feat(preflight): Storage container checks for Nutanix

Add pre-flight checks to ensure the storage container mentioned in
CSI Provider storage class config parameters is present in all
relevant AOS clusters i.e. control plane and workers.

Author: thunderboltsid

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api v0.0.0-00010101000000-000000000000
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common v0.7.0
-	github.com/nutanix-cloud-native/prism-go-client v0.5.1
+	github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef
 	github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2
 	github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1
 	github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1
@@ -93,7 +93,7 @@ require (
 	github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
@@ -111,7 +111,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 // indirect
 	github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect

go.sum

@@ -131,14 +131,12 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
@@ -188,16 +186,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1 h1:ykiXPCILzEMORHz7XvI8KXNomChsdLIpOAlT/YqBCmo=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1/go.mod h1:QhLX+sEep0cStzHVYU6mPgIlnA8U3DySskagrbDprRk=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef h1:fwURB6RMZ8Tzk9fVjYutS/TG5Tm2gYCsLWbgQSkyjnQ=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef/go.mod h1:N/O9fz5fimjb30RxlPbKbGs/Z2lqMgDqrb6CrsZvQrA=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2 h1:s1u5/GEw3mTZakepJoTD1OvPVU1YuioRxmKZin+W99s=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2/go.mod h1:sd4Fnk6MVfEDVY+8WyRoQTmLhi2SgZ3riySWErVHf8E=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1 h1:PvZQwYhhJtxmzLpnzEhHTpp2fV6woc6W65PHGsHzVfs=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1/go.mod h1:+eZgV1+xL/r84qmuFSVt5R8OFRO70rEz92jOnVgJNco=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1 h1:hvy3QCc2SgVidYxTq0rRPOazJOt1PP8A86kW7j6sywU=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1/go.mod h1:Yhk+xD4mN90OKEHnk5ARf97CX5p4+MEC/B/YIVoZeZ0=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 h1:K3I9YtqKcKKxSL4+tcxnFeLOoaptiVlpsOJ9Xzq3shM=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3/go.mod h1:kz3gO87xtWnPOCP2kN7yw5LvCDVRnvg8BOWL7CarqXA=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1 h1:XuTRvYu1kiNjdXOYVwyjhKlFWyo9nMit6GsOYV8+5Cg=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1/go.mod h1:CaWm4GFpAjQQDc6YXl/dUDrHpuW54h8j6Cj7EslE4Qk=
 github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 h1:VJSaQDnnYeNEk1mkQqEbt573OdM62+5s/B0e9kszdas=
@@ -261,7 +257,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=

pkg/webhook/preflight/nutanix/checker.go

@@ -24,6 +24,7 @@ func (n *Checker) Init(
 	prismCentralEndpointSpec,
 		controlPlaneNutanixNodeSpec,
 		nutanixNodeSpecByMachineDeploymentName,
+		addonsSpec,
 		errCauses := specsFromCluster(cluster)
 	if len(errCauses) > 0 {
 		return initErrorCheck(errCauses...)
@@ -49,8 +50,13 @@ func (n *Checker) Init(
 				controlPlaneNutanixNodeSpec,
 				"cluster.spec.topology[.name=clusterConfig].value.controlPlane.nutanix",
 			),
+			newStorageContainerCheck(nv4client,
+				controlPlaneNutanixNodeSpec,
+				"cluster.spec.topology[.name=clusterConfig].value.controlPlane.nutanix",
+				addonsSpec),
 		)
 	}
+
 	for _, md := range cluster.Spec.Topology.Workers.MachineDeployments {
 		if nutanixNodeSpecByMachineDeploymentName[md.Name] == nil {
 			continue
@@ -64,8 +70,15 @@ func (n *Checker) Init(
 					md.Name,
 				),
 			),
+			newStorageContainerCheck(
+				nv4client,
+				controlPlaneNutanixNodeSpec,
+				"cluster.spec.topology.workers.machineDeployments[.name=%s].variables[.name=workerConfig].value.nutanix",
+				addonsSpec,
+			),
 		)
 	}
+
 	return checks
 }
 

pkg/webhook/preflight/nutanix/specs.go

@@ -19,15 +19,19 @@ func specsFromCluster(
 	*carenv1.NutanixPrismCentralEndpointSpec,
 	*carenv1.NutanixNodeSpec,
 	map[string]*carenv1.NutanixNodeSpec,
+	*variables.Addons,
 	[]preflight.Cause,
 ) {
-	var prismCentralEndpointSpec *carenv1.NutanixPrismCentralEndpointSpec
-	var controlPlaneNutanixNodeSpec *carenv1.NutanixNodeSpec
+	var (
+		prismCentralEndpointSpec    *carenv1.NutanixPrismCentralEndpointSpec
+		controlPlaneNutanixNodeSpec *carenv1.NutanixNodeSpec
+		addonsSpec                  *variables.Addons
+	)
 	nutanixNodeSpecByMachineDeploymentName := make(map[string]*carenv1.NutanixNodeSpec)
 
 	clusterConfig, err := variables.UnmarshalClusterConfigVariable(cluster.Spec.Topology.Variables)
 	if err != nil {
-		return nil, nil, nil, []preflight.Cause{
+		return nil, nil, nil, nil, []preflight.Cause{
 			{
 				Message: err.Error(),
 				Field:   "cluster.spec.topology.variables[.name=clusterConfig]",
@@ -43,6 +47,10 @@ func specsFromCluster(
 		controlPlaneNutanixNodeSpec = clusterConfig.ControlPlane.Nutanix
 	}
 
+	if clusterConfig.Addons != nil {
+		addonsSpec = clusterConfig.Addons
+	}
+
 	causes := []preflight.Cause{}
 	if cluster.Spec.Topology.Workers != nil {
 		for _, md := range cluster.Spec.Topology.Workers.MachineDeployments {
@@ -62,5 +70,11 @@ func specsFromCluster(
 			}
 		}
 	}
-	return prismCentralEndpointSpec, controlPlaneNutanixNodeSpec, nutanixNodeSpecByMachineDeploymentName, causes
+
+	// TODO: we should consider returning a struct instead
+	return prismCentralEndpointSpec,
+		controlPlaneNutanixNodeSpec,
+		nutanixNodeSpecByMachineDeploymentName,
+		addonsSpec,
+		causes
 }

pkg/webhook/preflight/nutanix/storagecontainer.go

@@ -0,0 +1,202 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package nutanix
+
+import (
+	"context"
+	"fmt"
+
+	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
+	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	"k8s.io/utils/ptr"
+
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+)
+
+func newStorageContainerCheck(
+	client *prismv4.Client,
+	nutanixNodeSpec *carenv1.NutanixNodeSpec,
+	nutanixNodeSpecField string,
+	addonsSpec *variables.Addons,
+) preflight.Check {
+	if nutanixNodeSpec == nil {
+		return func(ctx context.Context) preflight.CheckResult {
+			return preflight.CheckResult{
+				Name:    "NutanixStorageContainer",
+				Allowed: false,
+				Error:   true,
+				Causes: []preflight.Cause{
+					{
+						Message: "NutanixNodeSpec is missing",
+						Field:   nutanixNodeSpecField,
+					},
+				},
+			}
+		}
+	}
+
+	return func(ctx context.Context) preflight.CheckResult {
+		return storageContainerCheck(
+			client,
+			nutanixNodeSpec,
+			nutanixNodeSpecField,
+			ptr.To(addonsSpec.CSI.Providers["nutanix"]),
+		)
+	}
+}
+
+// storageContainerCheck checks if the storage container specified in the CSIProvider's StorageClassConfigs exists.
+// It admits the NodeSpec instead of the MachineDetails because the failure domains will be specified in the NodeSpec
+// and the MachineDetails.Cluster will be nil in that case.
+func storageContainerCheck(
+	nutanixClient *prismv4.Client,
+	nodeSpec *carenv1.NutanixNodeSpec,
+	field string,
+	csiSpec *carenv1.CSIProvider,
+) preflight.CheckResult {
+	const (
+		csiParameterKeyStorageContainer = "storageContainer"
+	)
+
+	result := &preflight.CheckResult{}
+	if csiSpec == nil {
+		result.Allowed = false
+		result.Error = true
+		result.Causes = append(result.Causes, preflight.Cause{
+			Message: fmt.Sprintf("no storage container found for cluster %q", *nodeSpec.MachineDetails.Cluster.Name),
+			Field:   field,
+		})
+
+		return *result
+	}
+
+	if csiSpec.StorageClassConfigs == nil {
+		result.Allowed = false
+		result.Causes = append(result.Causes, preflight.Cause{
+			Message: fmt.Sprintf(
+				"no storage class configs found for cluster %q",
+				*nodeSpec.MachineDetails.Cluster.Name,
+			),
+			Field: field,
+		})
+
+		return *result
+	}
+
+	for _, storageClassConfig := range csiSpec.StorageClassConfigs {
+		if storageClassConfig.Parameters == nil {
+			continue
+		}
+
+		storageContainer, ok := storageClassConfig.Parameters[csiParameterKeyStorageContainer]
+		if !ok {
+			continue
+		}
+
+		// TODO: check if cluster name is set, if not use uuid.
+		// If neither is set, use the cluster name from the NodeSpec failure domain.
+		if _, err := getStorageContainer(nutanixClient, nodeSpec, storageContainer); err != nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes, preflight.Cause{
+				Message: fmt.Sprintf("failed to check if storage container named %q exists: %s", storageContainer, err),
+				Field:   field,
+			})
+
+			return *result
+		}
+	}
+
+	return *result
+}
+
+func getStorageContainer(
+	client *prismv4.Client,
+	nodeSpec *carenv1.NutanixNodeSpec,
+	storageContainerName string,
+) (*clustermgmtv4.StorageContainer, error) {
+	cluster, err := getCluster(client, &nodeSpec.MachineDetails.Cluster)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get cluster: %w", err)
+	}
+
+	fltr := fmt.Sprintf("name eq %q and clusterExtId eq %q", storageContainerName, *cluster.ExtId)
+	resp, err := client.StorageContainerAPI.ListStorageContainers(nil, nil, &fltr, nil, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list storage containers: %w", err)
+	}
+
+	containers, ok := resp.GetData().([]clustermgmtv4.StorageContainer)
+	if !ok {
+		return nil, fmt.Errorf("failed to get data returned by ListStorageContainers(filter=%q)", fltr)
+	}
+
+	if len(containers) == 0 {
+		return nil, fmt.Errorf(
+			"no storage container named %q found on cluster named %q",
+			storageContainerName,
+			*cluster.Name,
+		)
+	}
+
+	if len(containers) > 1 {
+		return nil, fmt.Errorf(
+			"multiple storage containers found with name %q on cluster %q",
+			storageContainerName,
+			*cluster.Name,
+		)
+	}
+
+	return ptr.To(containers[0]), nil
+}
+
+func getCluster(
+	client *prismv4.Client,
+	clusterIdentifier *v1beta1.NutanixResourceIdentifier,
+) (*clustermgmtv4.Cluster, error) {
+	switch clusterIdentifier.Type {
+	case v1beta1.NutanixIdentifierUUID:
+		resp, err := client.ClustersApiInstance.GetClusterById(clusterIdentifier.UUID)
+		if err != nil {
+			return nil, err
+		}
+
+		cluster, ok := resp.GetData().(clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by GetClusterById")
+		}
+
+		return &cluster, nil
+	case v1beta1.NutanixIdentifierName:
+		filter := fmt.Sprintf("name eq '%s'", *clusterIdentifier.Name)
+		resp, err := client.ClustersApiInstance.ListClusters(nil, nil, &filter, nil, nil, nil)
+		if err != nil {
+			return nil, err
+		}
+
+		if resp == nil || resp.GetData() == nil {
+			return nil, fmt.Errorf("no clusters were returned")
+		}
+
+		clusters, ok := resp.GetData().([]clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by ListClusters")
+		}
+
+		if len(clusters) == 0 {
+			return nil, fmt.Errorf("no clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		if len(clusters) > 1 {
+			return nil, fmt.Errorf("multiple clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		return &clusters[0], nil
+	default:
+		return nil, fmt.Errorf("cluster identifier is missing both name and uuid")
+	}
+}