,12 +68,7 @@ func (c *Controller) initController() {
 		c.logger.Fatalf("Can't register ThirdPartyResource: %s", err)
 	}
 
-	token, err := c.getOAuthToken()
+	c.config.TeamsAPIClient.RefreshTokenAction = c.getOAuthToken
-	if err != nil {
-		c.logger.Errorf("Can't get OAuth token: %s", err)
-	} else {
-		c.config.TeamsAPIClient.OAuthToken = token
-	}
 
 	// Postgresqls
 	clusterLw := &cache.ListWatch{

pkg/util/teams/teams.go

@@ -38,7 +38,7 @@ type Team struct {
 type TeamsAPI struct {
 	url                string
 	httpClient         *http.Client
-	OAuthToken string
+	RefreshTokenAction func() (string, error)
 }
 
 func NewTeamsAPI(url string) *TeamsAPI {
@@ -51,13 +51,18 @@ func NewTeamsAPI(url string) *TeamsAPI {
 }
 
 func (t *TeamsAPI) TeamInfo(teamId string) (*Team, error) {
+	// TODO: avoid getting a new token on every call to the Teams API.
+	token, err := t.RefreshTokenAction()
+	if err != nil {
+		return nil, err
+	}
 	url := fmt.Sprintf("%s/teams/%s", t.url, teamId)
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	req.Header.Add("Authorization", "Bearer "+t.OAuthToken)
+	req.Header.Add("Authorization", "Bearer "+token)
 	resp, err := t.httpClient.Do(req)
 	if err != nil {
 		return nil, err

pkg/util/util.go

@@ -1,9 +1,9 @@
 package util
 
 import (
+	"fmt"
 	"math/rand"
 	"time"
-	"fmt"
 
 	"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
 	"k8s.io/client-go/pkg/api/v1"