fix: Verify if Interfaces exists for deletion of NVLink and IB Partition

[hwadekar-nv]

Description

Before making deletion call to Partition,

• Verify if active Instances via Interfaces exists for NVLink Partition
• Verify if active Instances via Interfaces exists for IB Partition

if exists raise an error, prevent deleting Partition

Type of Change

• Feature - New feature or functionality (feat:)
• Fix - Bug fixes (fix:)
• Chore - Modification or removal of existing functionality (chore:)
• Refactor - Refactoring of existing functionality (refactor:)
• Docs - Changes in documentation or OpenAPI schema (docs:)
• CI - Changes in GitHub workflows. Requires additional scrutiny (ci:)
• Version - Issuing a new release version (version:)

Services Affected

• API - API models or endpoints updated
• Workflow - Workflow service updated
• DB - DB DAOs or migrations updated
• Site Manager - Site Manager updated
• Cert Manager - Cert Manager updated
• Site Agent - Site Agent updated
• RLA - RLA service updated
• Powershelf Manager - Powershelf Manager updated
• NVSwitch Manager - NVSwitch Manager updated

Related Issues (Optional)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Delete handlers for InfiniBandPartition and NVLinkLogicalPartition now perform pre-deletion checks: they load interface rows referencing the partition, aggregate referenced InstanceIDs, count Instances in active/pending/power states, and return HTTP 400 with a message when any active Instances block deletion. Tests are extended to cover these failure responses.

Changes

Referential Integrity Checks

Layer / File(s)	Summary
InfiniBand Handler Guard api/pkg/api/handler/infinibandpartition.go	Adds goset import and a pre-delete guard that queries InfiniBandInterface by partition ID, deduplicates InstanceIDs, counts Instances in active/pending/power states, and returns HTTP 400 with a message when active Instances exist.
InfiniBand Tests api/pkg/api/handler/infinibandpartition_test.go	Fixtures add a blocked partition and associated InfiniBandInterface; test table gains expectedErrorMessage and a failing case asserting delete returns 400 and the JSON message equals the expected string; test runner conditionally validates payload.message.
NVLink Handler Guard api/pkg/api/handler/nvlinklogicalpartition.go	Adds a pre-delete guard that queries NVLinkInterface by logical partition ID, deduplicates InstanceIDs, counts Instances in active/pending/power states, and returns HTTP 400 with a message when active Instances exist before starting the deletion transaction/workflow.
NVLink Tests api/pkg/api/handler/nvlinklogicalpartition_test.go	Fixtures add an NVLinkLogicalPartition with an NVLinkInterface; test table gains expectedErrorMessage and a failing case asserting delete returns 400 and the JSON message equals the expected string; test runner conditionally validates payload.message.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: adding pre-deletion verification for active instances via interfaces before allowing deletion of NVLink and InfiniBand partitions.
Description check	✅ Passed	The description clearly relates to the changeset, explaining the intent to verify active instances via interfaces before partition deletion for both NVLink and InfiniBand, matching the implemented changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/verify-interface-partition-deletion

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔐 TruffleHog Secret Scan

✅ No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

_{🕐 Last updated: 2026-05-07 20:02:19 UTC | Commit: a49d437}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/pkg/api/handler/infinibandpartition_test.go`:
- Around line 1593-1606: The new 400 case for "error when partition has
InfiniBand Interfaces" must assert the error response contains the validation
field "infiniBandInterfaceIds"; update the test branch that handles
expectedStatus 400 (the table-driven case using ibpBlocked.ID and expectedStatus
http.StatusBadRequest) to decode the response body and assert that the
validation payload includes a non-empty "infiniBandInterfaceIds" entry (or key)
so the contract is validated; locate the test case in
infinibandpartition_test.go and add the assertion where other error body checks
are performed.

In `@api/pkg/api/handler/nvlinklogicalpartition_test.go`:
- Around line 1838-1851: The test case for "error when partition has NVLink
Interfaces" currently only asserts HTTP 400; update the test that exercises the
handler (in nvlinklogicalpartition_test.go around the case using nvllp4, tnOrg4,
tnu4) to also decode the response body and assert there is a validation entry
named "nvLinkInterfaceIds" that is present and non-empty; modify the
table-driven test's expectations (beside expectedErr/expectedStatus) to check
the response validation payload and fail if nvLinkInterfaceIds is missing or
empty.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cb89ed18-b600-4ab8-b50f-a6de3622cca1

📥 Commits

Reviewing files that changed from the base of the PR and between 31aa375 and a49d437.

📒 Files selected for processing (5)

• api/pkg/api/handler/Untitled-1.js
• api/pkg/api/handler/infinibandpartition.go
• api/pkg/api/handler/infinibandpartition_test.go
• api/pkg/api/handler/nvlinklogicalpartition.go
• api/pkg/api/handler/nvlinklogicalpartition_test.go

[github-actions]

Test Results

9 291 tests  +2   9 291 ✅ +2   7m 20s ⏱️ -1s
  154 suites ±0       0 💤 ±0 
   14 files   ±0       0 ❌ ±0 

Results for commit 169de72. ± Comparison against base commit 5cfe1d9.

♻️ This comment has been updated with latest results.

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
nico-nsm	64	2	20	33	9	0
nico-psm	56	4	29	13	2	8
nico-rest-api	57	4	30	13	2	8
nico-rest-cert-manager	54	4	28	13	1	8
nico-rest-db	55	4	28	13	2	8
nico-rest-site-agent	54	4	28	13	1	8
nico-rest-site-manager	54	4	28	13	1	8
nico-rest-workflow	56	4	29	13	2	8
nico-rla	55	4	28	13	2	8
TOTAL	505	34	248	137	22	64

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/pkg/api/handler/infinibandpartition.go`:
- Around line 1030-1059: The current deletion guard only blocks deletion when
attached Instances are in specific "active" statuses (code around
InfiniBandInterfaceDAO.GetAll -> ibInterfaces, instanceIDSet,
InstanceDAO.GetCount -> activeCount), which lets a partition be deleted if
interfaces exist but their Instances are terminated; change the logic to reject
deletion as soon as any InfiniBandInterface rows exist for the
InfiniBandPartition (i.e., if len(ibInterfaces) > 0 return a 400 with a clear
message) instead of relying on Instance status counts, and add a regression test
that creates an InfiniBandInterface for an Instance in a terminated/inactive
status and asserts that DELETE of the partition is rejected.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2f444181-03bc-4f1e-928f-3d6b8b70dc74

📥 Commits

Reviewing files that changed from the base of the PR and between 65e7223 and dc343b9.

📒 Files selected for processing (5)

• api/pkg/api/handler/Untitled-1.js
• api/pkg/api/handler/infinibandpartition.go
• api/pkg/api/handler/infinibandpartition_test.go
• api/pkg/api/handler/nvlinklogicalpartition.go
• api/pkg/api/handler/nvlinklogicalpartition_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

• api/pkg/api/handler/nvlinklogicalpartition.go
• api/pkg/api/handler/nvlinklogicalpartition_test.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/pkg/api/handler/nvlinklogicalpartition.go`:
- Around line 1280-1290: The GetCount call uses only InstanceIDs and can be
blocked by inactive instances; modify the instanceDAO.GetCount invocation to
include the same active/pending/power-state filters used by the IB partition
deletion guard by adding the corresponding Statuses and PowerStates fields to
the cdbm.InstanceFilterInput (alongside InstanceIDs from
instanceIDSet.ToSlice()) so only active/pending/power-state matches are counted
when deciding whether to block delete; update any variable names as needed to
mirror the IB partition guard's filter values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fdd5bcd2-d7c5-428d-b3d7-e2e331bd0224

📥 Commits

Reviewing files that changed from the base of the PR and between dc343b9 and d804c42.

📒 Files selected for processing (2)

• api/pkg/api/handler/infinibandpartition.go
• api/pkg/api/handler/nvlinklogicalpartition.go

🚧 Files skipped from review as they are similar to previous changes (1)

• api/pkg/api/handler/infinibandpartition.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Filter by active instance states before returning the delete blocker.

The count query currently filters only by InstanceIDs, so any existing instance record can block deletion. That does not match the “active via interfaces” rule and can return false 400 responses for inactive/terminated instances.

Please add the same active/pending/power-state status filter used by the IB partition deletion guard to this GetCount call.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@api/pkg/api/handler/nvlinklogicalpartition.go` around lines 1280 - 1290, The
GetCount call uses only InstanceIDs and can be blocked by inactive instances;
modify the instanceDAO.GetCount invocation to include the same
active/pending/power-state filters used by the IB partition deletion guard by
adding the corresponding Statuses and PowerStates fields to the
cdbm.InstanceFilterInput (alongside InstanceIDs from instanceIDSet.ToSlice()) so
only active/pending/power-state matches are counted when deciding whether to
block delete; update any variable names as needed to mirror the IB partition
guard's filter values.

[hwadekar-nv]

I have removed status check as active/pending/power-state filters used by the IB partition, so we can skip this. as if Instances are exists in DB, we will block Pertitions to delete it

[coderabbitai]

@hwadekar-nv, understood — the intent is clear: any Instance record present in the DB, regardless of lifecycle state, constitutes a blocking condition for partition deletion.

One residual risk worth acknowledging: if your system ever retains Instance rows in a terminal state (e.g., Deleted, Terminated, or similar) without purging them, those records will permanently prevent partition deletion even when no operationally active Instance exists. This would require a manual DB cleanup or a compensating API call to unblock. If Instance records are always hard-deleted from the DB upon termination, this concern does not apply.

If that invariant holds, the current implementation is correct and consistent with your intent.

(*>_<)
(contemplating the instance lifecycle invariant...)

---

✏️ Learnings added

Learnt from: hwadekar-nv
Repo: NVIDIA/infra-controller-rest PR: 503
File: api/pkg/api/handler/nvlinklogicalpartition.go:1280-1290
Timestamp: 2026-05-07T22:47:14.528Z
Learning: In `api/pkg/api/handler/nvlinklogicalpartition.go`, the `DeleteNVLinkLogicalPartitionHandler` intentionally does NOT apply any status/power-state filters when checking for blocking Instances via NVLink Interfaces before deletion. Any Instance record present in the DB (regardless of lifecycle state) is treated as a block on partition deletion. This differs from the IB partition deletion guard which uses active/pending/power-state filters. The design relies on the assumption that Instance DB records are hard-deleted (not soft-deleted) when an instance terminates, so stale terminal-state records will not exist to create false blocks.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: thossain-nv
Repo: NVIDIA/ncx-infra-controller-rest PR: 257
File: api/pkg/api/handler/vpcpeering.go:203-262
Timestamp: 2026-03-18T01:37:21.156Z
Learning: In Go handler code under api/pkg/api/handler, RBAC should not short-circuit on the first matching role (e.g., if isProviderAdmin { ... } else { ... }). For dual-role service accounts (e.g., Latinum), an org may have both ProviderAdmin and TenantAdmin. Evaluate both authorization paths independently, accumulate errors per path, and only reject if all applicable paths fail. Implement a helper that checks each role path and collects errors, then decide based on whether any path grants access. Add tests covering mixed-role scenarios and ensure CI gates enforce this behavior across all relevant handlers in this directory.

---

Learnt from: bcavnvidia
Repo: NVIDIA/ncx-infra-controller-rest PR: 350
File: api/pkg/api/handler/vpc.go:303-313
Timestamp: 2026-04-06T21:09:55.214Z
Learning: In this codebase, the database interface is intentionally designed to persist the exact value it is given (including values derived from protobuf types, e.g., enum `.String()`). Repo-owned DB constants (e.g., `cdbm.VpcRoutingProfileTypeExternal`) are published for external callers/consumers, not as an indirection layer that the handler should use. Therefore, when reviewing this repository’s handlers, do not flag as a coupling issue the pattern of persisting a protobuf-derived string value directly via calls like `cdb.GetStrPtr(routingProfileTypeValue.String())`, as this is expected behavior rather than an accidental dependency on those string representations.

---

Learnt from: bcavnvidia
Repo: NVIDIA/ncx-infra-controller-rest PR: 350
File: api/pkg/api/handler/vpc.go:303-313
Timestamp: 2026-04-06T21:22:33.123Z
Learning: Do not flag as an unacceptable coupling the persistence of protobuf enum values using the enum’s `.String()` output (e.g., storing `cdb.GetStrPtr(myProtoEnum.String())`) in inventory/round-trip paths. This codebase stores these `.String()` values because the gRPC back-end inventory process returns the same protobuf-derived string format, so DB round-trips must preserve the exact representation. If and when these inventory values change to plain strings with no backing proto enum, reassess the storage approach, but until then treat proto-enum `.String()` persistence as intentional and compatible.

---

Learnt from: bcavnvidia
Repo: NVIDIA/ncx-infra-controller-rest PR: 367
File: api/pkg/api/handler/machineinstancetype.go:593-606
Timestamp: 2026-04-10T16:39:25.404Z
Learning: In this codebase, Machine IDs are NOT UUIDs, while the deprecated Machine/InstanceType association IDs ARE UUIDs. When reviewing code that parses/validates incoming machine-related identifiers, treat `uuid.Parse` as a reliable discriminator between the deprecated UUID-based association IDs and the non-UUID Machine IDs. Do not raise/flag potential ambiguity between these two ID namespaces when a `uuid.Parse` check is used to separate them.

---

Learnt from: parmani-nv
Repo: NVIDIA/ncx-infra-controller-rest PR: 372
File: api/pkg/api/handler/fabric.go:137-143
Timestamp: 2026-04-15T23:49:00.903Z
Learning: In this repository, `cdb.ErrDoesNotExist` (from `db/pkg/db`) is a DB-layer sentinel error that is never wrapped. Therefore, in Go code that calls DAO/DB methods (e.g., `TenantSiteDAO.GetByTenantIDAndSiteID`), direct equality checks like `err == cdb.ErrDoesNotExist` / `err != cdb.ErrDoesNotExist` are intentional and safe. Do not flag these comparisons as robustness issues and do not suggest replacing them with `errors.Is()` for this specific sentinel.

---

Learnt from: thossain-nv
Repo: NVIDIA/infra-controller-rest PR: 462
File: api/pkg/api/handler/expectedswitch.go:158-214
Timestamp: 2026-05-01T21:21:59.704Z
Learning: For Expected* handler code under api/pkg/api/handler/, do NOT flag the pattern of executing Temporal workflows via common.ExecuteSyncWorkflow inside cdb.WithTx / cdb.WithTxResult transaction closures as a critical architectural issue. This codebase intentionally accepts the risk of DB commit failure after a successful Temporal call potentially diverging Site/Cloud state, based on: (1) DB transaction errors are rare, (2) certain Expected* inventory reconciliation can self-heal a Cloud rollback after a Site-side create, and (3) for deletes, IsMissingOnSite enables safe retry.

---

Learnt from: chet
Repo: NVIDIA/infra-controller-rest PR: 494
File: api/pkg/api/handler/nvlinklogicalpartition.go:210-215
Timestamp: 2026-05-07T06:30:32.433Z
Learning: In handler files under `api/pkg/api/handler/` that are still in the team’s mid-migration state toward the `WithTx` pattern (i.e., they follow the known interim flow where `timeoutResp != nil` is checked before evaluating the transaction `err` from `cdb.WithTx` / `cdb.WithTxResult`), do not raise or flag the `timeoutResp`-ordering issue. The intended follow-up in a later pass is to surface transaction errors before handling timeout/`TerminateWorkflowOnTimeOut` for consistency; until then, treat this ordering as intentional for these in-progress handlers.

[coderabbitai]

♻️ Duplicate comments (1)

api/pkg/api/handler/nvlinklogicalpartition.go (1)

1280-1290: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

“active” wording is misleading for the current count filter.

At Line 1280, the query filters only by InstanceIDs, so activeCount and the Line 1289 error message can report non-active rows as “active”. If the intended behavior is “any existing instance blocks delete,” please rename the variable/log/message accordingly.

Proposed wording/variable alignment

-		activeCount, err := instanceDAO.GetCount(ctx, nil, cdbm.InstanceFilterInput{
+		blockingCount, err := instanceDAO.GetCount(ctx, nil, cdbm.InstanceFilterInput{
 			InstanceIDs: instanceIDSet.ToSlice(),
 		})
@@
-		if activeCount > 0 {
-			logger.Warn().Int("active_instance_count", activeCount).Msg("NVLink Logical Partition has active Instances associated via interfaces")
-			msg := fmt.Sprintf("%d active Instances are associated with this NVLink Logical Partition, unable to delete", activeCount)
+		if blockingCount > 0 {
+			logger.Warn().Int("blocking_instance_count", blockingCount).Msg("NVLink Logical Partition has Instances associated via interfaces")
+			msg := fmt.Sprintf("%d Instances are associated with this NVLink Logical Partition, unable to delete", blockingCount)
 			return cutil.NewAPIErrorResponse(c, http.StatusBadRequest, msg, nil)
 		}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@api/pkg/api/handler/nvlinklogicalpartition.go` around lines 1280 - 1290, The
variable and messages use “active” but the GetCount call only filters by
InstanceIDs (no active-state filter), so rename activeCount and related
log/messages to reflect any existing instances (e.g., instanceCount or
existingInstanceCount) and update the logger.Warn and returned error message to
say "Instances are associated with this NVLink Logical Partition, unable to
delete" (or similar); locate the code around instanceDAO.GetCount, the
activeCount variable, the logger.Warn().Int("active_instance_count", ...), and
the fmt.Sprintf(...) return to apply the renames and message edits (or
alternatively, if the original intent was to check only active instances, add
the active-state filter to the GetCount call instead of renaming).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@api/pkg/api/handler/nvlinklogicalpartition.go`:
- Around line 1280-1290: The variable and messages use “active” but the GetCount
call only filters by InstanceIDs (no active-state filter), so rename activeCount
and related log/messages to reflect any existing instances (e.g., instanceCount
or existingInstanceCount) and update the logger.Warn and returned error message
to say "Instances are associated with this NVLink Logical Partition, unable to
delete" (or similar); locate the code around instanceDAO.GetCount, the
activeCount variable, the logger.Warn().Int("active_instance_count", ...), and
the fmt.Sprintf(...) return to apply the renames and message edits (or
alternatively, if the original intent was to check only active instances, add
the active-state filter to the GetCount call instead of renaming).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6134dc63-dd43-479d-90c6-4a2d5301306b

📥 Commits

Reviewing files that changed from the base of the PR and between d804c42 and 8481171.

📒 Files selected for processing (5)

• api/pkg/api/handler/Untitled-1.js
• api/pkg/api/handler/infinibandpartition.go
• api/pkg/api/handler/infinibandpartition_test.go
• api/pkg/api/handler/nvlinklogicalpartition.go
• api/pkg/api/handler/nvlinklogicalpartition_test.go

🚧 Files skipped from review as they are similar to previous changes (3)

• api/pkg/api/handler/infinibandpartition.go
• api/pkg/api/handler/nvlinklogicalpartition_test.go
• api/pkg/api/handler/infinibandpartition_test.go