-
Notifications
You must be signed in to change notification settings - Fork 1
Child tenants see no default VM images — picker reads cozy-public PVCs directly instead of via an Option source #37
Copy link
Copy link
Open
Labels
area/formsIssues or PRs related to RJSF schema forms and widgets (backup, external-ips, storage-class, etc.)Issues or PRs related to RJSF schema forms and widgets (backup, external-ips, storage-class, etc.)area/tenantsIssues or PRs related to tenant context, tenant-namespace scoping, multi-tenancyIssues or PRs related to tenant context, tenant-namespace scoping, multi-tenancyarea/vmIssues or PRs related to virtual machines — VNC console, VM tabs, kubevirt integrationIssues or PRs related to virtual machines — VNC console, VM tabs, kubevirt integrationkind/bugCategorizes issue or PR as related to a bugCategorizes issue or PR as related to a bugpriority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next releaseMust be staffed and worked on either currently, or very soon, ideally in time for the next release
Description
Metadata
Metadata
Assignees
Labels
area/formsIssues or PRs related to RJSF schema forms and widgets (backup, external-ips, storage-class, etc.)Issues or PRs related to RJSF schema forms and widgets (backup, external-ips, storage-class, etc.)area/tenantsIssues or PRs related to tenant context, tenant-namespace scoping, multi-tenancyIssues or PRs related to tenant context, tenant-namespace scoping, multi-tenancyarea/vmIssues or PRs related to virtual machines — VNC console, VM tabs, kubevirt integrationIssues or PRs related to virtual machines — VNC console, VM tabs, kubevirt integrationkind/bugCategorizes issue or PR as related to a bugCategorizes issue or PR as related to a bugpriority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next releaseMust be staffed and worked on either currently, or very soon, ideally in time for the next release
Type
Fields
Give feedbackNo fields configured for issues without a type.
Summary
Default VM images are visible only to the root tenant. Child tenants see an empty image list in the VM create form, so they cannot pick a default golden image.
Mechanism
The image picker reads PersistentVolumeClaims directly from the
cozy-publicnamespace:apps/console/src/components/SourceField.tsx—useImageOptions()callsuseK8sListwith a hardcodednamespace: "cozy-public"and filters PVCs by thevm-default-images-prefix.The console talks to the Kubernetes API as the logged-in user, so this list is subject to that user's RBAC. The default golden images are provisioned as PVCs/DataVolumes in
cozy-public(platformvm-default-imagespackage), but the shared tenant role bound in that namespace (cozy:tenant:dashboard) grants read only on Fluxhelmrepositories/helmcharts— not onpersistentvolumeclaims. So a child-tenant identity gets an empty/forbidden list and sees no images, while the root-tenant identity (broader access) sees them. Hence the asymmetry.Suggested fix
Serve the image list the same way storage classes, VM disks and instance types are now served — through the privileged, server-side
Optionresource (core.cozystack.io) introduced in #2778 — instead of a direct PVC read fromcozy-public:Optionsource (e.g.vmImage) computed server-side with privileged access, listing thevm-default-images-*entries fromcozy-public.x-cozystack-optionsso it renders viaDynamicOptionsWidget.useImageOptionsPVC read inSourceField.tsx.This routes around the tenant RBAC entirely (tenants need no read on
cozy-publicPVCs) and matches the pattern the rest of the form already uses. This depends on a backendOptionsource, mirroring how the dropdown migration in #30 depended on #2778.Source
A user reported that the images of the default image package are only visible to the root tenant, not to child tenants.