feat: Validate the configured failure domain(s) exist and valid (#1208)

yanhua121 · web-flow · commit eacc96b7e1a8 · 2025-07-15T15:16:07.000-04:00
https://jira.nutanix.com/browse/NCN-108173: Validate the configured failure domain(s) exist and valid Added preflight check validation for the Nutanix failureDomains configured using Cluster.spec.topology. Make sure the referenced NutanixFailureDomains objects in the Cluster.spec.topology exist and their spec configuration is valid. Added unit tests and did the integration test. Signed-off-by: Yanhua Li <yanhua.li@nutanix.com>
diff --git a/cmd/main.go b/cmd/main.go
@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
+	capxv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	caaphv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-addon-provider-helm/api/v1alpha1"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/server"
@@ -56,6 +57,7 @@ func main() {
 	utilruntime.Must(crsv1.AddToScheme(clientScheme))
 	utilruntime.Must(clusterv1.AddToScheme(clientScheme))
 	utilruntime.Must(caaphv1.AddToScheme(clientScheme))
+	utilruntime.Must(capxv1.AddToScheme(clientScheme))
 
 	webhookOptions := webhook.Options{
 		Port:    9444,
diff --git a/pkg/webhook/preflight/nutanix/checker.go b/pkg/webhook/preflight/nutanix/checker.go
@@ -20,6 +20,7 @@ import (
 var Checker = &nutanixChecker{
 	configurationCheckFactory:             newConfigurationCheck,
 	credentialsCheckFactory:               newCredentialsCheck,
+	failureDomainCheckFactory:             newFailureDomainChecks,
 	vmImageChecksFactory:                  newVMImageChecks,
 	vmImageKubernetesVersionChecksFactory: newVMImageKubernetesVersionChecks,
 	storageContainerChecksFactory:         newStorageContainerChecks,
@@ -36,6 +37,10 @@ type nutanixChecker struct {
 		cd *checkDependencies,
 	) preflight.Check
 
+	failureDomainCheckFactory func(
+		cd *checkDependencies,
+	) []preflight.Check
+
 	vmImageChecksFactory func(
 		cd *checkDependencies,
 	) []preflight.Check
@@ -78,6 +83,10 @@ func (n *nutanixChecker) Init(
 		n.credentialsCheckFactory(ctx, newClient, cd),
 	}
 
+	// The failure domains check need to run before the image, storage container checks that depends on whether
+	// failure domains are configured correctly.
+	checks = append(checks, n.failureDomainCheckFactory(cd)...)
+
 	checks = append(checks, n.vmImageChecksFactory(cd)...)
 	checks = append(checks, n.vmImageKubernetesVersionChecksFactory(cd)...)
 	checks = append(checks, n.storageContainerChecksFactory(cd)...)
diff --git a/pkg/webhook/preflight/nutanix/checker_test.go b/pkg/webhook/preflight/nutanix/checker_test.go
@@ -42,6 +42,7 @@ func TestNutanixChecker_Init(t *testing.T) {
 		vmImageCheckCount                  int
 		vmImageKubernetesVersionCheckCount int
 		storageContainerCheckCount         int
+		failureDomainCheckCount            int
 	}{
 		{
 			name:                               "basic initialization with no configs",
@@ -53,6 +54,7 @@ func TestNutanixChecker_Init(t *testing.T) {
 			vmImageCheckCount:                  0,
 			vmImageKubernetesVersionCheckCount: 0,
 			storageContainerCheckCount:         0,
+			failureDomainCheckCount:            0,
 		},
 		{
 			name: "initialization with control plane config",
@@ -62,12 +64,13 @@ func TestNutanixChecker_Init(t *testing.T) {
 				},
 			},
 			workerNodeConfigs:                  nil,
-			expectedCheckCount:                 5, //nolint:lll // config check, credentials check, 1 VM image check, 1 storage container check, 1 VM image Kubernetes version check
+			expectedCheckCount:                 6, //nolint:lll // config check, credentials check, 1 VM image check, 1 storage container check, 1 VM image Kubernetes version check, 1 failure domain check
 			expectedFirstCheckName:             "NutanixConfiguration",
 			expectedSecondCheckName:            "NutanixCredentials",
 			vmImageCheckCount:                  1,
 			vmImageKubernetesVersionCheckCount: 1,
 			storageContainerCheckCount:         1,
+			failureDomainCheckCount:            1,
 		},
 		{
 			name:          "initialization with worker node configs",
@@ -80,12 +83,13 @@ func TestNutanixChecker_Init(t *testing.T) {
 					Nutanix: &carenv1.NutanixWorkerNodeSpec{},
 				},
 			},
-			expectedCheckCount:                 8, //nolint:lll // config check, credentials check, 2 VM image checks, 2 storage container checks, 2 VM image Kubernetes version checks
+			expectedCheckCount:                 10, //nolint:lll // config check, credentials check, 2 VM image checks, 2 storage container checks, 2 VM image Kubernetes version checks, 2 failure domain checks
 			expectedFirstCheckName:             "NutanixConfiguration",
 			expectedSecondCheckName:            "NutanixCredentials",
 			vmImageCheckCount:                  2,
 			vmImageKubernetesVersionCheckCount: 2,
 			storageContainerCheckCount:         2,
+			failureDomainCheckCount:            2,
 		},
 		{
 			name: "initialization with both control plane and worker node configs",
@@ -99,12 +103,13 @@ func TestNutanixChecker_Init(t *testing.T) {
 					Nutanix: &carenv1.NutanixWorkerNodeSpec{},
 				},
 			},
-			expectedCheckCount:                 8, //nolint:lll // config check, credentials check, 2 VM image checks (1 CP + 1 worker), 2 storage container checks (1 CP + 1 worker), 2 VM image Kubernetes version checks
+			expectedCheckCount:                 10, //nolint:lll // config check, credentials check, 2 VM image checks (1 CP + 1 worker), 2 storage container checks (1 CP + 1 worker), 2 VM image Kubernetes version checks, 2 failure domain checks
 			expectedFirstCheckName:             "NutanixConfiguration",
 			expectedSecondCheckName:            "NutanixCredentials",
 			vmImageCheckCount:                  2,
 			vmImageKubernetesVersionCheckCount: 2,
 			storageContainerCheckCount:         2,
+			failureDomainCheckCount:            2,
 		},
 	}
 
@@ -119,6 +124,7 @@ func TestNutanixChecker_Init(t *testing.T) {
 			vmImageCheckCount := 0
 			storageContainerCheckCount := 0
 			vmImageKubernetesVersionCheckCount := 0
+			failureDomainCheckCount := 0
 
 			checker.configurationCheckFactory = func(cd *checkDependencies) preflight.Check {
 				configCheckCalled = true
@@ -188,6 +194,22 @@ func TestNutanixChecker_Init(t *testing.T) {
 				return checks
 			}
 
+			checker.failureDomainCheckFactory = func(cd *checkDependencies) []preflight.Check {
+				checks := []preflight.Check{}
+				for i := 0; i < tt.failureDomainCheckCount; i++ {
+					failureDomainCheckCount++
+					checks = append(checks,
+						&mockCheck{
+							name: fmt.Sprintf("NutanixFailureDomain-%d", i),
+							result: preflight.CheckResult{
+								Allowed: true,
+							},
+						},
+					)
+				}
+				return checks
+			}
+
 			// Call Init
 			ctx := context.Background()
 			checks := checker.Init(ctx, nil, &clusterv1.Cluster{
@@ -210,6 +232,12 @@ func TestNutanixChecker_Init(t *testing.T) {
 				storageContainerCheckCount,
 				"Wrong number of storage container checks",
 			)
+			assert.Equal(
+				t,
+				tt.failureDomainCheckCount,
+				failureDomainCheckCount,
+				"Wrong number of failure domain checks",
+			)
 
 			// Verify the first two checks when we have results
 			if len(checks) >= 2 {
diff --git a/pkg/webhook/preflight/nutanix/clients.go b/pkg/webhook/preflight/nutanix/clients.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 
 	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	netv4 "github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4/models/networking/v4/config"
 	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
 
 	prismgoclient "github.com/nutanix-cloud-native/prism-go-client"
@@ -48,6 +49,16 @@ type client interface {
 		select_ *string,
 		args ...map[string]interface{},
 	) (*clustermgmtv4.ListStorageContainersApiResponse, error)
+	GetSubnetById(id *string) (*netv4.GetSubnetApiResponse, error)
+	ListSubnets(
+		page_ *int,
+		limit_ *int,
+		filter_ *string,
+		orderby_ *string,
+		expand_ *string,
+		select_ *string,
+		args ...map[string]interface{},
+	) (*netv4.ListSubnetsApiResponse, error)
 }
 
 // clientWrapper implements the client interface and wraps both v3 and v4 clients.
@@ -163,3 +174,35 @@ func (c *clientWrapper) ListStorageContainers(
 	}
 	return resp, nil
 }
+
+func (c *clientWrapper) GetSubnetById(id *string) (*netv4.GetSubnetApiResponse, error) {
+	resp, err := c.v4client.SubnetsApiInstance.GetSubnetById(id)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (c *clientWrapper) ListSubnets(
+	page_ *int,
+	limit_ *int,
+	filter_ *string,
+	orderby_ *string,
+	expand_ *string,
+	select_ *string,
+	args ...map[string]interface{},
+) (*netv4.ListSubnetsApiResponse, error) {
+	resp, err := c.v4client.SubnetsApiInstance.ListSubnets(
+		page_,
+		limit_,
+		filter_,
+		orderby_,
+		expand_,
+		select_,
+		args...,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
diff --git a/pkg/webhook/preflight/nutanix/clients_test.go b/pkg/webhook/preflight/nutanix/clients_test.go
@@ -7,6 +7,7 @@ import (
 	"context"
 
 	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	netv4 "github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4/models/networking/v4/config"
 	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
 
 	prismv3 "github.com/nutanix-cloud-native/prism-go-client/v3"
@@ -57,6 +58,18 @@ type mocknclient struct {
 		select_ *string,
 		args ...map[string]interface{},
 	) (*clustermgmtv4.ListStorageContainersApiResponse, error)
+
+	GetSubnetByIdFunc func(id *string) (*netv4.GetSubnetApiResponse, error)
+
+	ListSubnetsFunc func(
+		page_ *int,
+		limit_ *int,
+		filter_ *string,
+		orderby_ *string,
+		expand_ *string,
+		select_ *string,
+		args ...map[string]interface{},
+	) (*netv4.ListSubnetsApiResponse, error)
 }
 
 func (m *mocknclient) GetCurrentLoggedInUser(ctx context.Context) (*prismv3.UserIntentResponse, error) {
@@ -94,3 +107,19 @@ func (m *mocknclient) ListStorageContainers(
 ) (*clustermgmtv4.ListStorageContainersApiResponse, error) {
 	return m.listStorageContainersFunc(page, limit, filter, orderby, select_, args...)
 }
+
+func (m *mocknclient) GetSubnetById(id *string) (*netv4.GetSubnetApiResponse, error) {
+	return m.GetSubnetByIdFunc(id)
+}
+
+func (m *mocknclient) ListSubnets(
+	page_ *int,
+	limit_ *int,
+	filter_ *string,
+	orderby_ *string,
+	expand_ *string,
+	select_ *string,
+	args ...map[string]interface{},
+) (*netv4.ListSubnetsApiResponse, error) {
+	return m.ListSubnetsFunc(page_, limit_, filter_, orderby_, expand_, select_, args...)
+}
diff --git a/pkg/webhook/preflight/nutanix/failuredomain.go b/pkg/webhook/preflight/nutanix/failuredomain.go
diff --git a/pkg/webhook/preflight/nutanix/failuredomain_test.go b/pkg/webhook/preflight/nutanix/failuredomain_test.go
