Factor credentials out from client initialization

Author: dlipovetsky

pkg/webhook/preflight/nutanix/checker.go

@@ -12,16 +12,18 @@ import (
 
 	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
 
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
-	preflightutil "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight/util"
 )
 
 type Checker struct {
-	client  ctrlclient.Client
-	cluster *clusterv1.Cluster
-
-	nutanixClient   *prismv4.Client
-	variablesGetter *preflightutil.VariablesGetter
+	client                                 ctrlclient.Client
+	cluster                                *clusterv1.Cluster
+	nutanixSpec                            *carenv1.NutanixSpec
+	nutanixControlPlaneNodeSpec            *carenv1.NutanixNodeSpec
+	nutanixNodeSpecByMachineDeploymentName map[string]*carenv1.NutanixNodeSpec
+	v4client                               *prismv4.Client
 }
 
 func (n *Checker) Init(
@@ -31,49 +33,114 @@ func (n *Checker) Init(
 ) []preflight.Check {
 	n.client = client
 	n.cluster = cluster
-	n.variablesGetter = preflightutil.NewVariablesGetter(cluster)
 
-	// Initialize the Nutanix client. If it fails, return a check that indicates the error.
-	clusterConfig, err := n.variablesGetter.ClusterConfig()
+	var err error
+
+	n.nutanixSpec, n.nutanixControlPlaneNodeSpec, n.nutanixNodeSpecByMachineDeploymentName, err = getData(cluster)
 	if err != nil {
 		return []preflight.Check{
-			func(ctx context.Context) preflight.CheckResult {
-				return preflight.CheckResult{
-					Name:    "NutanixClientInitialization",
-					Allowed: false,
-					Error:   true,
-					Causes: []preflight.Cause{
-						{
-							Message: fmt.Sprintf("failed to read clusterConfig variable: %s", err),
-							Field:   "cluster.spec.topology.variables",
-						},
-					},
-				}
-			},
+			errorCheck("TBD", "TBD"),
 		}
 	}
 
-	n.nutanixClient, err = v4client(ctx, client, cluster, clusterConfig.Nutanix)
-	// TODO Verify the credentials by making a users API call.
+	credentials, err := getCredentials(ctx, client, cluster, n.nutanixSpec)
 	if err != nil {
 		return []preflight.Check{
+			errorCheck(
+				fmt.Sprintf("failed to get Nutanix credentials: %s", err),
+				"cluster.spec.topology.variables[.name=clusterConfig].nutanix.prismCentralEndpoint.credentials",
+			),
+		}
+	}
+
+	n.v4client, err = v4client(credentials, n.nutanixSpec)
+	if err != nil {
+		return []preflight.Check{
+			errorCheck(
+				fmt.Sprintf("failed to initialize Nutanix v4 client: %s", err),
+				"cluster.spec.topology.variables[.name=clusterConfig].nutanix",
+			),
+		}
+	}
+
+	// Initialize checks.
+	checks := []preflight.Check{}
+	if n.nutanixControlPlaneNodeSpec != nil {
+		checks = append(checks,
+			func(ctx context.Context) preflight.CheckResult {
+				return n.vmImageCheckForMachineDetails(
+					&n.nutanixControlPlaneNodeSpec.MachineDetails,
+					"cluster.spec.topology[.name=clusterConfig].value.controlPlane.nutanix.machineDetails",
+				)
+			},
+		)
+	}
+	for mdName, nodeSpec := range n.nutanixNodeSpecByMachineDeploymentName {
+		checks = append(checks,
 			func(ctx context.Context) preflight.CheckResult {
-				return preflight.CheckResult{
-					Name:    "NutanixClientInitialization",
-					Allowed: false,
-					Error:   true,
-					Causes: []preflight.Cause{
-						{
-							Message: fmt.Sprintf("failed to initialize Nutanix client: %s", err),
-							Field:   "cluster.spec.topology.variables[.name=clusterConfig].nutanix",
-						},
-					},
-				}
+				return n.vmImageCheckForMachineDetails(
+					&nodeSpec.MachineDetails,
+					fmt.Sprintf(
+						"cluster.spec.topology.workers.machineDeployments[.name=%s]"+
+							".overrides[.name=workerConfig].value.nutanix.machineDetails",
+						mdName,
+					),
+				)
+			},
+		)
+	}
+	return checks
+}
+
+func errorCheck(msg, field string) preflight.Check {
+	return func(ctx context.Context) preflight.CheckResult {
+		return preflight.CheckResult{
+			Name:    "Nutanix",
+			Allowed: false,
+			Error:   true,
+			Causes: []preflight.Cause{
+				{
+					Message: msg,
+					Field:   field,
+				},
 			},
 		}
 	}
+}
+
+func getData(
+	cluster *clusterv1.Cluster,
+) (*carenv1.NutanixSpec, *carenv1.NutanixNodeSpec, map[string]*carenv1.NutanixNodeSpec, error) {
+	nutanixSpec := &carenv1.NutanixSpec{}
+	controlPlaneNutanixNodeSpec := &carenv1.NutanixNodeSpec{}
+	nutanixNodeSpecByMachineDeploymentName := make(map[string]*carenv1.NutanixNodeSpec)
 
-	return []preflight.Check{
-		n.VMImages,
+	clusterConfig, err := variables.UnmarshalClusterConfigVariable(cluster.Spec.Topology.Variables)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("failed to unmarshal .variables[.name=clusterConfig]: %w", err)
 	}
+	if clusterConfig != nil && clusterConfig.Nutanix != nil {
+		nutanixSpec = clusterConfig.Nutanix
+	}
+
+	if clusterConfig.ControlPlane != nil && clusterConfig.ControlPlane.Nutanix != nil {
+		controlPlaneNutanixNodeSpec = clusterConfig.ControlPlane.Nutanix
+	}
+
+	if cluster.Spec.Topology.Workers != nil {
+		for _, md := range cluster.Spec.Topology.Workers.MachineDeployments {
+			workerConfig, err := variables.UnmarshalWorkerConfigVariable(md.Variables.Overrides)
+			if err != nil {
+				return nil, nil, nil, fmt.Errorf(
+					"failed to unmarshal .variables[.name=workerConfig] for machine deployment %s: %w",
+					md.Name, err,
+				)
+			}
+			if workerConfig != nil && workerConfig.Nutanix != nil {
+				nutanixNodeSpecByMachineDeploymentName[md.Name] = workerConfig.Nutanix
+			}
+		}
+	}
+
+	return nutanixSpec, controlPlaneNutanixNodeSpec, nutanixNodeSpecByMachineDeploymentName, nil
 }

pkg/webhook/preflight/nutanix/client.go

@@ -1,69 +1,31 @@
 package nutanix
 
 import (
-	"context"
 	"fmt"
 
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/types"
-	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
-	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
-
 	prism "github.com/nutanix-cloud-native/prism-go-client"
-	prismcredentials "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
+	prismtypes "github.com/nutanix-cloud-native/prism-go-client/environment/types"
 	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
 
 	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
 )
 
-func v4client(ctx context.Context,
-	client ctrlclient.Client,
-	cluster *clusterv1.Cluster,
+func v4client(
+	credentials *prismtypes.ApiCredentials,
 	nutanixSpec *carenv1.NutanixSpec,
 ) (
 	*prismv4.Client,
 	error,
 ) {
-	if nutanixSpec == nil {
-		return nil, fmt.Errorf("nutanixSpec is nil")
-	}
-
-	if nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name == "" {
-		return nil, fmt.Errorf("prism Central credentials reference SecretRef.Name has no value")
-	}
-
-	credentialsSecret := &corev1.Secret{}
-	if err := client.Get(
-		ctx,
-		types.NamespacedName{
-			Namespace: cluster.Namespace,
-			Name:      nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name,
-		},
-		credentialsSecret,
-	); err != nil {
-		return nil, fmt.Errorf("failed to get Prism Central credentials Secret: %w", err)
-	}
-
-	// Get username and password
-	credentials, err := prismcredentials.ParseCredentials(credentialsSecret.Data["credentials"])
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse Prism Central credentials from Secret: %w", err)
-	}
-
 	host, port, err := nutanixSpec.PrismCentralEndpoint.ParseURL()
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse Prism Central endpoint: %w", err)
 	}
 
-	nutanixClient, err := prismv4.NewV4Client(prism.Credentials{
+	return prismv4.NewV4Client(prism.Credentials{
 		Endpoint: fmt.Sprintf("%s:%d", host, port),
 		Username: credentials.Username,
 		Password: credentials.Password,
 		Insecure: nutanixSpec.PrismCentralEndpoint.Insecure,
 	})
-	if err != nil {
-		return nil, fmt.Errorf("failed to create Prism V4 client: %w", err)
-	}
-
-	return nutanixClient, nil
 }

pkg/webhook/preflight/nutanix/credentials.go

@@ -0,0 +1,61 @@
+package nutanix
+
+import (
+	"context"
+	"fmt"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	prismcredentials "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
+	prismtypes "github.com/nutanix-cloud-native/prism-go-client/environment/types"
+
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+)
+
+const credentialsSecretDataKey = "credentials"
+
+func getCredentials(
+	ctx context.Context,
+	client ctrlclient.Client,
+	cluster *clusterv1.Cluster,
+	nutanixSpec *carenv1.NutanixSpec,
+) (*prismtypes.ApiCredentials, error) {
+	if nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name == "" {
+		return nil, fmt.Errorf("secretRef.name has no value")
+	}
+
+	credentialsSecret := &corev1.Secret{}
+	if err := client.Get(
+		ctx,
+		types.NamespacedName{
+			Namespace: cluster.Namespace,
+			Name:      nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name,
+		},
+		credentialsSecret,
+	); err != nil {
+		return nil, fmt.Errorf("failed to get Secret: %w", err)
+	}
+
+	if len(credentialsSecret.Data) == 0 {
+		return nil, fmt.Errorf(
+			"the Secret %s/%s has no data",
+			cluster.Namespace,
+			nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name,
+		)
+	}
+
+	data, ok := credentialsSecret.Data[credentialsSecretDataKey]
+	if !ok {
+		return nil, fmt.Errorf(
+			"the Secret %s/%s has no data for key %s",
+			cluster.Namespace,
+			nutanixSpec.PrismCentralEndpoint.Credentials.SecretRef.Name,
+			credentialsSecretDataKey,
+		)
+	}
+	// Get username and password
+	return prismcredentials.ParseCredentials(data)
+}