Cherry-pick PR #403, #406, and #415 to release-v1.2

.github/workflows/build-dev.yaml

@@ -20,11 +20,14 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "1.21"
+          go-version: "^1.22"
 
       - name: Test build
         run: make manifests generate fmt vet build
 
+      - name: Lint
+        run: make lint
+
       - name: Run unit tests
         run: make unit-test
 

.github/workflows/codeql-analysis.yml

@@ -1,4 +1,3 @@
-
 name: "Code Scanning - Action"
 
 on:
@@ -28,15 +27,15 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         # Override language selection by uncommenting this and choosing your languages
         # with:
         #   languages: go, javascript, csharp, python, cpp, java
 
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -50,4 +49,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/synopsys-schedule.yaml

@@ -1,4 +1,4 @@
-name: Black Duck Intelligent Policy Check
+name: Black Duck Daily Policy Check
 on:
   schedule:
     - cron: "0 0 * * *"
@@ -14,16 +14,16 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.19"
+          go-version: "^1.22"
 
       - name: Build Project
-        run: make build
+        run: devbox run -- make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        uses: synopsys-sig/synopsys-action@v1.7.0
         with:
-          scan-mode: INTELLIGENT
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'

.github/workflows/synopsys.yaml

@@ -1,10 +1,10 @@
 name: Black Duck Policy Check
 on:
+  pull_request:
   push:
     branches:
       - main
       - 'release-*'
-  pull_request:
 
 jobs:
   security:
@@ -17,15 +17,29 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.19"
+          go-version: "^1.22"
 
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.7.0
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
+
+      - name: Black Duck PR Scan
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: synopsys-sig/synopsys-action@v1.7.0
+        env:
+          DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: false
+          blackduck_prComment_enabled: true

Makefile

@@ -27,7 +27,7 @@ PLATFORMS_E2E ?= linux/amd64
 KIND_CLUSTER_NAME ?= capi-test
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.23
+ENVTEST_K8S_VERSION = 1.26
 
 #
 # Directories.
@@ -122,6 +122,11 @@ GOLANGCI_LINT_VER := v1.55.2
 GOLANGCI_LINT_BIN := golangci-lint
 GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN))
 
+MOCKGEN_VER := v1.6.0
+MOCKGEN_BIN := mockgen
+MOCKGEN_PKG := github.com/golang/mock/mockgen
+MOCKGEN := $(abspath $(TOOLS_BIN_DIR)/$(MOCKGEN_BIN)-$(MOCKGEN_VER))
+
 # CRD_OPTIONS define options to add to the CONTROLLER_GEN
 CRD_OPTIONS ?= "crd:crdVersions=v1"
 
@@ -342,23 +347,36 @@ prepare-local-clusterctl: manifests kustomize cluster-templates ## Prepare overi
 	$(KUSTOMIZE) build config/default > ~/.cluster-api/overrides/infrastructure-nutanix/${LOCAL_PROVIDER_VERSION}/infrastructure-components.yaml
 	cp ./metadata.yaml ~/.cluster-api/overrides/infrastructure-nutanix/${LOCAL_PROVIDER_VERSION}/
 	cp ./templates/cluster-template*.yaml ~/.cluster-api/overrides/infrastructure-nutanix/${LOCAL_PROVIDER_VERSION}/
-	cp ./clusterctl.yaml ~/.cluster-api/clusterctl.yaml
+	env LOCAL_PROVIDER_VERSION=$(LOCAL_PROVIDER_VERSION) \
+		envsubst -no-unset -no-empty -no-digit < ./clusterctl.yaml > ~/.cluster-api/clusterctl.yaml
+
+.PHONY: mocks
+mocks: $(MOCKGEN) ## Generate mocks for the project
+	$(MOCKGEN) -destination=mocks/ctlclient/client_mock.go -package=mockctlclient sigs.k8s.io/controller-runtime/pkg/client Client
+	$(MOCKGEN) -destination=mocks/ctlclient/manager_mock.go -package=mockctlclient sigs.k8s.io/controller-runtime/pkg/manager Manager
+	$(MOCKGEN) -destination=mocks/ctlclient/cache_mock.go -package=mockctlclient sigs.k8s.io/controller-runtime/pkg/cache Cache
+	$(MOCKGEN) -destination=mocks/k8sclient/cm_informer.go -package=mockk8sclient k8s.io/client-go/informers/core/v1 ConfigMapInformer
+	$(MOCKGEN) -destination=mocks/k8sclient/secret_informer.go -package=mockk8sclient k8s.io/client-go/informers/core/v1 SecretInformer
+	$(MOCKGEN) -destination=mocks/k8sclient/secret_lister.go -package=mockk8sclient k8s.io/client-go/listers/core/v1 SecretLister
+	$(MOCKGEN) -destination=mocks/k8sclient/secret_namespace_lister.go -package=mockk8sclient k8s.io/client-go/listers/core/v1 SecretNamespaceLister
+
+GOTESTPKGS = $(shell go list ./... | grep -v /mocks | grep -v /templates)
 
 .PHONY: unit-test
 unit-test: setup-envtest ## Run unit tests.
 ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off $(GOGET) -u github.com/jstemmer/go-junit-report
+	$(GOCMD) install github.com/jstemmer/go-junit-report
 	$(eval OUTPUT_OPTIONS = | go-junit-report -set-exit-code > junit-report.xml)
 endif
-	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) ./... $(OUTPUT_OPTIONS)
+	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) $(GOTESTPKGS) $(OUTPUT_OPTIONS)
 
 .PHONY: coverage
 coverage: setup-envtest ## Run the tests of the project and export the coverage
-	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) -cover -covermode=count -coverprofile=profile.cov ./...
+	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) -cover -covermode=count -coverprofile=profile.cov $(GOTESTPKGS)
 	$(GOTOOL) cover -func profile.cov
 ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off $(GOGET) -u github.com/AlekSi/gocov-xml
-	GO111MODULE=off $(GOGET) -u github.com/axw/gocov/gocov
+	$(GOCMD) install github.com/AlekSi/gocov-xml
+	$(GOCMD) install github.com/axw/gocov/gocov
 	gocov convert profile.cov | gocov-xml > coverage.xml
 endif
 
@@ -513,6 +531,9 @@ $(KO): # Build ko from tools folder.
 $(KUSTOMIZE): # Build kustomize from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(KUSTOMIZE_PKG) $(KUSTOMIZE_BIN) $(KUSTOMIZE_VER)
 
+$(MOCKGEN): # Build mockgen from tools folder.
+	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(MOCKGEN_PKG) $(MOCKGEN_BIN) $(MOCKGEN_VER)
+
 .PHONY: $(KO_BIN)
 $(KO_BIN): $(KO) ## Build a local copy of ko
 

api/v1alpha4/nutanixcluster_conversion.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	infrav1beta1 "github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
-	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )

api/v1alpha4/nutanixcluster_types.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	credentialTypes "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	"sigs.k8s.io/cluster-api/errors"
 )
 

api/v1alpha4/nutanixmachine_types.go

@@ -20,7 +20,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	"sigs.k8s.io/cluster-api/errors"
 )
 

api/v1alpha4/nutanixmachinetemplate_conversion.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	infrav1beta1 "github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
-	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"

api/v1alpha4/nutanixmachinetemplate_types.go

@@ -18,7 +18,7 @@ package v1alpha4
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.

api/v1beta1/nutanixcluster_types.go

@@ -17,15 +17,20 @@ limitations under the License.
 package v1beta1
 
 import (
+	"cmp"
 	"fmt"
 
 	credentialTypes "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	capiv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/errors"
 )
 
 const (
+	// NutanixClusterKind represents the Kind of NutanixCluster
+	NutanixClusterKind = "NutanixCluster"
+
 	// NutanixClusterFinalizer allows NutanixClusterReconciler to clean up AHV
 	// resources associated with NutanixCluster before removing it from the
 	// API Server.
@@ -118,6 +123,12 @@ func (ncl *NutanixCluster) GetPrismCentralCredentialRef() (*credentialTypes.Nuta
 	return prismCentralInfo.CredentialRef, nil
 }
 
+// GetNamespacedName returns the namespaced name of the NutanixCluster.
+func (ncl *NutanixCluster) GetNamespacedName() string {
+	namespace := cmp.Or(ncl.Namespace, corev1.NamespaceDefault)
+	return fmt.Sprintf("%s/%s", namespace, ncl.Name)
+}
+
 // +kubebuilder:object:root=true
 
 // NutanixClusterList contains a list of NutanixCluster

api/v1beta1/nutanixcluster_types_test.go

@@ -112,3 +112,39 @@ func TestGetCredentialRefForCluster(t *testing.T) {
 		})
 	}
 }
+
+func TestGetNamespacedName(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name             string
+		nutanixCluster   *NutanixCluster
+		expectedFullName string
+	}{
+		{
+			name: "namespace and name are set",
+			nutanixCluster: &NutanixCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test",
+					Namespace: "test-namespace",
+				},
+			},
+			expectedFullName: "test-namespace/test",
+		},
+		{
+			name: "namespace is not set, should use default",
+			nutanixCluster: &NutanixCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test",
+				},
+			},
+			expectedFullName: "default/test",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fullName := tt.nutanixCluster.GetNamespacedName()
+			assert.Equal(t, tt.expectedFullName, fullName)
+		})
+	}
+}

api/v1beta1/nutanixmachine_types.go

@@ -28,10 +28,23 @@ import (
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
 const (
+	// NutanixMachineKind represents the Kind of NutanixMachine
+	NutanixMachineKind = "NutanixMachine"
+
 	// NutanixMachineFinalizer allows NutanixMachineReconciler to clean up AHV
 	// resources associated with NutanixMachine before removing it from the
 	// API Server.
 	NutanixMachineFinalizer = "nutanixmachine.infrastructure.cluster.x-k8s.io"
+
+	// NutanixMachineBootstrapRefKindSecret represents the Kind of Secret
+	// referenced by NutanixMachine's BootstrapRef.
+	NutanixMachineBootstrapRefKindSecret = "Secret"
+
+	// NutanixMachineBootstrapRefKindImage represents the Kind of Image
+	// referenced by NutanixMachine's BootstrapRef. If the BootstrapRef.Kind is set
+	// to Image, the NutanixMachine will be created with the image mounted
+	// as a CD-ROM.
+	NutanixMachineBootstrapRefKindImage = "Image"
 )
 
 // NutanixMachineSpec defines the desired state of NutanixMachine