Details
-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
quay-v3.7.2
-
None
-
False
-
None
-
False
-
0
Description
Description:
This is an issue found when pull from cache with Quay 3.7.2, now when the user has admin or creator role of the target organization, quay allow to pull from cache. However, when the user only has member role, should not allow to pull from cache, the current behavior is when user only has member role, can still pull from cache, pls review this issue.
Quay Image: quay-operator-bundle-container-v3.7.2-7
User 'test' is only member of the organization, but can pull from cache
[root@quaysmpt centos]# podman pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4 --tls-verify=false --creds test:password
Trying to pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4...
Getting image source signatures
Copying blob e9915e1e4567 done
Copying blob 993443a6f038 done
Copying blob cbcd3be01d80 done
Copying blob 7b33a4a5ecee done
Copying blob 0a73835e2b86 done
Copying blob 78c4c43aaa34 done
Copying config 3aca3675ed done
Writing manifest to image destination
Storing signatures
3aca3675ed069c66c4d612c450e98c2abbb5d41ded7f0cac037e42b96a86db65