Avoid calling Team API with an expired token.
Previously, the controller fetched the Oauth token once at start, so eventually the token would expire and the operator could not create new users. This commit makes the operator fetch the token before each call to the Teams API.
This commit is contained in:
Oleksii Kliukin
Murat Kabilov
parent
b6e6308bdc
commit
48ba6adf8a
|
|
@ -127,6 +127,7 @@ func (c *Cluster) getTeamMembers() ([]string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Can't get team info: %s", err)
|
return nil, fmt.Errorf("Can't get team info: %s", err)
|
||||||
}
|
}
|
||||||
|
c.logger.Debugf("Got from the Team API: %v", teamInfo)
|
||||||
|
|
||||||
return teamInfo.Members, nil
|
return teamInfo.Members, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -68,12 +68,7 @@ func (c *Controller) initController() {
|
||||||
c.logger.Fatalf("Can't register ThirdPartyResource: %s", err)
|
c.logger.Fatalf("Can't register ThirdPartyResource: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := c.getOAuthToken()
|
c.config.TeamsAPIClient.RefreshTokenAction = c.getOAuthToken
|
||||||
if err != nil {
|
|
||||||
c.logger.Errorf("Can't get OAuth token: %s", err)
|
|
||||||
} else {
|
|
||||||
c.config.TeamsAPIClient.OAuthToken = token
|
|
||||||
}
|
|
||||||
|
|
||||||
// Postgresqls
|
// Postgresqls
|
||||||
clusterLw := &cache.ListWatch{
|
clusterLw := &cache.ListWatch{
|
||||||
|
|
|
||||||
|
|
@ -36,9 +36,9 @@ type Team struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type TeamsAPI struct {
|
type TeamsAPI struct {
|
||||||
url string
|
url string
|
||||||
httpClient *http.Client
|
httpClient *http.Client
|
||||||
OAuthToken string
|
RefreshTokenAction func() (string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewTeamsAPI(url string) *TeamsAPI {
|
func NewTeamsAPI(url string) *TeamsAPI {
|
||||||
|
|
@ -51,13 +51,18 @@ func NewTeamsAPI(url string) *TeamsAPI {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *TeamsAPI) TeamInfo(teamId string) (*Team, error) {
|
func (t *TeamsAPI) TeamInfo(teamId string) (*Team, error) {
|
||||||
|
// TODO: avoid getting a new token on every call to the Teams API.
|
||||||
|
token, err := t.RefreshTokenAction()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
url := fmt.Sprintf("%s/teams/%s", t.url, teamId)
|
url := fmt.Sprintf("%s/teams/%s", t.url, teamId)
|
||||||
req, err := http.NewRequest("GET", url, nil)
|
req, err := http.NewRequest("GET", url, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Header.Add("Authorization", "Bearer "+t.OAuthToken)
|
req.Header.Add("Authorization", "Bearer "+token)
|
||||||
resp, err := t.httpClient.Do(req)
|
resp, err := t.httpClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
package util
|
package util
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"time"
|
"time"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
|
"github.bus.zalan.do/acid/postgres-operator/pkg/spec"
|
||||||
"k8s.io/client-go/pkg/api/v1"
|
"k8s.io/client-go/pkg/api/v1"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue