[PLAT-17224] Create universe and Edit Read replica failing because of missing primary cluster payload

Summary: isRootCARequired requires primary cluster to be present.

Test Plan:
itest must pass.

https://jenkins.dev.yugabyte.com/view/Dev/job/dev-itest-pipeline/1825/

Also, verified locally. The first 2 failed runs are before the change. The 3rd one (top) succeeded after the fix.

{F344971}

{F344972}

Reviewers: anabaria, yshchetinin, anijhawan

Reviewed By: anabaria, yshchetinin

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D42962

Author: nkhogen

managed/src/main/java/com/yugabyte/yw/commissioner/tasks/AddOnClusterCreate.java

@@ -69,7 +69,7 @@ public void run() {
       createPreflightNodeCheckTasks(Collections.singletonList(cluster));
 
       // Add check for certificateConfig
-      createCheckCertificateConfigTask(Collections.singletonList(cluster));
+      createCheckCertificateConfigTask(universe, Collections.singletonList(cluster));
 
       // Create the nodes.
       // State checking is enabled because the subtasks are not idempotent.

managed/src/main/java/com/yugabyte/yw/commissioner/tasks/CreateUniverse.java

@@ -174,7 +174,7 @@ public void run() {
       createPreflightNodeCheckTasks(taskParams().clusters);
 
       // Create certificate config check tasks for on-prem nodes.
-      createCheckCertificateConfigTask(taskParams().clusters);
+      createCheckCertificateConfigTask(universe, taskParams().clusters);
 
       // Provision the nodes.
       // State checking is enabled because the subtasks are not idempotent.

managed/src/main/java/com/yugabyte/yw/commissioner/tasks/EditUniverseTaskBase.java

@@ -79,7 +79,7 @@ protected void configureTaskParams(Universe universe) {
     }
     createPreflightNodeCheckTasks(taskParams().clusters);
 
-    createCheckCertificateConfigTask(taskParams().clusters);
+    createCheckCertificateConfigTask(universe, taskParams().clusters);
   }
 
   protected void freezeUniverseInTxn(Universe universe) {

managed/src/main/java/com/yugabyte/yw/commissioner/tasks/ReadOnlyClusterCreate.java

@@ -55,7 +55,7 @@ protected void configureTaskParams(Universe universe) {
     Collection<Cluster> clusters = taskParams().getReadOnlyClusters();
     // Create preflight node check tasks for on-prem nodes.
     createPreflightNodeCheckTasks(clusters);
-    createCheckCertificateConfigTask(clusters);
+    createCheckCertificateConfigTask(universe, clusters);
   }
 
   protected void freezeUniverseInTxn(Universe universe) {

managed/src/main/java/com/yugabyte/yw/commissioner/tasks/UniverseDefinitionTaskBase.java

@@ -2208,16 +2208,6 @@ public void createPreflightNodeCheckTasks(Collection<Cluster> clusters) {
     }
   }
 
-  public void createCheckCertificateConfigTask(
-      Collection<Cluster> clusters,
-      Set<NodeDetails> nodes,
-      @Nullable UUID rootCA,
-      @Nullable UUID clientRootCA,
-      boolean enableClientToNodeEncrypt) {
-    createCheckCertificateConfigTask(
-        clusters, nodes, rootCA, clientRootCA, enableClientToNodeEncrypt, null);
-  }
-
   /**
    * Create preflight node check to check certificateConfig for on-prem nodes in the universe
    *
@@ -2299,9 +2289,10 @@ && taskParams()
    * Create check certificate config tasks for on-prem nodes in the clusters if the nodes are in
    * ToBeAdded state.
    *
-   * @param clusters the clusters
+   * @param universe the universe to which the clusters belong.
+   * @param clusters the clusters.
    */
-  public void createCheckCertificateConfigTask(Collection<Cluster> clusters) {
+  public void createCheckCertificateConfigTask(Universe universe, Collection<Cluster> clusters) {
     log.info("Checking certificate config for on-prem nodes in the universe.");
     Set<Cluster> onPremClusters =
         clusters.stream()
@@ -2311,22 +2302,26 @@ public void createCheckCertificateConfigTask(Collection<Cluster> clusters) {
       log.info("No on-prem clusters found in the universe.");
       return;
     }
+
     UUID rootCA =
-        EncryptionInTransitUtil.isRootCARequired(taskParams()) ? taskParams().rootCA : null;
+        EncryptionInTransitUtil.isRootCARequired(universe.getUniverseDetails())
+            ? taskParams().rootCA
+            : null;
     UUID clientRootCA =
-        EncryptionInTransitUtil.isClientRootCARequired(taskParams())
+        EncryptionInTransitUtil.isClientRootCARequired(universe.getUniverseDetails())
             ? taskParams().getClientRootCA()
             : null;
-    boolean enableClientToNodeEncrypt =
-        taskParams().getPrimaryCluster().userIntent.enableClientToNodeEncrypt;
-    // If both rootCA and clientRootCA are empty, then we don't need to check the certificate config
+    // If both rootCA and clientRootCA are empty, then we don't need to check the certificate
+    // config.
     if (rootCA == null && clientRootCA == null) {
       return;
     }
 
     Set<NodeDetails> nodesToProvision =
         PlacementInfoUtil.getNodesToProvision(taskParams().nodeDetailsSet);
     if (CollectionUtils.isNotEmpty(nodesToProvision)) {
+      boolean enableClientToNodeEncrypt =
+          universe.getUniverseDetails().getPrimaryCluster().userIntent.enableClientToNodeEncrypt;
       createCheckCertificateConfigTask(
           clusters, nodesToProvision, rootCA, clientRootCA, enableClientToNodeEncrypt, null);
     }