[NXOS] LLDP provider implementation

* Enables/disables LLDP feature and configures global and per-interface
  settings on Cisco NX-OS switches.

Author: nikatza

cmd/main.go

@@ -40,6 +40,9 @@ import (
 	_ "github.com/ironcore-dev/network-operator/internal/provider/cisco/nxos"
 	_ "github.com/ironcore-dev/network-operator/internal/provider/openconfig"
 
+	// Import provider-specific config validators.
+	_ "github.com/ironcore-dev/network-operator/internal/providerconfig/cisco/nx"
+
 	nxv1alpha1 "github.com/ironcore-dev/network-operator/api/cisco/nx/v1alpha1"
 	"github.com/ironcore-dev/network-operator/api/core/v1alpha1"
 	nxcontroller "github.com/ironcore-dev/network-operator/internal/controller/cisco/nx"

docs/api-reference/index.md

@@ -24,6 +24,7 @@ SPDX-License-Identifier: Apache-2.0
 - [EVPNInstance](#evpninstance)
 - [ISIS](#isis)
 - [Interface](#interface)
+- [LLDP](#lldp)
 - [ManagementAccess](#managementaccess)
 - [NTP](#ntp)
 - [NetworkVirtualizationEdge](#networkvirtualizationedge)
@@ -136,6 +137,8 @@ _Appears in:_
 - [DNSSpec](#dnsspec)
 - [ISISSpec](#isisspec)
 - [InterfaceSpec](#interfacespec)
+- [LLDPInterface](#lldpinterface)
+- [LLDPSpec](#lldpspec)
 - [NTPSpec](#ntpspec)
 - [NetworkVirtualizationEdgeSpec](#networkvirtualizationedgespec)
 - [OSPFSpec](#ospfspec)
@@ -1367,6 +1370,59 @@ _Appears in:_
 | `Passive` | LACPModePassive indicates that LACP is in passive mode.<br /> |
 
 
+#### LLDP
+
+
+
+LLDP is the Schema for the lldps API
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `networking.metal.ironcore.dev/v1alpha1` | | |
+| `kind` _string_ | `LLDP` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[LLDPSpec](#lldpspec)_ |  |  | Required: \{\} <br /> |
+| `status` _[LLDPStatus](#lldpstatus)_ |  |  | Optional: \{\} <br /> |
+
+
+#### LLDPSpec
+
+
+
+LLDPSpec defines the desired state of LLDP
+
+
+
+_Appears in:_
+- [LLDP](#lldp)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `deviceRef` _[LocalObjectReference](#localobjectreference)_ | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace.<br />Immutable. |  | Required: \{\} <br /> |
+| `providerConfigRef` _[TypedLocalObjectReference](#typedlocalobjectreference)_ | ProviderConfigRef is a reference to a resource holding the provider-specific configuration for this LLDP.<br />If not specified the provider applies the target platform's default settings. |  | Optional: \{\} <br /> |
+| `adminState` _[AdminState](#adminstate)_ | AdminState indicates whether LLDP is system-wide administratively up or down. |  | Enum: [Up Down] <br />Required: \{\} <br /> |
+
+
+#### LLDPStatus
+
+
+
+LLDPStatus defines the observed state of LLDP.
+
+
+
+_Appears in:_
+- [LLDP](#lldp)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#condition-v1-meta) array_ | conditions represent the current state of the LLDP resource.<br />Each condition has a unique type and reflects the status of a specific aspect of the resource.<br />Standard condition types include:<br />- "Available": the resource is fully functional<br />- "Progressing": the resource is being created or updated<br />- "Degraded": the resource failed to reach or maintain its desired state<br />The status of each condition is one of True, False, or Unknown. |  | Optional: \{\} <br /> |
+
+
 #### LocalObjectReference
 
 
@@ -1395,6 +1451,8 @@ _Appears in:_
 - [InterfaceSpec](#interfacespec)
 - [InterfaceStatus](#interfacestatus)
 - [KeepAlive](#keepalive)
+- [LLDPInterface](#lldpinterface)
+- [LLDPSpec](#lldpspec)
 - [ManagementAccessSpec](#managementaccessspec)
 - [NTPSpec](#ntpspec)
 - [NetworkVirtualizationEdgeSpec](#networkvirtualizationedgespec)
@@ -2717,6 +2775,7 @@ _Appears in:_
 - [EVPNInstanceSpec](#evpninstancespec)
 - [ISISSpec](#isisspec)
 - [InterfaceSpec](#interfacespec)
+- [LLDPSpec](#lldpspec)
 - [ManagementAccessSpec](#managementaccessspec)
 - [NTPSpec](#ntpspec)
 - [NetworkVirtualizationEdgeSpec](#networkvirtualizationedgespec)
@@ -2931,6 +2990,7 @@ Package v1alpha1 contains API Schema definitions for the nx.cisco.networking.met
 ### Resource Types
 - [BorderGateway](#bordergateway)
 - [InterfaceConfig](#interfaceconfig)
+- [LLDPConfig](#lldpconfig)
 - [ManagementAccessConfig](#managementaccessconfig)
 - [NetworkVirtualizationEdgeConfig](#networkvirtualizationedgeconfig)
 - [System](#system)
@@ -3186,7 +3246,62 @@ _Appears in:_
 | --- | --- | --- | --- |
 | `destination` _string_ | Destination is the destination IP address of the vPC's domain peer keepalive interface.<br />This is the IP address the local switch will send keepalive messages to. |  | Format: ipv4 <br />Required: \{\} <br /> |
 | `source` _string_ | Source is the source IP address for keepalive messages.<br />This is the local IP address used to send keepalive packets to the peer. |  | Format: ipv4 <br />Required: \{\} <br /> |
-| `vrfRef` _[LocalObjectReference](#localobjectreference)_ | VRFRef is an optional reference to a VRF resource, e.g., the management VRF.<br />If specified, the switch sends keepalive packets throughout this VRF.<br />If omitted, the management VRF is used. |  | Optional: \{\} <br /> |
+| `vrfName` _string_ | The name of the vrf used to send keepalive packets to the peer.<br />Mutually exclusive with VrfRef. |  | MaxLength: 63 <br />MinLength: 1 <br />Optional: \{\} <br /> |
+| `vrfRef` _[LocalObjectReference](#localobjectreference)_ | The reference to a VRF resource used to send keepalive packets to the peer.<br />Mutually exclusive with VrfName. |  | Optional: \{\} <br /> |
+
+
+#### LLDPConfig
+
+
+
+LLDPConfig is the Schema for the LLDPConfig API
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `nx.cisco.networking.metal.ironcore.dev/v1alpha1` | | |
+| `kind` _string_ | `LLDPConfig` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[LLDPConfigSpec](#lldpconfigspec)_ | spec defines the desired state of LLDP |  | Required: \{\} <br /> |
+
+
+#### LLDPConfigSpec
+
+
+
+LLDPConfig defines the Cisco-specific configuration of an LLDP object.
+
+
+
+_Appears in:_
+- [LLDPConfig](#lldpconfig)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `initDelay` _integer_ | InitDelay defines the delay in seconds before LLDP starts sending packets after interface comes up. | 2 | Maximum: 10 <br />Minimum: 1 <br />Optional: \{\} <br /> |
+| `holdTime` _integer_ | HoldTime defines the time in seconds that the receiving device should hold the LLDP information before discarding it. | 120 | Maximum: 255 <br />Minimum: 1 <br />Optional: \{\} <br /> |
+| `interfaceRefs` _[LLDPInterface](#lldpinterface) array_ | InterfaceRefs is a list of interfaces and their LLDP configuration. |  | Optional: \{\} <br /> |
+
+
+#### LLDPInterface
+
+
+
+
+
+
+
+_Appears in:_
+- [LLDPConfigSpec](#lldpconfigspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `name` _string_ | Name of the referent.<br />More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |  | MaxLength: 63 <br />MinLength: 1 <br />Required: \{\} <br /> |
+| `adminRxState` _[AdminState](#adminstate)_ | AdminRxState defines the administrative state for receiving LLDP PDUs on the interface. | Up | Enum: [Up Down] <br />Optional: \{\} <br /> |
+| `adminTxState` _[AdminState](#adminstate)_ | AdminTxState defines the administrative state for transmitting LLDP PDUs on the interface. | Up | Enum: [Up Down] <br />Optional: \{\} <br /> |
 
 
 #### ManagementAccessConfig

internal/controller/core/lldp_controller.go

@@ -34,6 +34,7 @@ import (
 	"github.com/ironcore-dev/network-operator/internal/conditions"
 	"github.com/ironcore-dev/network-operator/internal/deviceutil"
 	"github.com/ironcore-dev/network-operator/internal/provider"
+	"github.com/ironcore-dev/network-operator/internal/providerconfig"
 	"github.com/ironcore-dev/network-operator/internal/resourcelock"
 )
 
@@ -201,6 +202,8 @@ type lldpScope struct {
 	Provider   provider.LLDPProvider
 	// ProviderConfig is the resource referenced by LLDP.Spec.ProviderConfigRef, if any.
 	ProviderConfig *provider.ProviderConfig
+	// ProviderConfigScope is the scope with the resources referenced in ProviderConfig, if applicable.
+	ProviderConfigScope *providerconfig.Scope
 }
 
 func (r *LLDPReconciler) reconcile(ctx context.Context, s *lldpScope) (_ ctrl.Result, reterr error) {
@@ -240,9 +243,17 @@ func (r *LLDPReconciler) reconcile(ctx context.Context, s *lldpScope) (_ ctrl.Re
 	}()
 
 	// Ensure the LLDP is realized on the remote device.
+	// Convert providerconfig.Scope to provider.ProviderConfigScope.
+	// These are separate types to decouple the validation layer (which uses k8s client)
+	// from the provider layer (which should not depend on k8s client).
+	var providerScope *provider.ProviderConfigScope
+	if s.ProviderConfigScope != nil {
+		providerScope = provider.NewProviderConfigScope(s.ProviderConfigScope.Raw())
+	}
 	err = s.Provider.EnsureLLDP(ctx, &provider.LLDPRequest{
-		LLDP:           s.LLDP,
-		ProviderConfig: s.ProviderConfig,
+		LLDP:                s.LLDP,
+		ProviderConfig:      s.ProviderConfig,
+		ProviderConfigScope: providerScope,
 	})
 
 	cond := conditions.FromError(err)
@@ -321,6 +332,24 @@ func (r *LLDPReconciler) validateProviderConfigRef(ctx context.Context, s *lldpS
 		return nil, reconcile.TerminalError(fmt.Errorf("unsupported ProviderConfigRef Kind %q on this provider", gv))
 	}
 
+	// if a provider-specific validator is registered, use it
+	if validator, ok := providerconfig.GetValidator(gvk); ok {
+		reader := r.APIReader
+		if reader == nil {
+			// fall back to the cached client if APIReader is not set
+			reader = r.Client
+		}
+		s.ProviderConfigScope, err = validator(ctx, reader, s.LLDP, s.LLDP.Spec.ProviderConfigRef)
+		if err != nil {
+			conditions.Set(s.LLDP, metav1.Condition{
+				Type:    v1alpha1.ConfiguredCondition,
+				Status:  metav1.ConditionFalse,
+				Reason:  v1alpha1.IncompatibleProviderConfigRef,
+				Message: fmt.Sprintf("ProviderConfigRef validation failed: %v", err),
+			})
+			return nil, reconcile.TerminalError(fmt.Errorf("configuration error in provider config ref %w", err))
+		}
+	}
 	return cfg, nil
 }