Extract function to get defaulted token

apis/datadoghq/v1alpha1/datadogagent_default.go

@@ -157,9 +157,7 @@ func defaultClusterAgentToken(dda *DatadogAgent, dso *DatadogAgentStatus) {
 		return
 	}
 
-	tokenAlreadyDefaulted := dda.Status.DefaultOverride != nil &&
-		dda.Status.DefaultOverride.Credentials != nil &&
-		dda.Status.DefaultOverride.Credentials.Token != ""
+	defaultedToken := DefaultedClusterAgentToken(&dda.Status)
 
 	if dso.DefaultOverride == nil {
 		dso.DefaultOverride = &DatadogAgentSpec{}
@@ -169,8 +167,8 @@ func defaultClusterAgentToken(dda *DatadogAgent, dso *DatadogAgentStatus) {
 		dso.DefaultOverride.Credentials = &AgentCredentials{}
 	}
 
-	if tokenAlreadyDefaulted {
-		dso.DefaultOverride.Credentials.Token = dda.Status.DefaultOverride.Credentials.Token
+	if defaultedToken != "" {
+		dso.DefaultOverride.Credentials.Token = defaultedToken
 	} else {
 		// For backwards-compatibility, if the token is already in the status
 		// use it.
@@ -182,6 +180,21 @@ func defaultClusterAgentToken(dda *DatadogAgent, dso *DatadogAgentStatus) {
 	}
 }
 
+// DefaultedClusterAgentToken returns the autogenerated token used for the
+// communication between the agents and the DCA. If the token has not been
+// autogenerated, this function returns an empty string.
+func DefaultedClusterAgentToken(ddaStatus *DatadogAgentStatus) string {
+	tokenHasBeenDefaulted := ddaStatus.DefaultOverride != nil &&
+		ddaStatus.DefaultOverride.Credentials != nil &&
+		ddaStatus.DefaultOverride.Credentials.Token != ""
+
+	if !tokenHasBeenDefaulted {
+		return ""
+	}
+
+	return ddaStatus.DefaultOverride.Credentials.Token
+}
+
 // FeatureOverride defaults the feature section of the DatadogAgent
 // TODO surface in the status when Overrides are not possible. Security agent requires the System Probe
 func FeatureOverride(dda *DatadogAgentSpec, dso *DatadogAgentSpec) {

apis/datadoghq/v1alpha1/datadogagent_default_test.go

@@ -1062,3 +1062,45 @@ func Test_defaultCredentials(t *testing.T) {
 		})
 	}
 }
+
+func TestDefaultedClusterAgentToken(t *testing.T) {
+	tests := []struct {
+		name          string
+		ddaStatus     *DatadogAgentStatus
+		expectedToken string
+	}{
+		{
+			name: "status without default overrides",
+			ddaStatus: &DatadogAgentStatus{
+				DefaultOverride: nil,
+			},
+			expectedToken: "",
+		},
+		{
+			name: "status with overrides but no overridden credentials",
+			ddaStatus: &DatadogAgentStatus{
+				DefaultOverride: &DatadogAgentSpec{
+					Credentials: nil,
+				},
+			},
+			expectedToken: "",
+		},
+		{
+			name: "status with defaulted token",
+			ddaStatus: &DatadogAgentStatus{
+				DefaultOverride: &DatadogAgentSpec{
+					Credentials: &AgentCredentials{
+						Token: "some_token",
+					},
+				},
+			},
+			expectedToken: "some_token",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.expectedToken, DefaultedClusterAgentToken(tt.ddaStatus))
+		})
+	}
+}

controllers/datadogagent/secret_agent.go

@@ -39,8 +39,9 @@ func newAgentSecret(name string, dda *datadoghqv1alpha1.DatadogAgent) (*corev1.S
 	if creds.Token != "" {
 		data[datadoghqv1alpha1.DefaultTokenKey] = []byte(creds.Token)
 	} else if isClusterAgentEnabled(dda.Spec.ClusterAgent) {
-		if dda.Status.DefaultOverride != nil && dda.Status.DefaultOverride.Credentials != nil && dda.Status.DefaultOverride.Credentials.Token != "" {
-			data[datadoghqv1alpha1.DefaultTokenKey] = []byte(dda.Status.DefaultOverride.Credentials.Token)
+		defaultedToken := datadoghqv1alpha1.DefaultedClusterAgentToken(&dda.Status)
+		if defaultedToken != "" {
+			data[datadoghqv1alpha1.DefaultTokenKey] = []byte(defaultedToken)
 		}
 	}