[Bug fix] Reject VM defined with volume with no matching disk

[iholder101]

What this PR does / why we need it:
Reject VM defined with volume with no matching disk.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1954667
Github issue: #5556

Release note:

[bugfix] - reject VM defined with volume with no matching disk

[stu-gott]

OK! this ensures there's always a disk if a volume exists.

Is the reflexive case required? Do we need a volume if a disk exists?

[iholder101]

The reflexive case is already being checked a few lines above (line 877) and there's also a test covering it

[stu-gott]

This appears to be something we could explicitly test for at the functional test level as well.

[vladikr]

@iholder-redhat volumes can also match spec.Domain.Devices.Filesystems

[vladikr]

see [1] for example.
[1] https://github.com/kubevirt/kubevirt/blob/master/pkg/virt-launcher/virtwrap/converter/converter.go#L1373

[iholder101]

Thanks!
diskNames is now diskAndFilesystemNames and contain both fs and disk names :)

[iholder101]

This appears to be something we could explicitly test for at the functional test level as well.

@stu-gott I've added functional tests :)
p.s. do we have a policy / rule of thumb on when to add a functional test?

[iholder101]

/retest

[iholder101]

/test pull-kubevirt-e2e-k8s-1.17-rook-ceph

[iholder101]

/test pull-kubevirt-unit-test

[zcahana]

nit: I think it's somewhat more idiomatic/common to use a map[string]struct{}, and then "signal the presence" of a disk/fs by having a diskAndFilesystemNames[disk.Name] = struct{}{}.

[iholder101]

Cool. I'm still new to Go, so good to know :)

[zcahana]

Here's a related post by the prophet Dave Cheney:
https://dave.cheney.net/2014/03/25/the-empty-struct

[zcahana]

typo-nit: machingDiskExists --> matchingDiskExists

[iholder101]

/retest

[zcahana]

It's worthy to mention that for plain Kubernetes pods, it's perfectly legal to define a pod volume but no volumeMount. The justification for that is unclear to me, and still it has been like that for years and there seem to be no open/closed bug about it.

Nevertheless, we can do better than pods. Thanks @iholder-redhat!
/lgtm

[vladikr]

Thank @iholder-redhat
/lgtm
/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vladikr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [vladikr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[stu-gott]

/cherry-pick release-0.41

[xpivarc]

/cherry-pick release-0.36

[kubevirt-bot]

@xpivarc: #5585 failed to apply on top of branch "release-0.36":

Applying: Add tests to ensure VM volume with missing disk / fs is rejected
Applying: Reject VM defined with volume with no matching disk / fs
Using index info to reconstruct a base tree...
M	pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
M	pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go
A	tests/storage/datavolume.go
Falling back to patching base and 3-way merge...
Auto-merging tests/datavolume_test.go
Auto-merging pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go
Auto-merging pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
CONFLICT (content): Merge conflict in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 Reject VM defined with volume with no matching disk / fs
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-0.36

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.