From 7cb9ff30f82437e1a58609af14a7cabbba363a2c Mon Sep 17 00:00:00 2001
From: Maria Shaldybin <maria.shaldybin@broadcom.com>
Date: Fri, 16 May 2025 22:10:52 +0000
Subject: [PATCH] Add config-validator to pre-start scripts to fail on canaries

---
 jobs/bosh-dns-adapter/spec                    |  1 +
 jobs/bosh-dns-adapter/templates/pre-start.erb |  5 +++
 jobs/garden-cni/templates/pre-start.erb       |  4 ++
 jobs/service-discovery-controller/spec        |  1 +
 .../templates/pre-start.erb                   |  5 +++
 packages/bosh-dns-adapter/packaging           |  3 +-
 packages/bosh-dns-adapter/spec                |  4 +-
 packages/runc-cni/packaging                   |  3 +-
 packages/runc-cni/spec                        |  3 +-
 .../service-discovery-controller/packaging    |  3 +-
 packages/service-discovery-controller/spec    |  3 +-
 .../bosh_dns_adapter_suite_test.go            |  2 +-
 .../{ => cmd/bosh-dns-adapter}/main.go        |  0
 .../{ => cmd/bosh-dns-adapter}/main_test.go   |  0
 .../cmd/config-validator/main.go              | 41 +++++++++++++++++++
 .../cmd/config-validator/main.go              | 23 +++++++++++
 .../garden-external-networker}/main.go        |  0
 .../integration/integration_suite_test.go     |  2 +-
 .../cmd/config-validator/main.go              | 29 +++++++++++++
 .../service-discovery-controller}/main.go     |  0
 .../main_test.go                              |  0
 ...service_discovery_controller_suite_test.go |  0
 22 files changed, 124 insertions(+), 8 deletions(-)
 create mode 100644 jobs/bosh-dns-adapter/templates/pre-start.erb
 create mode 100644 jobs/service-discovery-controller/templates/pre-start.erb
 rename src/code.cloudfoundry.org/bosh-dns-adapter/{ => cmd/bosh-dns-adapter}/bosh_dns_adapter_suite_test.go (93%)
 rename src/code.cloudfoundry.org/bosh-dns-adapter/{ => cmd/bosh-dns-adapter}/main.go (100%)
 rename src/code.cloudfoundry.org/bosh-dns-adapter/{ => cmd/bosh-dns-adapter}/main_test.go (100%)
 create mode 100644 src/code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator/main.go
 create mode 100644 src/code.cloudfoundry.org/garden-external-networker/cmd/config-validator/main.go
 rename src/code.cloudfoundry.org/garden-external-networker/{ => cmd/garden-external-networker}/main.go (100%)
 create mode 100644 src/code.cloudfoundry.org/service-discovery-controller/cmd/config-validator/main.go
 rename src/code.cloudfoundry.org/service-discovery-controller/{ => cmd/service-discovery-controller}/main.go (100%)
 rename src/code.cloudfoundry.org/service-discovery-controller/{ => cmd/service-discovery-controller}/main_test.go (100%)
 rename src/code.cloudfoundry.org/service-discovery-controller/{ => cmd/service-discovery-controller}/service_discovery_controller_suite_test.go (100%)

diff --git a/jobs/bosh-dns-adapter/spec b/jobs/bosh-dns-adapter/spec
index fba2cdbaa..fff7fccc9 100644
--- a/jobs/bosh-dns-adapter/spec
+++ b/jobs/bosh-dns-adapter/spec
@@ -2,6 +2,7 @@
 name: bosh-dns-adapter
 
 templates:
+  pre-start.erb:                bin/pre-start
   aliases.json.erb:             dns/aliases.json
   bpm.yml.erb:                  config/bpm.yml
   client.crt.erb:               config/certs/client.crt
diff --git a/jobs/bosh-dns-adapter/templates/pre-start.erb b/jobs/bosh-dns-adapter/templates/pre-start.erb
new file mode 100644
index 000000000..ef14e4ca2
--- /dev/null
+++ b/jobs/bosh-dns-adapter/templates/pre-start.erb
@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+<% if spec.bootstrap == true %>
+/var/vcap/packages/bosh-dns-adapter/bin/config-validator -config /var/vcap/jobs/bosh-dns-adapter/config/config.json
+<% end %>
diff --git a/jobs/garden-cni/templates/pre-start.erb b/jobs/garden-cni/templates/pre-start.erb
index 2ce5dcefe..c5382a188 100644
--- a/jobs/garden-cni/templates/pre-start.erb
+++ b/jobs/garden-cni/templates/pre-start.erb
@@ -1,4 +1,8 @@
 #!/bin/bash -eu
 
+<% if spec.bootstrap == true %>
+/var/vcap/packages/runc-cni/bin/config-validator -config /var/vcap/jobs/garden-cni/config/adapter.json
+<% end %>
+
 rm -rf /var/vcap/data/garden-cni/container-netns || true
 rm -rf /var/vcap/data/garden-cni/external-networker-state.json || true
diff --git a/jobs/service-discovery-controller/spec b/jobs/service-discovery-controller/spec
index 46deb2765..5fd1f5695 100644
--- a/jobs/service-discovery-controller/spec
+++ b/jobs/service-discovery-controller/spec
@@ -3,6 +3,7 @@ name: service-discovery-controller
 
 templates:
   bpm.yml.erb:                              config/bpm.yml
+  pre-start.erb:                            bin/pre-start
   post-start.erb:                           bin/post-start
   config.json.erb:                          config/config.json
   server.crt.erb:                           config/certs/server.crt
diff --git a/jobs/service-discovery-controller/templates/pre-start.erb b/jobs/service-discovery-controller/templates/pre-start.erb
new file mode 100644
index 000000000..a2f9c0357
--- /dev/null
+++ b/jobs/service-discovery-controller/templates/pre-start.erb
@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+<% if spec.bootstrap == true %>
+  /var/vcap/packages/service-discovery-controller/bin/config-validator -config /var/vcap/jobs/service-discovery-controller/config/config.json
+<% end %>
diff --git a/packages/bosh-dns-adapter/packaging b/packages/bosh-dns-adapter/packaging
index f90ed6948..e1954b590 100644
--- a/packages/bosh-dns-adapter/packaging
+++ b/packages/bosh-dns-adapter/packaging
@@ -10,5 +10,6 @@ mkdir ${BOSH_INSTALL_TARGET}/bin
 export GOBIN=${BOSH_INSTALL_TARGET}/bin
 
 pushd src/code.cloudfoundry.org
-go install code.cloudfoundry.org/bosh-dns-adapter/...
+  go build -o "${BOSH_INSTALL_TARGET}/bin/bosh-dns-adapter" code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter
+  go build -o "${BOSH_INSTALL_TARGET}/bin/config-validator" code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator
 popd
diff --git a/packages/bosh-dns-adapter/spec b/packages/bosh-dns-adapter/spec
index 637de8494..b79a88a2d 100644
--- a/packages/bosh-dns-adapter/spec
+++ b/packages/bosh-dns-adapter/spec
@@ -8,8 +8,10 @@ files:
   - code.cloudfoundry.org/go.mod
   - code.cloudfoundry.org/go.sum
   - code.cloudfoundry.org/vendor/modules.txt
+  - code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/*.go
   - code.cloudfoundry.org/vendor/code.cloudfoundry.org/bbs/db/sqldb/helpers/monitor/*.go # gosub
-  - code.cloudfoundry.org/bosh-dns-adapter/*.go # gosub
+  - code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/*.go # gosub
+  - code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator/*.go # gosub
   - code.cloudfoundry.org/bosh-dns-adapter/config/*.go # gosub
   - code.cloudfoundry.org/bosh-dns-adapter/handlers/*.go # gosub
   - code.cloudfoundry.org/bosh-dns-adapter/sdcclient/*.go # gosub
diff --git a/packages/runc-cni/packaging b/packages/runc-cni/packaging
index 51d7f5374..5ff43d624 100644
--- a/packages/runc-cni/packaging
+++ b/packages/runc-cni/packaging
@@ -11,7 +11,8 @@ source /var/vcap/packages/golang-*-linux/bosh/compile.env
 mkdir ${BOSH_INSTALL_TARGET}/bin
 
 pushd src/code.cloudfoundry.org
-go build -o "${BOSH_INSTALL_TARGET}/bin/garden-external-networker" code.cloudfoundry.org/garden-external-networker
+    go build -o "${BOSH_INSTALL_TARGET}/bin/garden-external-networker" code.cloudfoundry.org/garden-external-networker/cmd/garden-external-networker
+    go build -o "${BOSH_INSTALL_TARGET}/bin/config-validator" code.cloudfoundry.org/garden-external-networker/cmd/config-validator
 popd
 
 chmod u+s /var/vcap/packages/runc-cni/bin/garden-external-networker
diff --git a/packages/runc-cni/spec b/packages/runc-cni/spec
index 131c57696..d7829433f 100644
--- a/packages/runc-cni/spec
+++ b/packages/runc-cni/spec
@@ -10,9 +10,10 @@ files:
   - code.cloudfoundry.org/vendor/modules.txt
   - code.cloudfoundry.org/vendor/code.cloudfoundry.org/filelock/*.go # gosub
   - code.cloudfoundry.org/vendor/code.cloudfoundry.org/garden/*.go # gosub
-  - code.cloudfoundry.org/garden-external-networker/*.go # gosub
   - code.cloudfoundry.org/garden-external-networker/adapter/*.go # gosub
   - code.cloudfoundry.org/garden-external-networker/bindmount/*.go # gosub
+  - code.cloudfoundry.org/garden-external-networker/cmd/config-validator/*.go # gosub
+  - code.cloudfoundry.org/garden-external-networker/cmd/garden-external-networker/*.go # gosub
   - code.cloudfoundry.org/garden-external-networker/cni/*.go # gosub
   - code.cloudfoundry.org/garden-external-networker/config/*.go # gosub
   - code.cloudfoundry.org/garden-external-networker/ipc/*.go # gosub
diff --git a/packages/service-discovery-controller/packaging b/packages/service-discovery-controller/packaging
index 31d507a86..9c89dfc70 100644
--- a/packages/service-discovery-controller/packaging
+++ b/packages/service-discovery-controller/packaging
@@ -10,5 +10,6 @@ mkdir ${BOSH_INSTALL_TARGET}/bin
 export GOBIN=${BOSH_INSTALL_TARGET}/bin
 
 pushd src/code.cloudfoundry.org
-go install code.cloudfoundry.org/service-discovery-controller/...
+  go build -o "${BOSH_INSTALL_TARGET}/bin/service-discovery-controller" code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller
+  go build -o "${BOSH_INSTALL_TARGET}/bin/config-validator" code.cloudfoundry.org/service-discovery-controller/cmd/config-validator
 popd
diff --git a/packages/service-discovery-controller/spec b/packages/service-discovery-controller/spec
index ffc87546d..87e3daedd 100644
--- a/packages/service-discovery-controller/spec
+++ b/packages/service-discovery-controller/spec
@@ -25,8 +25,9 @@ files:
   - code.cloudfoundry.org/policy-server/store/*.go # gosub
   - code.cloudfoundry.org/policy-server/store/helpers/*.go # gosub
   - code.cloudfoundry.org/policy-server/store/migrations/*.go # gosub
-  - code.cloudfoundry.org/service-discovery-controller/*.go # gosub
   - code.cloudfoundry.org/service-discovery-controller/addresstable/*.go # gosub
+  - code.cloudfoundry.org/service-discovery-controller/cmd/config-validator/*.go # gosub
+  - code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/*.go # gosub
   - code.cloudfoundry.org/service-discovery-controller/config/*.go # gosub
   - code.cloudfoundry.org/service-discovery-controller/localip/*.go # gosub
   - code.cloudfoundry.org/service-discovery-controller/mbus/*.go # gosub
diff --git a/src/code.cloudfoundry.org/bosh-dns-adapter/bosh_dns_adapter_suite_test.go b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/bosh_dns_adapter_suite_test.go
similarity index 93%
rename from src/code.cloudfoundry.org/bosh-dns-adapter/bosh_dns_adapter_suite_test.go
rename to src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/bosh_dns_adapter_suite_test.go
index 6b5bc9e7e..9ee12217e 100644
--- a/src/code.cloudfoundry.org/bosh-dns-adapter/bosh_dns_adapter_suite_test.go
+++ b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/bosh_dns_adapter_suite_test.go
@@ -17,7 +17,7 @@ func TestBoshDnsAdapter(t *testing.T) {
 var pathToServer string
 
 var _ = SynchronizedBeforeSuite(func() []byte {
-	path, err := gexec.Build("code.cloudfoundry.org/bosh-dns-adapter", "-buildvcs=false")
+	path, err := gexec.Build("code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter", "-buildvcs=false")
 	Expect(err).NotTo(HaveOccurred())
 	SetDefaultEventuallyTimeout(2 * time.Second)
 	return []byte(path)
diff --git a/src/code.cloudfoundry.org/bosh-dns-adapter/main.go b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/main.go
similarity index 100%
rename from src/code.cloudfoundry.org/bosh-dns-adapter/main.go
rename to src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/main.go
diff --git a/src/code.cloudfoundry.org/bosh-dns-adapter/main_test.go b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/main_test.go
similarity index 100%
rename from src/code.cloudfoundry.org/bosh-dns-adapter/main_test.go
rename to src/code.cloudfoundry.org/bosh-dns-adapter/cmd/bosh-dns-adapter/main_test.go
diff --git a/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator/main.go b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator/main.go
new file mode 100644
index 000000000..4a3dcc704
--- /dev/null
+++ b/src/code.cloudfoundry.org/bosh-dns-adapter/cmd/config-validator/main.go
@@ -0,0 +1,41 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+
+	"code.cloudfoundry.org/bosh-dns-adapter/config"
+	"code.cloudfoundry.org/bosh-dns-adapter/sdcclient"
+)
+
+var (
+	configFile string
+)
+
+func main() {
+	flag.StringVar(&configFile, "config", "", "Configuration File")
+	flag.Parse()
+
+	bytes, err := os.ReadFile(configFile)
+	if err != nil {
+		log.Fatal("Could not read config file: ", err)
+	}
+
+	config, err := config.NewConfig(bytes)
+	if err != nil {
+		log.Fatal("failed-to-load-config: ", err)
+	}
+
+	sdcServerUrl := fmt.Sprintf("https://%s:%s",
+		config.ServiceDiscoveryControllerAddress,
+		config.ServiceDiscoveryControllerPort,
+	)
+
+	_, err = sdcclient.NewServiceDiscoveryClient(sdcServerUrl, config.CACert, config.ClientCert, config.ClientKey)
+	if err != nil {
+		log.Fatal("failed-to-create-service-discovery-client: ", err)
+	}
+	log.Print("config-loaded-successfully")
+}
diff --git a/src/code.cloudfoundry.org/garden-external-networker/cmd/config-validator/main.go b/src/code.cloudfoundry.org/garden-external-networker/cmd/config-validator/main.go
new file mode 100644
index 000000000..d2450206a
--- /dev/null
+++ b/src/code.cloudfoundry.org/garden-external-networker/cmd/config-validator/main.go
@@ -0,0 +1,23 @@
+package main
+
+import (
+	"flag"
+	"log"
+
+	"code.cloudfoundry.org/garden-external-networker/config"
+)
+
+var (
+	configFile string
+)
+
+func main() {
+	flag.StringVar(&configFile, "config", "", "Configuration File")
+	flag.Parse()
+
+	_, err := config.New(configFile)
+	if err != nil {
+		log.Fatal("failed-to-load-config: ", err)
+	}
+	log.Print("config-loaded-successfully")
+}
diff --git a/src/code.cloudfoundry.org/garden-external-networker/main.go b/src/code.cloudfoundry.org/garden-external-networker/cmd/garden-external-networker/main.go
similarity index 100%
rename from src/code.cloudfoundry.org/garden-external-networker/main.go
rename to src/code.cloudfoundry.org/garden-external-networker/cmd/garden-external-networker/main.go
diff --git a/src/code.cloudfoundry.org/garden-external-networker/integration/integration_suite_test.go b/src/code.cloudfoundry.org/garden-external-networker/integration/integration_suite_test.go
index ce6c7273b..a36e8b410 100644
--- a/src/code.cloudfoundry.org/garden-external-networker/integration/integration_suite_test.go
+++ b/src/code.cloudfoundry.org/garden-external-networker/integration/integration_suite_test.go
@@ -27,7 +27,7 @@ type testPaths struct {
 
 var _ = SynchronizedBeforeSuite(func() []byte {
 	var err error
-	paths.PathToAdapter, err = gexec.Build("code.cloudfoundry.org/garden-external-networker", "-race", "-buildvcs=false")
+	paths.PathToAdapter, err = gexec.Build("code.cloudfoundry.org/garden-external-networker/cmd/garden-external-networker", "-race", "-buildvcs=false")
 	Expect(err).NotTo(HaveOccurred())
 
 	paths.PathToFakeCNIPlugin, err = gexec.Build("code.cloudfoundry.org/garden-external-networker/integration/fake-cni-plugin", "-race", "-buildvcs=false")
diff --git a/src/code.cloudfoundry.org/service-discovery-controller/cmd/config-validator/main.go b/src/code.cloudfoundry.org/service-discovery-controller/cmd/config-validator/main.go
new file mode 100644
index 000000000..0621439d5
--- /dev/null
+++ b/src/code.cloudfoundry.org/service-discovery-controller/cmd/config-validator/main.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"os"
+
+	"code.cloudfoundry.org/service-discovery-controller/config"
+)
+
+var (
+	configFile string
+)
+
+func main() {
+	flag.StringVar(&configFile, "config", "", "Configuration File")
+	flag.Parse()
+
+	bytes, err := os.ReadFile(configFile)
+	if err != nil {
+		log.Fatal("Could not read config file: ", err)
+	}
+
+	_, err = config.NewConfig(bytes)
+	if err != nil {
+		log.Fatal("failed-to-load-config: ", err)
+	}
+	log.Print("config-loaded-successfully")
+}
diff --git a/src/code.cloudfoundry.org/service-discovery-controller/main.go b/src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/main.go
similarity index 100%
rename from src/code.cloudfoundry.org/service-discovery-controller/main.go
rename to src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/main.go
diff --git a/src/code.cloudfoundry.org/service-discovery-controller/main_test.go b/src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/main_test.go
similarity index 100%
rename from src/code.cloudfoundry.org/service-discovery-controller/main_test.go
rename to src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/main_test.go
diff --git a/src/code.cloudfoundry.org/service-discovery-controller/service_discovery_controller_suite_test.go b/src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/service_discovery_controller_suite_test.go
similarity index 100%
rename from src/code.cloudfoundry.org/service-discovery-controller/service_discovery_controller_suite_test.go
rename to src/code.cloudfoundry.org/service-discovery-controller/cmd/service-discovery-controller/service_discovery_controller_suite_test.go