From 64e5e4ed3fa68b677fe81e12fb6e33a5cd4f62d2 Mon Sep 17 00:00:00 2001
From: Joseph Callen <jcallen@redhat.com>
Date: Fri, 14 Nov 2025 14:37:07 -0500
Subject: [PATCH] OCPBUGS-17667: Validate vCenter datacenters in failure domain
 topology
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add validation to ensure failureDomain.Topology.Datacenter is listed
in the associated vCenter.Datacenters array. Previously, users could
specify a datacenter that wasn't in the vCenter's datacenters list,
which would only fail at runtime during installation.

This change provides early validation with a clear error message
indicating which vCenter's datacenters list is missing the entry.

Assisted by Claude.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 pkg/types/vsphere/validation/platform.go      |  2 ++
 pkg/types/vsphere/validation/platform_test.go | 13 +++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/pkg/types/vsphere/validation/platform.go b/pkg/types/vsphere/validation/platform.go
index 154c6b9352d..511f05c913f 100644
--- a/pkg/types/vsphere/validation/platform.go
+++ b/pkg/types/vsphere/validation/platform.go
@@ -228,6 +228,8 @@ func validateFailureDomains(p *vsphere.Platform, platformFldPath *field.Path, fl
 
 		if len(failureDomain.Topology.Datacenter) == 0 {
 			allErrs = append(allErrs, field.Required(topologyFld.Child("datacenter"), "must specify a datacenter"))
+		} else if associatedVCenter != nil && len(associatedVCenter.Datacenters) > 0 && !slices.Contains(associatedVCenter.Datacenters, failureDomain.Topology.Datacenter) {
+			allErrs = append(allErrs, field.Invalid(topologyFld.Child("datacenter"), failureDomain.Topology.Datacenter, fmt.Sprintf("datacenter must be defined in vCenter %s datacenters list", failureDomain.Server)))
 		}
 		if len(failureDomain.Topology.Datastore) == 0 {
 			allErrs = append(allErrs, field.Required(topologyFld.Child("datastore"), "must specify a datastore"))
diff --git a/pkg/types/vsphere/validation/platform_test.go b/pkg/types/vsphere/validation/platform_test.go
index 2e3cfbe1e1d..72f6d4267e8 100644
--- a/pkg/types/vsphere/validation/platform_test.go
+++ b/pkg/types/vsphere/validation/platform_test.go
@@ -460,6 +460,19 @@ func TestValidatePlatform(t *testing.T) {
 			}(),
 			expectedError: `^test-path\.failureDomains\.server: Invalid value: "bad-vcenter": server does not exist in vcenters`,
 		},
+		{
+			name: "Multi-zone platform datacenter not in vCenter datacenters list",
+			platform: func() *vsphere.Platform {
+				p := validPlatform()
+				p.FailureDomains[0].Topology.Datacenter = "non-existent-datacenter"
+				p.FailureDomains[0].Topology.Datastore = "/non-existent-datacenter/datastore/test-datastore"
+				p.FailureDomains[0].Topology.ComputeCluster = "/non-existent-datacenter/host/test-cluster"
+				p.FailureDomains[0].Topology.ResourcePool = "/non-existent-datacenter/host/test-cluster/Resources/test-resourcepool"
+				p.FailureDomains[0].Topology.Folder = "/non-existent-datacenter/vm/test-folder"
+				return p
+			}(),
+			expectedError: `^test-path\.failureDomains\.topology\.datacenter: Invalid value: "non-existent-datacenter": datacenter must be defined in vCenter test-vcenter datacenters list$`,
+		},
 		{
 			name: "Multi-zone platform failure domain topology cluster relative path",
 			platform: func() *vsphere.Platform {