Update CAPI version in go.mod

This is to ensure newer versions of interfaces from SharedIndexInformers
don't cause compile failures.

Update go version to v1.22 becasue cmp.Or is only available in go v1.22

update prism-go-client

.github/workflows/build-dev.yaml

@@ -20,11 +20,14 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "1.21"
+          go-version: "^1.22"
 
       - name: Test build
         run: make manifests generate fmt vet build
 
+      - name: Lint
+        run: make lint
+
       - name: Run unit tests
         run: make unit-test
 

.github/workflows/codeql-analysis.yml

@@ -1,4 +1,3 @@
-
 name: "Code Scanning - Action"
 
 on:
@@ -28,15 +27,15 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         # Override language selection by uncommenting this and choosing your languages
         # with:
         #   languages: go, javascript, csharp, python, cpp, java
 
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -50,4 +49,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/synopsys-schedule.yaml

@@ -1,4 +1,4 @@
-name: Black Duck Intelligent Policy Check
+name: Black Duck Daily Policy Check
 on:
   schedule:
     - cron: "0 0 * * *"
@@ -14,16 +14,16 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.19"
+          go-version: "^1.22"
 
       - name: Build Project
-        run: make build
+        run: devbox run -- make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/detect-action@v0.3.4
+      - name: Black Duck Full Scan
+        uses: synopsys-sig/synopsys-action@v1.7.0
         with:
-          scan-mode: INTELLIGENT
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'

.github/workflows/synopsys.yaml

@@ -1,10 +1,10 @@
 name: Black Duck Policy Check
 on:
+  pull_request:
   push:
     branches:
       - main
       - 'release-*'
-  pull_request:
 
 jobs:
   security:
@@ -17,15 +17,29 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v4
         with:
-          go-version: "^1.19"
+          go-version: "^1.22"
 
       - name: Build Project
         run: make build
 
-      - name: Run Synopsys Detect
-        uses: synopsys-sig/[email protected]
+      - name: Black Duck Full Scan
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: synopsys-sig/[email protected]
+        with:
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: true
+          blackduck_scan_failure_severities: 'BLOCKER,CRITICAL'
+
+      - name: Black Duck PR Scan
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: synopsys-sig/[email protected]
+        env:
+          DETECT_PROJECT_VERSION_NAME: ${{ github.base_ref }}
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          detect-version: 8.10.0
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackduck_url: ${{ secrets.BLACKDUCK_URL }}
+          blackduck_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackduck_scan_full: false
+          blackduck_prComment_enabled: true

Makefile

@@ -27,7 +27,7 @@ PLATFORMS_E2E ?= linux/amd64
 KIND_CLUSTER_NAME ?= capi-test
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.23
+ENVTEST_K8S_VERSION = 1.26
 
 #
 # Directories.
@@ -365,7 +365,7 @@ GOTESTPKGS = $(shell go list ./... | grep -v /mocks | grep -v /templates)
 .PHONY: unit-test
 unit-test: setup-envtest ## Run unit tests.
 ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off $(GOGET) -u github.com/jstemmer/go-junit-report
+	$(GOCMD) install github.com/jstemmer/go-junit-report
 	$(eval OUTPUT_OPTIONS = | go-junit-report -set-exit-code > junit-report.xml)
 endif
 	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) $(GOTESTPKGS) $(OUTPUT_OPTIONS)
@@ -375,8 +375,8 @@ coverage: setup-envtest ## Run the tests of the project and export the coverage
 	KUBEBUILDER_ASSETS="$(shell $(SETUP_ENVTEST) use $(ENVTEST_K8S_VERSION)  --arch=amd64 -p path)" $(GOTEST) -cover -covermode=count -coverprofile=profile.cov $(GOTESTPKGS)
 	$(GOTOOL) cover -func profile.cov
 ifeq ($(EXPORT_RESULT), true)
-	GO111MODULE=off $(GOGET) -u github.com/AlekSi/gocov-xml
-	GO111MODULE=off $(GOGET) -u github.com/axw/gocov/gocov
+	$(GOCMD) install github.com/AlekSi/gocov-xml
+	$(GOCMD) install github.com/axw/gocov/gocov
 	gocov convert profile.cov | gocov-xml > coverage.xml
 endif
 

api/v1alpha4/nutanixcluster_conversion.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	infrav1beta1 "github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
-	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )

api/v1alpha4/nutanixcluster_types.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	credentialTypes "github.com/nutanix-cloud-native/prism-go-client/environment/credentials"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	"sigs.k8s.io/cluster-api/errors"
 )
 

api/v1alpha4/nutanixmachine_types.go

@@ -20,7 +20,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	"sigs.k8s.io/cluster-api/errors"
 )
 

api/v1alpha4/nutanixmachinetemplate_conversion.go

@@ -19,7 +19,7 @@ package v1alpha4
 import (
 	infrav1beta1 "github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
-	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 	capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"

api/v1alpha4/nutanixmachinetemplate_types.go

@@ -18,7 +18,7 @@ package v1alpha4
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4" //nolint:staticcheck // we know v1alpha4 is deprecated: release-v1.2 branch is not an active development branch
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.

controllers/helpers.go

@@ -23,10 +23,10 @@ import (
 	"strings"
 
 	"github.com/google/uuid"
-	"github.com/nutanix-cloud-native/prism-go-client/utils"
 	prismclientv3 "github.com/nutanix-cloud-native/prism-go-client/v3"
 	"k8s.io/apimachinery/pkg/api/resource"
 	v1 "k8s.io/client-go/informers/core/v1"
+	"k8s.io/utils/ptr"
 	capiv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/conditions"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -157,7 +157,7 @@ func FindVMByName(ctx context.Context, client *prismclientv3.Client, vmName stri
 	log.Info(fmt.Sprintf("Checking if VM with name %s exists.", vmName))
 
 	res, err := client.V3.ListVM(ctx, &prismclientv3.DSMetadata{
-		Filter: utils.StringPtr(fmt.Sprintf("vm_name==%s", vmName)),
+		Filter: ptr.To(fmt.Sprintf("vm_name==%s", vmName)),
 	})
 	if err != nil {
 		return nil, err
@@ -230,10 +230,10 @@ func CreateSystemDiskSpec(imageUUID string, systemDiskSize int64) (*prismclientv
 	}
 	systemDisk := &prismclientv3.VMDisk{
 		DataSourceReference: &prismclientv3.Reference{
-			Kind: utils.StringPtr("image"),
-			UUID: utils.StringPtr(imageUUID),
+			Kind: ptr.To("image"),
+			UUID: ptr.To(imageUUID),
 		},
-		DiskSizeMib: utils.Int64Ptr(systemDiskSize),
+		DiskSizeMib: ptr.To(systemDiskSize),
 	}
 	return systemDisk, nil
 }
@@ -560,8 +560,8 @@ func getOrCreateCategory(ctx context.Context, client *prismclientv3.Client, cate
 	if categoryKey == nil {
 		log.V(1).Info(fmt.Sprintf("Category with key %s did not exist.", categoryIdentifier.Key))
 		categoryKey, err = client.V3.CreateOrUpdateCategoryKey(ctx, &prismclientv3.CategoryKey{
-			Description: utils.StringPtr(infrav1.DefaultCAPICategoryDescription),
-			Name:        utils.StringPtr(categoryIdentifier.Key),
+			Description: ptr.To(infrav1.DefaultCAPICategoryDescription),
+			Name:        ptr.To(categoryIdentifier.Key),
 		})
 		if err != nil {
 			errorMsg := fmt.Errorf("failed to create category with key %s. error: %v", categoryIdentifier.Key, err)
@@ -577,8 +577,8 @@ func getOrCreateCategory(ctx context.Context, client *prismclientv3.Client, cate
 	}
 	if categoryValue == nil {
 		categoryValue, err = client.V3.CreateOrUpdateCategoryValue(ctx, *categoryKey.Name, &prismclientv3.CategoryValue{
-			Description: utils.StringPtr(infrav1.DefaultCAPICategoryDescription),
-			Value:       utils.StringPtr(categoryIdentifier.Value),
+			Description: ptr.To(infrav1.DefaultCAPICategoryDescription),
+			Value:       ptr.To(categoryIdentifier.Value),
 		})
 		if err != nil {
 			errorMsg := fmt.Errorf("failed to create category value %s in category key %s: %v", categoryIdentifier.Value, categoryIdentifier.Key, err)

controllers/nutanixcluster_controller.go

@@ -86,7 +86,7 @@ func (r *NutanixClusterReconciler) SetupWithManager(ctx context.Context, mgr ctr
 
 	if err = c.Watch(
 		// Watch the CAPI resource that owns this infrastructure resource.
-		source.Kind(mgr.GetCache(), &capiv1.Cluster{}),
+		&source.Kind{Type: &capiv1.Cluster{}},
 		handler.EnqueueRequestsFromMapFunc(
 			capiutil.ClusterToInfrastructureMapFunc(
 				ctx,
@@ -364,35 +364,44 @@ func (r *NutanixClusterReconciler) reconcileCredentialRef(ctx context.Context, n
 		Name:      credentialRef.Name,
 	}
 
+	log.V(1).Info(fmt.Sprintf("fetching secret for cluster %s", nutanixCluster.Name))
 	if err := r.Client.Get(ctx, secretKey, secret); err != nil {
 		errorMsg := fmt.Errorf("error occurred while fetching cluster %s secret for credential ref: %v", nutanixCluster.Name, err)
 		log.Error(errorMsg, "error occurred fetching cluster")
 		return errorMsg
 	}
 
+	log.V(1).Info(fmt.Sprintf("fetched secret for cluster %s", nutanixCluster.Name))
 	// Check if ownerRef is already set on nutanixCluster object
 	if !capiutil.IsOwnedByObject(secret, nutanixCluster) {
-		if len(secret.GetOwnerReferences()) > 0 {
-			return fmt.Errorf("secret for cluster %s already has other owners set", nutanixCluster.Name)
+		// Check if another nutanixCluster already has set ownerRef. Secret can only be owned by one nutanixCluster object
+		if capiutil.HasOwner(secret.OwnerReferences, infrav1.GroupVersion.String(), []string{
+			nutanixCluster.Kind,
+		}) {
+			log.V(1).Info(fmt.Sprintf("fetched secret has owner reference for cluster %s: %+v", nutanixCluster.Name, secret.GetOwnerReferences()))
+			return fmt.Errorf("secret %s already owned by another nutanixCluster object", secret.Name)
 		}
-		secret.SetOwnerReferences([]metav1.OwnerReference{{
+		// Set nutanixCluster ownerRef on the secret
+		secret.OwnerReferences = capiutil.EnsureOwnerRef(secret.OwnerReferences, metav1.OwnerReference{
 			APIVersion: infrav1.GroupVersion.String(),
 			Kind:       nutanixCluster.Kind,
 			UID:        nutanixCluster.UID,
 			Name:       nutanixCluster.Name,
-		}})
+		})
 	}
 
 	if !ctrlutil.ContainsFinalizer(secret, infrav1.NutanixClusterCredentialFinalizer) {
 		ctrlutil.AddFinalizer(secret, infrav1.NutanixClusterCredentialFinalizer)
 	}
 
+	log.V(1).Info(fmt.Sprintf("updating secret for cluster %s", nutanixCluster.Name))
 	err = r.Client.Update(ctx, secret)
 	if err != nil {
 		errorMsg := fmt.Errorf("failed to update secret for cluster %s: %v", nutanixCluster.Name, err)
 		log.Error(errorMsg, "failed to update secret")
 		return errorMsg
 	}
+	log.V(1).Info(fmt.Sprintf("updated secret for cluster %s", nutanixCluster.Name))
 
 	return nil
 }

controllers/nutanixcluster_controller_test.go

@@ -45,6 +45,10 @@ func TestNutanixClusterReconciler(t *testing.T) {
 	g := NewWithT(t)
 
 	_ = Describe("NutanixClusterReconciler", func() {
+		const (
+			// To be replaced with capiv1.ClusterKind
+			clusterKind = "Cluster"
+		)
 		var (
 			ntnxCluster *infrav1.NutanixCluster
 			ctx         context.Context
@@ -276,7 +280,7 @@ func TestNutanixClusterReconciler(t *testing.T) {
 				ntnxSecret.OwnerReferences = []metav1.OwnerReference{
 					{
 						APIVersion: capiv1.GroupVersion.String(),
-						Kind:       capiv1.ClusterKind,
+						Kind:       clusterKind,
 						UID:        ntnxCluster.UID,
 						Name:       r,
 					},
@@ -296,7 +300,6 @@ func TestNutanixClusterReconciler(t *testing.T) {
 
 				// Check if secret is owned by the NutanixCluster
 				g.Expect(capiutil.IsOwnedByObject(ntnxSecret, ntnxCluster)).To(BeTrue())
-
 				g.Expect(len(ntnxSecret.OwnerReferences)).To(Equal(2))
 			})
 			It("should error if secret does not exist", func() {