feat(preflight): Storage container checks for Nutanix

Add pre-flight checks to ensure the storage container mentioned in
CSI Provider storage class config parameters is present in all
relevant AOS clusters i.e. control plane and workers.

Author: thunderboltsid

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api v0.0.0-00010101000000-000000000000
 	github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common v0.7.0
-	github.com/nutanix-cloud-native/prism-go-client v0.5.1
+	github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef
 	github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2
 	github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1
 	github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1
@@ -93,7 +93,7 @@ require (
 	github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
@@ -111,7 +111,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 // indirect
 	github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect

go.sum

@@ -131,14 +131,12 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
@@ -188,16 +186,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1 h1:ykiXPCILzEMORHz7XvI8KXNomChsdLIpOAlT/YqBCmo=
-github.com/nutanix-cloud-native/prism-go-client v0.5.1/go.mod h1:QhLX+sEep0cStzHVYU6mPgIlnA8U3DySskagrbDprRk=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef h1:fwURB6RMZ8Tzk9fVjYutS/TG5Tm2gYCsLWbgQSkyjnQ=
+github.com/nutanix-cloud-native/prism-go-client v0.5.2-0.20250527140144-d12ef75a05ef/go.mod h1:N/O9fz5fimjb30RxlPbKbGs/Z2lqMgDqrb6CrsZvQrA=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2 h1:s1u5/GEw3mTZakepJoTD1OvPVU1YuioRxmKZin+W99s=
 github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2/go.mod h1:sd4Fnk6MVfEDVY+8WyRoQTmLhi2SgZ3riySWErVHf8E=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1 h1:PvZQwYhhJtxmzLpnzEhHTpp2fV6woc6W65PHGsHzVfs=
 github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1/go.mod h1:+eZgV1+xL/r84qmuFSVt5R8OFRO70rEz92jOnVgJNco=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1 h1:hvy3QCc2SgVidYxTq0rRPOazJOt1PP8A86kW7j6sywU=
 github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1/go.mod h1:Yhk+xD4mN90OKEHnk5ARf97CX5p4+MEC/B/YIVoZeZ0=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 h1:K3I9YtqKcKKxSL4+tcxnFeLOoaptiVlpsOJ9Xzq3shM=
-github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3/go.mod h1:kz3gO87xtWnPOCP2kN7yw5LvCDVRnvg8BOWL7CarqXA=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1 h1:XuTRvYu1kiNjdXOYVwyjhKlFWyo9nMit6GsOYV8+5Cg=
 github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1/go.mod h1:CaWm4GFpAjQQDc6YXl/dUDrHpuW54h8j6Cj7EslE4Qk=
 github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 h1:VJSaQDnnYeNEk1mkQqEbt573OdM62+5s/B0e9kszdas=
@@ -261,7 +257,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=

pkg/webhook/preflight/nutanix/checker.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 
+	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 

pkg/webhook/preflight/nutanix/storagecontainer.go

@@ -0,0 +1,209 @@
+package nutanix
+
+import (
+	"context"
+	"fmt"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
+	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
+	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	"k8s.io/utils/ptr"
+)
+
+// StorageContainers checks if the storage container specified in the CSIProvider's StorageClassConfigs exists
+// in the Nutanix cluster specified in the NutanixNodeSpec.
+func (n *Checker) StorageContainers(ctx context.Context) preflight.CheckResult {
+	result := preflight.CheckResult{
+		Name:    "StorageContainers",
+		Allowed: true,
+	}
+
+	// Check control plane VM image.
+	clusterConfig, err := n.variablesGetter.ClusterConfig()
+	if err != nil {
+		result.Error = true
+		result.Allowed = false
+		result.Causes = append(result.Causes, preflight.Cause{
+			Message: fmt.Sprintf("failed to read clusterConfig variable: %s", err),
+			Field:   "cluster.spec.topology.variables",
+		})
+	}
+
+	// If the clusterConfig is nil or does not have Addons or CSI, we do not have to check for storage containers.
+	if clusterConfig == nil || clusterConfig.Addons == nil || clusterConfig.Addons.CSI == nil {
+		return result
+	}
+
+	csiProvider := ptr.To(clusterConfig.Addons.CSI.Providers["nutanix"])
+	// If the CSIProvider is nil, we cannot check for storage containers.
+	if csiProvider == nil {
+		return result
+	}
+
+	if clusterConfig.ControlPlane != nil && clusterConfig.ControlPlane.Nutanix != nil {
+		n.storageContainerCheck(
+			ctx,
+			clusterConfig.ControlPlane.Nutanix,
+			csiProvider,
+			"cluster.spec.topology.variables[.name=clusterConfig].controlPlane.nutanix",
+			&result,
+		)
+	}
+
+	// Check worker VM images.
+	if n.cluster.Spec.Topology.Workers != nil {
+		for _, md := range n.cluster.Spec.Topology.Workers.MachineDeployments {
+			workerConfig, err := n.variablesGetter.WorkerConfigForMachineDeployment(md)
+			if err != nil {
+				result.Error = true
+				result.Causes = append(result.Causes, preflight.Cause{
+					Message: fmt.Sprintf("failed to read workerConfig variable: %s", err),
+					Field: fmt.Sprintf(
+						"cluster.spec.topology.workers.machineDeployments[.name=%s].variables.overrides",
+						md.Name,
+					),
+				})
+			}
+			if workerConfig != nil && workerConfig.Nutanix != nil {
+				n.storageContainerCheck(
+					ctx,
+					workerConfig.Nutanix,
+					csiProvider,
+					fmt.Sprintf(
+						"workers.machineDeployments[.name=%s].variables.overrides[.name=workerConfig].value.nutanix",
+						md.Name,
+					),
+					&result,
+				)
+			}
+		}
+	}
+
+	return result
+}
+
+// storageContainerCheck checks if the storage container specified in the CSIProvider's StorageClassConfigs exists.
+// It admits the NodeSpec instead of the MachineDetails because the failure domains will be specified in the NodeSpec
+// and the MachineDetails.Cluster will be nil in that case.
+func (n *Checker) storageContainerCheck(ctx context.Context, nodeSpec *carenv1.NutanixNodeSpec, csiSpec *carenv1.CSIProvider, field string, result *preflight.CheckResult) {
+	const (
+		csiParameterKeyStorageContainer = "storageContainer"
+	)
+
+	if csiSpec == nil {
+		result.Allowed = false
+		result.Error = true
+		result.Causes = append(result.Causes, preflight.Cause{
+			Message: fmt.Sprintf("no storage container found for cluster %q", nodeSpec.MachineDetails.Cluster.Name),
+			Field:   field,
+		})
+
+		return
+	}
+
+	if csiSpec.StorageClassConfigs == nil {
+		result.Allowed = false
+		result.Causes = append(result.Causes, preflight.Cause{
+			Message: fmt.Sprintf("no storage class configs found for cluster %q", nodeSpec.MachineDetails.Cluster.Name),
+			Field:   field,
+		})
+
+		return
+	}
+
+	for _, storageClassConfig := range csiSpec.StorageClassConfigs {
+		if storageClassConfig.Parameters == nil {
+			continue
+		}
+
+		storageContainer, ok := storageClassConfig.Parameters[csiParameterKeyStorageContainer]
+		if !ok {
+			continue
+		}
+
+		// TODO: check if cluster name is set, if not use uuid. If neither is set, use the cluster name from the NodeSpec failure domain.
+		if _, err := getStorageContainer(n.nutanixClient, nodeSpec, storageContainer); err != nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes, preflight.Cause{
+				Message: fmt.Sprintf("failed to check if storage container named %q exists: %s", storageContainer, err),
+				Field:   field,
+			})
+
+			return
+		}
+	}
+}
+
+func getStorageContainer(client *prismv4.Client, nodeSpec *carenv1.NutanixNodeSpec, storageContainerName string) (*clustermgmtv4.StorageContainer, error) {
+	cluster, err := getCluster(client, &nodeSpec.MachineDetails.Cluster)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get cluster: %w", err)
+	}
+
+	fltr := fmt.Sprintf("name eq '%s' and clusterExtId eq '%s'", storageContainerName, cluster.ExtId)
+	resp, err := client.StorageContainerAPI.ListStorageContainers(nil, nil, &fltr, nil, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list storage containers: %w", err)
+	}
+
+	containers, ok := resp.GetData().([]clustermgmtv4.StorageContainer)
+	if !ok {
+		return nil, fmt.Errorf("failed to get data returned by ListStorageContainers(filter=%q)", fltr)
+	}
+
+	if len(containers) == 0 {
+		return nil, fmt.Errorf("no storage container named %q found on cluster named %q", storageContainerName, cluster.Name)
+	}
+
+	if len(containers) > 1 {
+		return nil, fmt.Errorf("multiple storage containers found with name %q on cluster %q", storageContainerName, cluster.Name)
+	}
+
+	return ptr.To(containers[0]), nil
+}
+
+func getCluster(client *prismv4.Client, clusterIdentifier *v1beta1.NutanixResourceIdentifier) (*clustermgmtv4.Cluster, error) {
+	switch clusterIdentifier.Type {
+	case v1beta1.NutanixIdentifierUUID:
+		resp, err := client.ClustersApiInstance.GetClusterById(clusterIdentifier.UUID)
+		if err != nil {
+			return nil, err
+		}
+
+		cluster, ok := resp.GetData().(clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by GetClusterById")
+		}
+
+		return &cluster, nil
+	case v1beta1.NutanixIdentifierName:
+		filter := fmt.Sprintf("name eq '%s'", *clusterIdentifier.Name)
+		resp, err := client.ClustersApiInstance.ListClusters(nil, nil, &filter, nil, nil, nil)
+		if err != nil {
+			return nil, err
+		}
+
+		if resp == nil || resp.GetData() == nil {
+			return nil, fmt.Errorf("no clusters were returned")
+		}
+
+		clusters, ok := resp.GetData().([]clustermgmtv4.Cluster)
+		if !ok {
+			return nil, fmt.Errorf("failed to get data returned by ListClusters")
+		}
+
+		if len(clusters) == 0 {
+			return nil, fmt.Errorf("no clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		if len(clusters) > 1 {
+			return nil, fmt.Errorf("multiple clusters found with name %q", *clusterIdentifier.Name)
+		}
+
+		return &clusters[0], nil
+	default:
+		return nil, fmt.Errorf("cluster identifier is missing both name and uuid")
+	}
+}