Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4703

Normal user be able to create repo in UI by image pushing after FEATURE_RESTRICTED_USERS enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • quay-v3.8.0
    • quay
    • False
    • None
    • False
    • Quay Enterprise
    • 0

      Description of problem:

      Normal user be able to create repo in UI by image pushing after FEATURE_RESTRICTED_USERS enabled

      Version-Release number of selected component (if applicable):

      'registry-proxy.engineering.redhat.com/rh-osbs/quay-quay-rhel8@sha256:d33899d766e7289ab898cb3e63ebb0b5e027e929d5489871745e36fb8ebf0bdd',
      'registry-proxy.engineering.redhat.com/rh-osbs/quay-quay-rhel8:v3.8.0-86'

      How reproducible:

      Always

      Steps to Reproduce:
      1. Enable FEATURE_RESTRICTED_USERS

      2. Login quay UI, create a normal excluded in whitelist

      3. Push image to non-existing repo under user account namespace, like:

      $ skopeo copy --dest-creds=quay:password --dest-tls-verify=false docker://quay.io/projectquay/clair:4.4.4 docker://10.0.78.224:8443/quay/clair

      Actual results:

      Pushing is failed, but succeed in creating repo in UI

      Expected results:

      Shouldn't create repo in UI

      Additional info:

      config.yaml:

      AUTHENTICATION_TYPE: Database
CREATE_NAMESPACE_ON_PUSH: true
FEATURE_RESTRICTED_USERS: true
RESTRICTED_USERS_WHITELIST:
  - user1

       

            sleesinc Kenny Lee Sin Cheong
            rhn-support-dyan Dongbo Yan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: