feat: adds a generic checker package with registry and mirror checks (#1186)

**What problem does this PR solve?**:
https://jira.nutanix.com/browse/NCN-107573
https://jira.nutanix.com/browse/NCN-105405

**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->

Author: faiq

cmd/main.go

@@ -43,6 +43,7 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/addons"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/cluster"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+	preflightgeneric "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight/generic"
 	preflightnutanix "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight/nutanix"
 )
 
@@ -246,6 +247,7 @@ func main() {
 		Handler: preflight.New(mgr.GetClient(), admission.NewDecoder(mgr.GetScheme()),
 			[]preflight.Checker{
 				// Add your preflight checkers here.
+				preflightgeneric.Checker,
 				preflightnutanix.Checker,
 			}...,
 		),

go.mod

@@ -28,6 +28,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/pkg/errors v0.9.1
+	github.com/regclient/regclient v0.8.3
 	github.com/samber/lo v1.51.0
 	github.com/spf13/pflag v1.0.6
 	github.com/stretchr/testify v1.10.0
@@ -73,6 +74,7 @@ require (
 	github.com/docker/docker v28.0.2+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
 	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
@@ -111,6 +113,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -145,6 +148,7 @@ require (
 	github.com/spf13/viper v1.20.0 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect

go.sum

@@ -73,6 +73,8 @@ github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
+github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 h1:7QPwrLT79GlD5sizHf27aoY2RTvw62mO6x7mxkScNk0=
 github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46/go.mod h1:esf2rsHFNlZlxsqsZDojNBcnNs5REqIvRrWRHqX0vEU=
 github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
@@ -192,6 +194,8 @@ github.com/keploy/go-sdk v0.9.0 h1:kpSNcCTDdELsa1gWyhoD9oV57SgSMbG/wq6Cjp4y7cY=
 github.com/keploy/go-sdk v0.9.0/go.mod h1:vNKXoFd2MaK+Gly/K6XeP1Hs9dP834C74szH+vtBPwg=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -241,6 +245,8 @@ github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 h1
 github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1/go.mod h1:Z+RKLwsHYxAcFbZPy2ft3QAK9kBPt9bQdqXSp7eYWkY=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/olareg/olareg v0.1.2 h1:75G8X6E9FUlzL/CSjgFcYfMgNzlc7CxULpUUNsZBIvI=
+github.com/olareg/olareg v0.1.2/go.mod h1:TWs+N6pO1S4bdB6eerzUm/ITRQ6kw91mVf9ZYeGtw+Y=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
@@ -270,6 +276,8 @@ github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G
 github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/regclient/regclient v0.8.3 h1:AFAPu/vmOYGyY22AIgzdBUKbzH+83lEpRioRYJ/reCs=
+github.com/regclient/regclient v0.8.3/go.mod h1:gjQh5uBVZoo/CngchghtQh9Hx81HOMKRRDd5WPcPkbk=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
 github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -310,6 +318,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=

pkg/webhook/preflight/generic/checker.go

@@ -0,0 +1,54 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+package generic
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+)
+
+var Checker = &genericChecker{
+	registryCheckFactory:      newRegistryCheck,
+	configurationCheckFactory: newConfigurationCheck,
+}
+
+type genericChecker struct {
+	configurationCheckFactory func(
+		cd *checkDependencies,
+	) preflight.Check
+	registryCheckFactory func(
+		cd *checkDependencies,
+	) []preflight.Check
+}
+
+type checkDependencies struct {
+	kclient                  ctrlclient.Client
+	cluster                  *clusterv1.Cluster
+	genericClusterConfigSpec *carenv1.GenericClusterConfigSpec
+	log                      logr.Logger
+}
+
+func (g *genericChecker) Init(
+	ctx context.Context,
+	kclient ctrlclient.Client,
+	cluster *clusterv1.Cluster,
+) []preflight.Check {
+	cd := &checkDependencies{
+		kclient: kclient,
+		cluster: cluster,
+		log:     ctrl.LoggerFrom(ctx).WithName("preflight/generic"),
+	}
+	checks := []preflight.Check{
+		// The configuration check must run first, because it initializes data used by all other checks.
+		g.configurationCheckFactory(cd),
+	}
+	checks = append(checks, g.registryCheckFactory(cd)...)
+	return checks
+}

pkg/webhook/preflight/generic/registry.go

@@ -0,0 +1,192 @@
+// Copyright 2025 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package generic
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/go-logr/logr"
+	"github.com/regclient/regclient"
+	"github.com/regclient/regclient/config"
+	"github.com/regclient/regclient/types/ping"
+	"github.com/regclient/regclient/types/ref"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+)
+
+var registryMirrorVarPath = "cluster.spec.topology.variables[.name=clusterConfig].value.globalImageRegistryMirror"
+
+type registryCheck struct {
+	field                 string
+	kclient               ctrlclient.Client
+	cluster               *clusterv1.Cluster
+	regClientPingerGetter regClientPingerFactory
+	log                   logr.Logger
+
+	registryURL string
+	credentials *carenv1.RegistryCredentials
+}
+
+func (r *registryCheck) Name() string {
+	return "RegistryCredentials"
+}
+
+func (r *registryCheck) Run(ctx context.Context) preflight.CheckResult {
+	return r.checkRegistry(
+		ctx,
+		r.registryURL,
+		r.credentials,
+		r.regClientPingerGetter,
+	)
+}
+
+type regClientPinger interface {
+	Ping(context.Context, ref.Ref) (ping.Result, error)
+}
+
+type regClientPingerFactory func(...regclient.Opt) regClientPinger
+
+func defaultRegClientGetter(opts ...regclient.Opt) regClientPinger {
+	return regclient.New(opts...)
+}
+
+func pingFailedReasonString(registryURL string, err error) string {
+	return fmt.Sprintf("failed to ping registry %s with err: %s", registryURL, err.Error())
+}
+
+func (r *registryCheck) checkRegistry(
+	ctx context.Context,
+	registryURL string,
+	credentials *carenv1.RegistryCredentials,
+	regClientGetter regClientPingerFactory,
+) preflight.CheckResult {
+	result := preflight.CheckResult{
+		Allowed: false,
+	}
+	if r.registryURL == "" {
+		result.Allowed = true
+		return result
+	}
+	registryURLParsed, err := url.ParseRequestURI(registryURL)
+	if err != nil {
+		result.Allowed = false
+		result.Error = true
+		result.Causes = append(result.Causes,
+			preflight.Cause{
+				Message: fmt.Sprintf("failed to parse registry url %s with error : %s", registryURL, err),
+				Field:   registryMirrorVarPath,
+			},
+		)
+		return result
+	}
+	mirrorHost := config.Host{
+		Name: registryURLParsed.Host,
+	}
+	if credentials != nil && credentials.SecretRef != nil {
+		mirrorCredentialsSecret := &corev1.Secret{}
+		err := r.kclient.Get(
+			ctx,
+			types.NamespacedName{
+				Namespace: r.cluster.Namespace,
+				Name:      credentials.SecretRef.Name,
+			},
+			mirrorCredentialsSecret,
+		)
+		if err != nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes,
+				preflight.Cause{
+					Message: fmt.Sprintf("failed to get Registry credentials Secret: %s", err),
+					Field:   fmt.Sprintf("%s.credentials.secretRef", registryMirrorVarPath),
+				},
+			)
+			return result
+		}
+		username, ok := mirrorCredentialsSecret.Data["username"]
+		if ok {
+			mirrorHost.User = string(username)
+		}
+		password, ok := mirrorCredentialsSecret.Data["password"]
+		if ok {
+			mirrorHost.Pass = string(password)
+		}
+		if caCert, ok := mirrorCredentialsSecret.Data["ca.crt"]; ok {
+			mirrorHost.RegCert = string(caCert)
+		}
+	}
+	rc := regClientGetter(
+		regclient.WithConfigHost(mirrorHost),
+		regclient.WithUserAgent("regclient/example"),
+	)
+	mirrorRef, err := ref.NewHost(registryURLParsed.Host)
+	if err != nil {
+		result.Allowed = false
+		result.Error = true
+		result.Causes = append(result.Causes,
+			preflight.Cause{
+				Message: fmt.Sprintf("failed to create a client to verify registry configuration %s", err.Error()),
+				Field:   registryMirrorVarPath,
+			},
+		)
+		return result
+	}
+	_, err = rc.Ping(ctx, mirrorRef) // ping will return an error for anything that's not 200
+	if err != nil {
+		result.Allowed = false
+		result.Causes = append(result.Causes,
+			preflight.Cause{
+				Message: pingFailedReasonString(registryURL, err),
+				Field:   registryMirrorVarPath,
+			},
+		)
+		return result
+	}
+	result.Allowed = true
+	result.Error = false
+	return result
+}
+
+func newRegistryCheck(
+	cd *checkDependencies,
+) []preflight.Check {
+	checks := []preflight.Check{}
+	if cd.genericClusterConfigSpec != nil &&
+		cd.genericClusterConfigSpec.GlobalImageRegistryMirror != nil {
+		checks = append(checks, &registryCheck{
+			field:                 "cluster.spec.topology.variables[.name=clusterConfig].value.globalImageRegistryMirror",
+			kclient:               cd.kclient,
+			cluster:               cd.cluster,
+			regClientPingerGetter: defaultRegClientGetter,
+			log:                   cd.log,
+			registryURL:           cd.genericClusterConfigSpec.GlobalImageRegistryMirror.DeepCopy().URL,
+			credentials:           cd.genericClusterConfigSpec.GlobalImageRegistryMirror.DeepCopy().Credentials,
+		})
+	}
+	if cd.genericClusterConfigSpec != nil && len(cd.genericClusterConfigSpec.ImageRegistries) > 0 {
+		for i := range cd.genericClusterConfigSpec.ImageRegistries {
+			registry := cd.genericClusterConfigSpec.ImageRegistries[i]
+			checks = append(checks, &registryCheck{
+				field: fmt.Sprintf(
+					"cluster.spec.topology.variables[.name=clusterConfig].value.imageRegistries[%d]",
+					i,
+				),
+				kclient:               cd.kclient,
+				cluster:               cd.cluster,
+				regClientPingerGetter: defaultRegClientGetter,
+				log:                   cd.log,
+				registryURL:           registry.DeepCopy().URL,
+				credentials:           registry.DeepCopy().Credentials,
+			})
+		}
+	}
+	return checks
+}