Implement single VM image check for control plane and workers

dlipovetsky · dlipovetsky · commit fc06a6c0a527 · 2025-05-27T13:43:53.000-07:00
diff --git a/go.mod b/go.mod
@@ -24,6 +24,7 @@ require (
 	github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4 v4.0.1-beta.2
 	github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4 v4.0.2-beta.1
 	github.com/nutanix/ntnx-api-golang-clients/prism-go-client/v4 v4.0.1-beta.1
+	github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/pkg/errors v0.9.1
@@ -111,7 +112,6 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nutanix/ntnx-api-golang-clients/storage-go-client/v4 v4.0.2-alpha.3 // indirect
-	github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4 v4.0.1-beta.1 // indirect
 	github.com/nutanix/ntnx-api-golang-clients/volumes-go-client/v4 v4.0.1-beta.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
diff --git a/pkg/webhook/preflight/nutanix/checker.go b/pkg/webhook/preflight/nutanix/checker.go
@@ -5,85 +5,34 @@ package nutanix
 
 import (
 	"context"
-	"fmt"
+	"sync"
 
+	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
-
-	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
-	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
 )
 
 type Checker struct {
 	client        ctrlclient.Client
 	nutanixClient *prismv4.Client
+	cluster       *clusterv1.Cluster
+
+	clientMutex sync.Mutex
 }
 
 func (n *Checker) Init(
 	ctx context.Context,
 	client ctrlclient.Client,
 	cluster *clusterv1.Cluster,
-) ([]preflight.Check, error) {
+) []preflight.Check {
 	n.client = client
+	n.cluster = cluster
 
-	clusterConfig, err := variables.UnmarshalClusterConfigVariable(cluster.Spec.Topology.Variables)
-	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshal topology variable %q: %w", carenv1.ClusterConfigVariableName, err)
-	}
-
-	if clusterConfig.Nutanix == nil {
-		return nil, fmt.Errorf("missing Nutanix configuration in cluster topology")
-	}
-
-	// Initialize Nutanix client from the credentials referenced by the cluster configuration.
-	n.nutanixClient, err = newV4Client(ctx, client, cluster.Namespace, clusterConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create Nutanix client: %w", err)
-	}
-
-	checks := []preflight.Check{}
-	if clusterConfig.ControlPlane != nil && clusterConfig.ControlPlane.Nutanix != nil {
-		checks = append(
-			checks,
-			n.VMImageCheck(
-				&clusterConfig.ControlPlane.Nutanix.MachineDetails,
-				"controlPlane.nutanix.machineDetails",
-			),
-		)
-	}
-
-	if cluster.Spec.Topology.Workers != nil {
-		for i, md := range cluster.Spec.Topology.Workers.MachineDeployments {
-			if md.Variables == nil {
-				continue
-			}
-
-			workerConfig, err := variables.UnmarshalWorkerConfigVariable(md.Variables.Overrides)
-			if err != nil {
-				return nil, fmt.Errorf(
-					"failed to unmarshal topology variable %q %d: %w",
-					carenv1.WorkerConfigVariableName,
-					i,
-					err,
-				)
-			}
-
-			if workerConfig.Nutanix == nil {
-				continue
-			}
-
-			n.VMImageCheck(
-				&workerConfig.Nutanix.MachineDetails,
-				fmt.Sprintf(
-					"workers.machineDeployments[.name=%s].variables.overrides[.name=workerConfig].value.nutanix.machineDetails",
-					md.Name,
-				),
-			)
-		}
+	checks := []preflight.Check{
+		n.VMImageCheck,
 	}
 
-	return checks, nil
+	return checks
 }
diff --git a/pkg/webhook/preflight/nutanix/client.go b/pkg/webhook/preflight/nutanix/client.go
@@ -4,26 +4,40 @@ import (
 	"context"
 	"fmt"
 
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/types"
-	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
-
 	prism "github.com/nutanix-cloud-native/prism-go-client"
 	prismcredentials "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
 	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	carenvariables "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
+	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
 )
 
-func newV4Client(
+func (n *Checker) v4client(
 	ctx context.Context,
 	client ctrlclient.Client,
 	clusterNamespace string,
-	clusterConfig *carenvariables.ClusterConfigSpec,
 ) (
 	*prismv4.Client,
 	error,
 ) {
+	n.clientMutex.Lock()
+	defer n.clientMutex.Unlock()
+	if n.nutanixClient != nil {
+		return n.nutanixClient, nil
+	}
+
+	clusterConfig, err := variables.UnmarshalClusterConfigVariable(n.cluster.Spec.Topology.Variables)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal cluster variable %q: %w", carenv1.ClusterConfigVariableName, err)
+	}
+
+	if clusterConfig.Nutanix == nil {
+		return nil, fmt.Errorf("missing Nutanix configuration in cluster topology")
+	}
+
 	if clusterConfig.Nutanix.PrismCentralEndpoint.Credentials.SecretRef.Name == "" {
 		return nil, fmt.Errorf("prism Central credentials reference SecretRef.Name has no value")
 	}
diff --git a/pkg/webhook/preflight/nutanix/image.go b/pkg/webhook/preflight/nutanix/image.go
@@ -4,45 +4,151 @@ import (
 	"context"
 	"fmt"
 
-	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
-
 	prismv4 "github.com/nutanix-cloud-native/prism-go-client/v4"
+	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	capxv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/variables"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
 )
 
-func (n *Checker) VMImageCheck(details *carenv1.NutanixMachineDetails, field string) preflight.Check {
-	return func(ctx context.Context) preflight.CheckResult {
-		result := preflight.CheckResult{
-			Allowed: true,
-			Field:   field,
+func (n *Checker) VMImageCheck(ctx context.Context) preflight.CheckResult {
+	result := preflight.CheckResult{
+		Allowed: true,
+	}
+
+	// Check control plane VM image.
+	clusterConfig, err := variables.UnmarshalClusterConfigVariable(n.cluster.Spec.Topology.Variables)
+	if err != nil {
+		result.Error = true
+		result.Causes = append(result.Causes, metav1.StatusCause{
+			Type: "VMImageCheck",
+			Message: fmt.Sprintf(
+				"failed to unmarshal topology variable %q: %s",
+				carenv1.ClusterConfigVariableName,
+				err,
+			),
+			Field: "cluster.spec.topology.variables",
+		})
+	} else if clusterConfig != nil {
+		if clusterConfig.ControlPlane == nil || clusterConfig.ControlPlane.Nutanix == nil {
+			result.Causes = append(result.Causes, metav1.StatusCause{
+				Type:    "VMImageCheck",
+				Message: "missing Nutanix configuration in cluster topology",
+				Field:   "cluster.spec.topology.controlPlane.nutanix",
+			})
 		}
 
-		if details.ImageLookup != nil {
-			result.Allowed = false
-			result.Message = "ImageLookup is not yet supported"
-			return result
+		n.vmImageCheckForMachineDetails(
+			ctx,
+			&clusterConfig.ControlPlane.Nutanix.MachineDetails,
+			"controlPlane.nutanix.machineDetails",
+			&result,
+		)
+	}
+
+	// Check worker VM images.
+	if n.cluster.Spec.Topology.Workers == nil {
+		return result
+	}
+
+	for _, md := range n.cluster.Spec.Topology.Workers.MachineDeployments {
+		if md.Variables == nil {
+			continue
 		}
 
-		if details.Image != nil {
-			images, err := getVMImages(n.nutanixClient, details.Image)
-			if err != nil {
-				result.Allowed = false
-				result.Error = true
-				result.Message = fmt.Sprintf("failed to count matching VM Images: %s", err)
-				return result
+		workerConfig, err := variables.UnmarshalWorkerConfigVariable(md.Variables.Overrides)
+		if err != nil {
+			result.Error = true
+			result.Causes = append(result.Causes, metav1.StatusCause{
+				Type: "VMImageCheck",
+				Message: fmt.Sprintf(
+					"failed to unmarshal topology variable %q: %s",
+					carenv1.WorkerConfigVariableName,
+					err,
+				),
+				Field: fmt.Sprintf(
+					"cluster.spec.topology.workers.machineDeployments[.name=%s].variables.overrides",
+					md.Name,
+				),
+			})
+		} else if workerConfig != nil {
+			if workerConfig.Nutanix == nil {
+				result.Causes = append(result.Causes, metav1.StatusCause{
+					Type:    "VMImageCheck",
+					Message: "missing Nutanix configuration in worker machine deployment",
+					Field: fmt.Sprintf("cluster.spec.topology.workers.machineDeployments[.name=%s]"+
+						".variables.overrides[.name=workerConfig].value.nutanix", md.Name),
+				})
+			} else {
+				n.vmImageCheckForMachineDetails(
+					ctx,
+					&workerConfig.Nutanix.MachineDetails,
+					fmt.Sprintf(
+						"workers.machineDeployments[.name=%s].variables.overrides[.name=workerConfig].value.nutanix.machineDetails",
+						md.Name,
+					),
+					&result,
+				)
 			}
+		}
+	}
 
-			if len(images) != 1 {
-				result.Allowed = false
-				result.Message = fmt.Sprintf("expected to find 1 VM Image, found %d", len(images))
-				return result
-			}
+	return result
+}
+
+func (n *Checker) vmImageCheckForMachineDetails(
+	ctx context.Context,
+	details *carenv1.NutanixMachineDetails,
+	field string,
+	result *preflight.CheckResult,
+) {
+	if details.ImageLookup != nil {
+		result.Allowed = false
+		result.Error = true
+		result.Causes = append(result.Causes, metav1.StatusCause{
+			Type:    "VMImageCheck",
+			Message: "ImageLookup is not yet supported",
+			Field:   field,
+		})
+		return
+	}
+
+	if details.Image != nil {
+		client, err := n.v4client(ctx, n.client, n.cluster.Namespace)
+		if err != nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes, metav1.StatusCause{
+				Type:    "VMImageCheck",
+				Message: fmt.Sprintf("failed to get Nutanix client: %s", err),
+				Field:   field,
+			})
+			return
 		}
 
-		return result
+		images, err := getVMImages(client, details.Image)
+		if err != nil {
+			result.Allowed = false
+			result.Error = true
+			result.Causes = append(result.Causes, metav1.StatusCause{
+				Type:    "VMImageCheck",
+				Message: fmt.Sprintf("failed to count matching VM Images: %s", err),
+				Field:   field,
+			})
+			return
+		}
+
+		if len(images) != 1 {
+			result.Allowed = false
+			result.Causes = append(result.Causes, metav1.StatusCause{
+				Type:    "VMImageCheck",
+				Message: fmt.Sprintf("expected to find 1 VM Image, found %d", len(images)),
+				Field:   field,
+			})
+		}
 	}
 }
 
