From ad7230e2aef80832ca1a3ddbf7325a8d2325279b Mon Sep 17 00:00:00 2001
From: Anna Khmelnitsky <akhmelnitsky@vmware.com>
Date: Mon, 8 Jan 2024 22:22:11 +0000
Subject: [PATCH] Fix connection initialization flow for joined node

When a connector is initialized for the sake of joining the manager
cluster, the endpoint is different from main provider endpoint, thus
global connection init flows such as NSX Version retrieval and licenses
should not be triggered by such connection.

Signed-off-by: Anna Khmelnitsky <akhmelnitsky@vmware.com>
---
 nsxt/provider.go                      | 15 ++++++++++-----
 nsxt/resource_nsxt_manager_cluster.go | 10 +++-------
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/nsxt/provider.go b/nsxt/provider.go
index 57057e068..7ae4353fd 100644
--- a/nsxt/provider.go
+++ b/nsxt/provider.go
@@ -716,13 +716,13 @@ func configurePolicyConnectorData(d *schema.ResourceData, clients *nsxtClients)
 	}
 
 	if !isVMC {
-		err = configureLicenses(getPolicyConnectorForInit(*clients, true), clients.CommonConfig.LicenseKeys)
+		err = configureLicenses(getStandalonePolicyConnector(*clients, true), clients.CommonConfig.LicenseKeys)
 		if err != nil {
 			return err
 		}
 	}
 
-	err = initNSXVersion(getPolicyConnectorForInit(*clients, true))
+	err = initNSXVersion(getStandalonePolicyConnector(*clients, true))
 	if err != nil && isVMC {
 		// In case version API does not work for VMC, we workaround by testing version-specific APIs
 		// TODO - remove this when /node/version API works for all auth methods on VMC
@@ -974,15 +974,19 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	return clients, nil
 }
 
+// Standard policy connection that initializes global connection settings on demand
 func getPolicyConnector(clients interface{}) client.Connector {
 	return getPolicyConnectorWithHeaders(clients, nil, false, true)
 }
 
-func getPolicyConnectorForInit(clients interface{}, withRetry bool) client.Connector {
+// Standalone policy connector, possibly for different endpoint,
+// for the purpose of special tasks (such as joining manager cluster node)
+// Does not initialize global connection settings
+func getStandalonePolicyConnector(clients interface{}, withRetry bool) client.Connector {
 	return getPolicyConnectorWithHeaders(clients, nil, true, withRetry)
 }
 
-func getPolicyConnectorWithHeaders(clients interface{}, customHeaders *map[string]string, initFlow bool, withRetry bool) client.Connector {
+func getPolicyConnectorWithHeaders(clients interface{}, customHeaders *map[string]string, standaloneFlow bool, withRetry bool) client.Connector {
 	c := clients.(nsxtClients)
 
 	retryFunc := func(retryContext retry.RetryContext) bool {
@@ -1064,7 +1068,8 @@ func getPolicyConnectorWithHeaders(clients interface{}, customHeaders *map[strin
 	connector := client.NewConnector(c.Host, connectorOptions...)
 	// Init NSX version on demand if not done yet
 	// This is also our indication to apply licenses, in case of delayed connection
-	if nsxVersion == "" && !initFlow {
+	// This step is skipped if the connector is for special purpose, or for different endpoint
+	if nsxVersion == "" && !standaloneFlow {
 		initNSXVersion(connector)
 		err := configureLicenses(connector, c.CommonConfig.LicenseKeys)
 		if err != nil {
diff --git a/nsxt/resource_nsxt_manager_cluster.go b/nsxt/resource_nsxt_manager_cluster.go
index 623d919ec..88d353d83 100644
--- a/nsxt/resource_nsxt_manager_cluster.go
+++ b/nsxt/resource_nsxt_manager_cluster.go
@@ -168,7 +168,7 @@ func waitForNodeStatus(d *schema.ResourceData, m interface{}, nodes []NsxCluster
 		log.Printf("[DEBUG]: API probing for NSX is disabled")
 		return nil
 	}
-	connector := getPolicyConnectorForInit(m, false)
+	connector := getStandalonePolicyConnector(m, false)
 	stateConf := getNodeConnectivityStateConf(connector, delay, interval, timeout)
 	_, err := stateConf.WaitForState()
 	if err != nil {
@@ -182,7 +182,7 @@ func waitForNodeStatus(d *schema.ResourceData, m interface{}, nodes []NsxCluster
 			return err
 		}
 		newNsxClients := c.(nsxtClients)
-		nodeConnector := getPolicyConnectorForInit(newNsxClients, false)
+		nodeConnector := getStandalonePolicyConnector(newNsxClients, false)
 		nodeConf := getNodeConnectivityStateConf(nodeConnector, 0, interval, timeout)
 		_, err = nodeConf.WaitForState()
 		if err != nil {
@@ -330,10 +330,6 @@ func configureNewClient(newClient *nsxtClients, oldClient *nsxtClients, host str
 	}
 	newClient.PolicySecurityContext = securityCtx
 	newClient.PolicyHTTPClient = oldClient.PolicyHTTPClient
-	err = initNSXVersion(getPolicyConnector(*newClient))
-	if err != nil {
-		return fmt.Errorf("Failed to configure new client with host %s: %s", host, err)
-	}
 	return nil
 }
 
@@ -344,7 +340,7 @@ func joinNodeToCluster(clusterID string, certSha256Thumbprint string, guestNode
 	}
 	log.Printf("[INFO] Cluster %s. Joining node %s", clusterID, guestNode.IPAddress)
 	newNsxClients := c.(nsxtClients)
-	connector := getPolicyConnector(newNsxClients)
+	connector := getStandalonePolicyConnector(newNsxClients, true)
 	client := nsx.NewClusterClient(connector)
 	username, password := getHostCredential(m)
 	hostIP := getMatchingIPVersion(guestNode.IPAddress, hostIPs)