-
Bug
-
Resolution: Not a Bug
-
Blocker
-
None
-
quay-v3.7.2
-
None
-
False
-
None
-
False
Description:
This is a permission issue found when using Quay new feature "pull from cache", now there're two normal users 'test' and 'test2', these two users 'test' and 'test2' are on the vpteam team (the team has "Member" role), and user test2 can pull from any repositories in the testpullcache org regardless of the permission assigned to that team and without any default permissions set, the expected behavior should be the pull from cache with user2 should be failed with permission error.
Quay Image: quay-operator-bundle-container-v3.7.2-7
[root@quaysmpt centos]# podman pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4 --tls-verify=false --creds test:password Trying to pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4... Getting image source signatures Copying blob cbcd3be01d80 skipped: already exists Copying blob e9915e1e4567 skipped: already exists Copying blob 993443a6f038 skipped: already exists Copying blob 7b33a4a5ecee skipped: already exists Copying blob 0a73835e2b86 skipped: already exists Copying blob 78c4c43aaa34 skipped: already exists Copying config 3aca3675ed done Writing manifest to image destination Storing signatures 3aca3675ed069c66c4d612c450e98c2abbb5d41ded7f0cac037e42b96a86db65 [root@quaysmpt centos]# podman pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4 --tls-verify=false --creds test2:password Trying to pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/rhceph-dev/ocs-registry:latest-stable-4.10.4... Getting image source signatures Copying blob cbcd3be01d80 skipped: already exists Copying blob e9915e1e4567 skipped: already exists Copying blob 993443a6f038 skipped: already exists Copying blob 7b33a4a5ecee skipped: already exists Copying blob 78c4c43aaa34 skipped: already exists Copying blob 0a73835e2b86 skipped: already exists Copying config 3aca3675ed done Writing manifest to image destination Storing signatures 3aca3675ed069c66c4d612c450e98c2abbb5d41ded7f0cac037e42b96a86db65 [root@quaysmpt centos]# podman pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/quay-qetest/postgres:latest --tls-verify=false --creds test2:password Trying to pull quay370.apps.quayperf370.perfscale.devcluster.openshift.com/testpullcache/quay-qetest/postgres:latest... Getting image source signatures Copying blob 6715a45abab9 done Copying blob 0c2fbc0e8f61 done Copying blob 022ce4385fc8 done Copying blob 3264bf5cab32 done Copying blob d46b9cbbd6bb done Copying blob f979a7c51fc8 done Copying blob 05fb8fb74e6b done Copying blob 6decf59621f7 done Copying blob 4e7d90144d3b done Copying blob 3c72a7c8d968 done Copying blob 4ab8e7d3b6cc done Copying blob f93b7d3396c2 done Copying blob ba3fba6b5d9d done Copying config 5b21e2e86a done Writing manifest to image destination Storing signatures 5b21e2e86aab1630251ecfb5d0d715634c0965931e8f5ab5d2dc6bce3aeb92fa
No repository level permissions assigned:
- is caused by
-
-
- Closed
-
- links to
