From 2f51621e698f797521611d13ff13a8d46c1a30ae Mon Sep 17 00:00:00 2001
From: Daniel Valdivia <hola@danielvaldivia.com>
Date: Fri, 9 Oct 2020 11:51:02 -0700
Subject: [PATCH] Get Tenant Secret From Tenant CR (#323)

We were assuming the Tenant Credentials Secret instead of reading it from it's .spec.credsSecret this commit addresses that
---
 restapi/admin_tenants.go      | 10 +++---
 restapi/admin_tenants_test.go | 66 +++++++++++++++++++++++------------
 2 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/restapi/admin_tenants.go b/restapi/admin_tenants.go
index 5b07679f3..2fdd41d33 100644
--- a/restapi/admin_tenants.go
+++ b/restapi/admin_tenants.go
@@ -230,9 +230,12 @@ func GetTenantServiceURL(mi *operator.Tenant) (svcURL string) {
 	return fmt.Sprintf("%s://%s", scheme, net.JoinHostPort(svc, strconv.Itoa(port)))
 }
 
-func getTenantAdminClient(ctx context.Context, client K8sClientI, namespace, tenantName, svcURL string, insecure bool) (*madmin.AdminClient, error) {
+func getTenantAdminClient(ctx context.Context, client K8sClientI, tenant *operator.Tenant, svcURL string, insecure bool) (*madmin.AdminClient, error) {
+	if tenant == nil || tenant.Spec.CredsSecret == nil {
+		return nil, errors.New("invalid arguments")
+	}
 	// get admin credentials from secret
-	creds, err := client.getSecret(ctx, namespace, fmt.Sprintf("%s-secret", tenantName), metav1.GetOptions{})
+	creds, err := client.getSecret(ctx, tenant.Namespace, tenant.Spec.CredsSecret.Name, metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -1047,8 +1050,7 @@ func getTenantUsageResponse(session *models.Principal, params admin_api.GetTenan
 	mAdmin, err := getTenantAdminClient(
 		ctx,
 		k8sClient,
-		params.Namespace,
-		params.Tenant,
+		minTenant,
 		svcURL,
 		true)
 	if err != nil {
diff --git a/restapi/admin_tenants_test.go b/restapi/admin_tenants_test.go
index 65a9e437d..b1b95a935 100644
--- a/restapi/admin_tenants_test.go
+++ b/restapi/admin_tenants_test.go
@@ -89,8 +89,7 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 	type args struct {
 		ctx        context.Context
 		client     K8sClientI
-		namespace  string
-		tenantName string
+		tenant     v1.Tenant
 		serviceURL string
 		insecure   bool
 	}
@@ -104,10 +103,15 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		{
 			name: "Return Tenant Admin, no errors",
 			args: args{
-				ctx:        ctx,
-				client:     kClient,
-				namespace:  "default",
-				tenantName: "tenant-1",
+				ctx:    ctx,
+				client: kClient,
+				tenant: v1.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "default",
+						Name:      "tenant-1",
+					},
+					Spec: v1.TenantSpec{CredsSecret: &corev1.LocalObjectReference{Name: "secret-name"}},
+				},
 				serviceURL: "http://service-1.default.svc.cluster.local:80",
 			},
 			mockGetSecret: func(ctx context.Context, namespace, secretName string, opts metav1.GetOptions) (*corev1.Secret, error) {
@@ -132,10 +136,14 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		{
 			name: "Access key not stored on secrets",
 			args: args{
-				ctx:        ctx,
-				client:     kClient,
-				namespace:  "default",
-				tenantName: "tenant-1",
+				ctx:    ctx,
+				client: kClient,
+				tenant: v1.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "default",
+						Name:      "tenant-1",
+					},
+				},
 				serviceURL: "http://service-1.default.svc.cluster.local:80",
 			},
 			mockGetSecret: func(ctx context.Context, namespace, secretName string, opts metav1.GetOptions) (*corev1.Secret, error) {
@@ -159,10 +167,14 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		{
 			name: "Secret key not stored on secrets",
 			args: args{
-				ctx:        ctx,
-				client:     kClient,
-				namespace:  "default",
-				tenantName: "tenant-1",
+				ctx:    ctx,
+				client: kClient,
+				tenant: v1.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "default",
+						Name:      "tenant-1",
+					},
+				},
 				serviceURL: "http://service-1.default.svc.cluster.local:80",
 			},
 			mockGetSecret: func(ctx context.Context, namespace, secretName string, opts metav1.GetOptions) (*corev1.Secret, error) {
@@ -186,10 +198,14 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		{
 			name: "Handle error on getService",
 			args: args{
-				ctx:        ctx,
-				client:     kClient,
-				namespace:  "default",
-				tenantName: "tenant-1",
+				ctx:    ctx,
+				client: kClient,
+				tenant: v1.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "default",
+						Name:      "tenant-1",
+					},
+				},
 				serviceURL: "http://service-1.default.svc.cluster.local:80",
 			},
 			mockGetSecret: func(ctx context.Context, namespace, secretName string, opts metav1.GetOptions) (*corev1.Secret, error) {
@@ -209,10 +225,14 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		{
 			name: "Handle error on getSecret",
 			args: args{
-				ctx:        ctx,
-				client:     kClient,
-				namespace:  "default",
-				tenantName: "tenant-1",
+				ctx:    ctx,
+				client: kClient,
+				tenant: v1.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "default",
+						Name:      "tenant-1",
+					},
+				},
 				serviceURL: "http://service-1.default.svc.cluster.local:80",
 			},
 			mockGetSecret: func(ctx context.Context, namespace, secretName string, opts metav1.GetOptions) (*corev1.Secret, error) {
@@ -233,7 +253,7 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		k8sclientGetSecretMock = tt.mockGetSecret
 		k8sclientGetServiceMock = tt.mockGetService
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := getTenantAdminClient(tt.args.ctx, tt.args.client, tt.args.namespace, tt.args.tenantName, tt.args.serviceURL, tt.args.insecure)
+			got, err := getTenantAdminClient(tt.args.ctx, tt.args.client, &tt.args.tenant, tt.args.serviceURL, tt.args.insecure)
 			if err != nil {
 				if tt.wantErr {
 					return