Add preflight check for firewall if firewall ID is provided for LinodeCluster and LinodeMachine

komer3 · komer3 · commit 4ccb68418dc2 · 2025-03-19T12:35:38.000-05:00
diff --git a/internal/controller/linodecluster_controller.go b/internal/controller/linodecluster_controller.go
@@ -245,6 +245,28 @@ func (r *LinodeClusterReconciler) performPreflightChecks(ctx context.Context, lo
 }
 
 func (r *LinodeClusterReconciler) reconcilePreflightLinodeFirewallCheck(ctx context.Context, logger logr.Logger, clusterScope *scope.ClusterScope) (ctrl.Result, error) {
+	// If NodeBalancerFirewallID is directly specified, check if it exists
+	if clusterScope.LinodeCluster.Spec.Network.NodeBalancerFirewallID != nil {
+		firewallID := *clusterScope.LinodeCluster.Spec.Network.NodeBalancerFirewallID
+		_, err := clusterScope.LinodeClient.GetFirewall(ctx, firewallID)
+		if err != nil {
+			logger.Error(err, "Failed to get NodeBalancer firewall with provided ID", "firewallID", firewallID)
+			conditions.Set(clusterScope.LinodeCluster, metav1.Condition{
+				Type:    ConditionPreflightLinodeNBFirewallReady,
+				Status:  metav1.ConditionFalse,
+				Reason:  util.CreateError,
+				Message: err.Error(),
+			})
+			return ctrl.Result{RequeueAfter: reconciler.DefaultClusterControllerReconcileDelay}, nil
+		}
+		conditions.Set(clusterScope.LinodeCluster, metav1.Condition{
+			Type:   ConditionPreflightLinodeNBFirewallReady,
+			Status: metav1.ConditionTrue,
+			Reason: "LinodeFirewallReady", // We have to set the reason to not fail object patching
+		})
+		return ctrl.Result{}, nil
+	}
+
 	name := clusterScope.LinodeCluster.Spec.NodeBalancerFirewallRef.Name
 	namespace := clusterScope.LinodeCluster.Spec.NodeBalancerFirewallRef.Namespace
 	if namespace == "" {
diff --git a/internal/controller/linodemachine_controller.go b/internal/controller/linodemachine_controller.go
@@ -442,6 +442,28 @@ func (r *LinodeMachineReconciler) reconcilePreflightVPC(ctx context.Context, log
 }
 
 func (r *LinodeMachineReconciler) reconcilePreflightLinodeFirewallCheck(ctx context.Context, logger logr.Logger, machineScope *scope.MachineScope) (ctrl.Result, error) {
+	// If NodeBalancerFirewallID is directly specified, check if it exists
+	if machineScope.LinodeCluster.Spec.Network.NodeBalancerFirewallID != nil {
+		firewallID := *machineScope.LinodeCluster.Spec.Network.NodeBalancerFirewallID
+		_, err := machineScope.LinodeClient.GetFirewall(ctx, firewallID)
+		if err != nil {
+			logger.Error(err, "Failed to get NodeBalancer firewall with provided ID", "firewallID", firewallID)
+			conditions.Set(machineScope.LinodeMachine, metav1.Condition{
+				Type:    ConditionPreflightLinodeFirewallReady,
+				Status:  metav1.ConditionFalse,
+				Reason:  util.CreateError,
+				Message: err.Error(),
+			})
+			return ctrl.Result{RequeueAfter: reconciler.DefaultClusterControllerReconcileDelay}, nil
+		}
+		conditions.Set(machineScope.LinodeMachine, metav1.Condition{
+			Type:   ConditionPreflightLinodeFirewallReady,
+			Status: metav1.ConditionTrue,
+			Reason: "LinodeFirewallReady", // We have to set the reason to not fail object patching
+		})
+		return ctrl.Result{}, nil
+	}
+
 	name := machineScope.LinodeMachine.Spec.FirewallRef.Name
 	namespace := machineScope.LinodeMachine.Spec.FirewallRef.Namespace
 	if namespace == "" {
