chore: complete hydration checks for switches

same as the previous commit but in reverse direction. note that
to avoid a dependecy cycle between wiringapi and gwapi here we
use k8s unstructured lists

Signed-off-by: Emanuele Di Pascale <emanuele@githedgehog.com>

Author: edipascale

api/wiring/v1beta1/switch_types.go

@@ -25,6 +25,8 @@ import (
 	"go.githedgehog.com/fabric/api/meta"
 	kapierrors "k8s.io/apimachinery/pkg/api/errors"
 	kmetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	ktypes "k8s.io/apimachinery/pkg/types"
 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -232,8 +234,6 @@ func (sw *Switch) HydrationValidation(ctx context.Context, kube kclient.Reader,
 	if err := kube.List(ctx, switches); err != nil {
 		return errors.Wrapf(err, "failed to list switches for hydration validation")
 	}
-	// TODO: collect gateways as well for VTEP and protocol IP uniqueness checks
-	// (cannot be done now as gateway webhook would create a circular dependency)
 
 	leafASNs := map[uint32]bool{}
 	VTEPs := map[string]bool{}
@@ -286,6 +286,31 @@ func (sw *Switch) HydrationValidation(ctx context.Context, kube kclient.Reader,
 		}
 	}
 
+	// collect gateways as well for VTEP and protocol IP uniqueness checks
+	// use unstructured list to avoid import dependency cycle
+	if fabricCfg != nil && fabricCfg.EnableGateway {
+		gateways := &unstructured.UnstructuredList{}
+		gateways.SetGroupVersionKind(schema.GroupVersionKind{
+			Group: "gateway.githedgehog.com", Version: "v1alpha1", Kind: "GatewayList",
+		})
+		if err := kube.List(ctx, gateways); err != nil {
+			return errors.Wrapf(err, "failed to list gateways for hydration validation")
+		}
+
+		for _, gw := range gateways.Items {
+			spec, ok := gw.Object["spec"].(map[string]interface{})
+			if !ok {
+				continue
+			}
+			if vtepIP, ok := spec["vtepIP"].(string); ok && vtepIP != "" {
+				VTEPs[vtepIP] = true
+			}
+			if protoIP, ok := spec["protocolIP"].(string); ok && protoIP != "" {
+				protocolIPs[protoIP] = true
+			}
+		}
+	}
+
 	if sw.Spec.IP != "" {
 		swIP, err := netip.ParsePrefix(sw.Spec.IP)
 		if err != nil {

api/wiring/v1beta1/switch_types_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	gwapi "go.githedgehog.com/fabric/api/gateway/v1alpha1"
 	"go.githedgehog.com/fabric/api/meta"
 	wiringapi "go.githedgehog.com/fabric/api/wiring/v1beta1"
 	kmetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,6 +21,7 @@ func TestHydrationValidation(t *testing.T) {
 
 	scheme := runtime.NewScheme()
 	require.NoError(t, wiringapi.AddToScheme(scheme))
+	require.NoError(t, gwapi.AddToScheme(scheme))
 	leafSwitch := &wiringapi.Switch{
 		ObjectMeta: kmetav1.ObjectMeta{
 			Name:      "leaf1",
@@ -91,6 +93,7 @@ func TestHydrationValidation(t *testing.T) {
 		ManagementSubnet:    "172.30.0.0/21",
 		ManagementDHCPStart: "172.30.4.0",
 		ManagementDHCPEnd:   "172.30.7.254",
+		EnableGateway:       true,
 	}
 
 	for _, test := range []struct {
@@ -307,6 +310,57 @@ func TestHydrationValidation(t *testing.T) {
 			dut:         mclagSwitch,
 			expectError: true,
 		},
+		{
+			name: "VTEPCollisionWithGateway",
+			objects: []kclient.Object{
+				&gwapi.Gateway{
+					ObjectMeta: kmetav1.ObjectMeta{
+						Name:      "gw-1",
+						Namespace: "default",
+					},
+					Spec: gwapi.GatewaySpec{
+						ProtocolIP: "172.30.8.45/32",
+						VTEPIP:     "172.30.12.0/32",
+					},
+				},
+			},
+			dut:         leafSwitch,
+			expectError: true,
+		},
+		{
+			name: "ProtocolIPCollisionWithGateway",
+			objects: []kclient.Object{
+				&gwapi.Gateway{
+					ObjectMeta: kmetav1.ObjectMeta{
+						Name:      "gw-1",
+						Namespace: "default",
+					},
+					Spec: gwapi.GatewaySpec{
+						ProtocolIP: "172.30.8.2/32",
+						VTEPIP:     "172.30.12.45/32",
+					},
+				},
+			},
+			dut:         leafSwitch,
+			expectError: true,
+		},
+		{
+			name: "noCollisionWithGateway",
+			objects: []kclient.Object{
+				&gwapi.Gateway{
+					ObjectMeta: kmetav1.ObjectMeta{
+						Name:      "gw-1",
+						Namespace: "default",
+					},
+					Spec: gwapi.GatewaySpec{
+						ProtocolIP: "172.30.8.45/32",
+						VTEPIP:     "172.30.12.45/32",
+					},
+				},
+			},
+			dut:         leafSwitch,
+			expectError: false,
+		},
 		{
 			name: "mclagPeerAllGood",
 			objects: []kclient.Object{