feat(preflight): Add a check for storage containers

thunderboltsid · thunderboltsid · commit 9d875977e5d8 · 2025-06-04T18:35:15.000+02:00
Add pre-flight checks to ensure the storage container mentioned in CSI Provider
storage class config parameters is present in all relevant AOS clusters
i.e. control plane and workers.
diff --git a/go.mod b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api v0.0.0-00010101000000-000000000000
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common v0.7.0
-	github.com/nutanix-cloud-native/prism-go-client v0.5.1
+	github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250602134145-662333927e6d
 	github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2
 	github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1
 	github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1
@@ -102,7 +102,7 @@ require (
 	github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
@@ -120,7 +120,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 // indirect
 	github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
diff --git a/go.sum b/go.sum
@@ -162,14 +162,12 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
@@ -227,16 +225,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1 h1:ykiXPCILzEMORHz7XvI8KXNomChsdLIpOAlT/YqBCmo=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1/go.mod h1:QhLX+sEep0cStzHVYU6mPgIlnA8U3DySskagrbDprRk=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250602134145-662333927e6d h1:ZjrHbyZLeaWMhtBNCe8uIfvAHs0ebqx8WxJRW59hnMg=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250602134145-662333927e6d/go.mod h1:N/O9fz5fimjb30RxlPbKbGs/Z2lqMgDqrb6CrsZvQrA=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2 h1:s1u5/GEw3mTZakepJoTD1OvPVU1YuioRxmKZin+W99s=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2/go.mod h1:sd4Fnk6MVfEDVY+8WyRoQTmLhi2SgZ3riySWErVHf8E=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1 h1:PvZQwYhhJtxmzLpnzEhHTpp2fV6woc6W65PHGsHzVfs=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1/go.mod h1:+eZgV1+xL/r84qmuFSVt5R8OFRO70rEz92jOnVgJNco=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1 h1:hvy3QCc2SgVidYxTq0rRPOazJOt1PP8A86kW7j6sywU=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1/go.mod h1:Yhk+xD4mN90OKEHnk5ARf97CX5p4+MEC/B/YIVoZeZ0=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 h1:K3I9YtqKcKKxSL4+tcxnFeLOoaptiVlpsOJ9Xzq3shM=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3/go.mod h1:kz3gO87xtWnPOCP2kN7yw5LvCDVRnvg8BOWL7CarqXA=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1 h1:XuTRvYu1kiNjdXOYVwyjhKlFWyo9nMit6GsOYV8+5Cg=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1/go.mod h1:CaWm4GFpAjQQDc6YXl/dUDrHpuW54h8j6Cj7EslE4Qk=
 github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 h1:VJSaQDnnYeNEk1mkQqEbt573OdM62+5s/B0e9kszdas=
@@ -302,7 +298,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
diff --git a/pkg/webhook/preflight/nutanix/storagecontainer.go b/pkg/webhook/preflight/nutanix/storagecontainer.go
@@ -0,0 +1,203 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package nutanix
+
+import (
+	"context"
+	"fmt"
+
+	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
+	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	"k8s.io/utils/ptr"
+
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+)
+
+func (n *nutanixChecker) initStorageContainerChecks() []preflight.Check {
+	checks := []preflight.Check{}
+
+	if n.nutanixClusterConfigSpec != nil && n.nutanixClusterConfigSpec.ControlPlane != nil &&
+		n.nutanixClusterConfigSpec.ControlPlane.Nutanix != nil {
+		checks = append(checks,
+			n.storageContainerCheck(
+				n.nutanixClusterConfigSpec.ControlPlane.Nutanix,
+				"cluster.spec.topology[.name=clusterConfig].value.controlPlane.nutanix",
+				&n.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
+			),
+		)
+	}
+
+	for mdName, nutanixWorkerNodeConfigSpec := range n.nutanixWorkerNodeConfigSpecByMachineDeploymentName {
+		if nutanixWorkerNodeConfigSpec.Nutanix != nil {
+			checks = append(checks,
+				n.storageContainerCheck(
+					nutanixWorkerNodeConfigSpec.Nutanix,
+					fmt.Sprintf(
+						"cluster.spec.topology.workers.machineDeployments[.name=%s]"+
+							".variables[.name=workerConfig].value.nutanix",
+						mdName,
+					),
+					&n.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
+				),
+			)
+		}
+	}
+
+	return checks
+}
+
+// storageContainerCheck checks if the storage container specified in the CSIProvider's StorageClassConfigs exists.
+// It admits the NodeSpec instead of the MachineDetails because the failure domains will be specified in the NodeSpec
+// and the MachineDetails.Cluster will be nil in that case.
+func (n *nutanixChecker) storageContainerCheck(
+	nodeSpec *carenv1.NutanixNodeSpec,
+	field string,
+	csiSpec *carenv1.CSIProvider,
+) preflight.Check {
+	const (
+		csiParameterKeyStorageContainer = "storageContainer"
+	)
+
+	return func(ctx context.Context) preflight.CheckResult {
+		result := &preflight.CheckResult{}
+		if csiSpec == nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes, preflight.Cause{
+				Message: fmt.Sprintf("no storage container found for cluster %q", *nodeSpec.MachineDetails.Cluster.Name),
+				Field:   field,
+			})
+
+			return *result
+		}
+
+		if csiSpec.StorageClassConfigs == nil {
+			result.Allowed = false
+			result.Causes = append(result.Causes, preflight.Cause{
+				Message: fmt.Sprintf(
+					"no storage class configs found for cluster %q",
+					*nodeSpec.MachineDetails.Cluster.Name,
+				),
+				Field: field,
+			})
+
+			return *result
+		}
+
+		for _, storageClassConfig := range csiSpec.StorageClassConfigs {
+			if storageClassConfig.Parameters == nil {
+				continue
+			}
+
+			storageContainer, ok := storageClassConfig.Parameters[csiParameterKeyStorageContainer]
+			if !ok {
+				continue
+			}
+
+			// TODO: check if cluster name is set, if not use uuid.
+			// If neither is set, use the cluster name from the NodeSpec failure domain.
+			if _, err := getStorageContainer(n.v4client, nodeSpec, storageContainer); err != nil {
+				result.Allowed = false
+				result.Error = true
+				result.Causes = append(result.Causes, preflight.Cause{
+					Message: fmt.Sprintf("failed to check if storage container named %q exists: %s", storageContainer, err),
+					Field:   field,
+				})
+
+				return *result
+			}
+		}
+
+		return *result
+	}
+}
+
+func getStorageContainer(
+	client *prismv4.Client,
+	nodeSpec *carenv1.NutanixNodeSpec,
+	storageContainerName string,
+) (*clustermgmtv4.StorageContainer, error) {
+	cluster, err := getCluster(client, &nodeSpec.MachineDetails.Cluster)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get cluster: %w", err)
+	}
+
+	fltr := fmt.Sprintf("name eq %q and clusterExtId eq %q", storageContainerName, *cluster.ExtId)
+	resp, err := client.StorageContainerAPI.ListStorageContainers(nil, nil, &fltr, nil, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list storage containers: %w", err)
+	}
+
+	containers, ok := resp.GetData().([]clustermgmtv4.StorageContainer)
+	if !ok {
+		return nil, fmt.Errorf("failed to get data returned by ListStorageContainers(filter=%q)", fltr)
+	}
+
+	if len(containers) == 0 {
+		return nil, fmt.Errorf(
+			"no storage container named %q found on cluster named %q",
+			storageContainerName,
+			*cluster.Name,
+		)
+	}
+
+	if len(containers) > 1 {
+		return nil, fmt.Errorf(
+			"multiple storage containers found with name %q on cluster %q",
+			storageContainerName,
+			*cluster.Name,
+		)
+	}
+
+	return ptr.To(containers[0]), nil
+}
+
+func getCluster(
+	client *prismv4.Client,
+	clusterIdentifier *v1beta1.NutanixResourceIdentifier,
+) (*clustermgmtv4.Cluster, error) {
+	switch clusterIdentifier.Type {
+	case v1beta1.NutanixIdentifierUUID:
+		resp, err := client.ClustersApiInstance.GetClusterById(clusterIdentifier.UUID)
+		if err != nil {
+			return nil, err
+		}
+
+		cluster, ok := resp.GetData().(clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by GetClusterById")
+		}
+
+		return &cluster, nil
+	case v1beta1.NutanixIdentifierName:
+		filter := fmt.Sprintf("name eq '%s'", *clusterIdentifier.Name)
+		resp, err := client.ClustersApiInstance.ListClusters(nil, nil, &filter, nil, nil, nil)
+		if err != nil {
+			return nil, err
+		}
+
+		if resp == nil || resp.GetData() == nil {
+			return nil, fmt.Errorf("no clusters were returned")
+		}
+
+		clusters, ok := resp.GetData().([]clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by ListClusters")
+		}
+
+		if len(clusters) == 0 {
+			return nil, fmt.Errorf("no clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		if len(clusters) > 1 {
+			return nil, fmt.Errorf("multiple clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		return &clusters[0], nil
+	default:
+		return nil, fmt.Errorf("cluster identifier is missing both name and uuid")
+	}
+}
