Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: quay-v3.8.2, quay-v3.9.0
Affects Version/s: quay-v3.8.0
Component/s: quay
Labels:
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False
Git Pull Request:
https://github.com/quay/quay-docs/pull/601

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

Description:

This is an issue of Quay 3.8.0 new feature "superuser full access", after enabled flag "FEATURE_SUPERUSERS_FULL_ACCESS: true", superuser can trigger and cancel build under normal user's namespace, but these operations can not be audited in the usage logs of normal user's organization. Pls review this issue.

Expected Deliverable: "any superuser action on tenant content can be audited"

Quay Image: quay-operator-bundle-container-v3.8.0-115

Superuser trigger the build under normal user's namespace:

Superuser cancel the build under normal user's namespace:

Check the usage logs:

The usage logs of normal user's organization:

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2022-11-09-16-10-17-968.png
172 kB
2022/11/09 8:10 AM
image-2022-11-09-16-13-09-190.png
236 kB
2022/11/09 8:13 AM
image-2022-11-09-16-18-14-634.png
358 kB
2022/11/09 8:18 AM
Screenshot from 2023-01-12 12-49-24.png
179 kB
2023/01/12 5:01 AM
Screenshot from 2023-02-09 18-06-58.png
155 kB
2023/02/09 10:15 AM

Issue Links

links to

quay/quay#1682: logs: audit logs on manual build triggers and build cancellations (PROJQUAY-4726)

quay/quay#1701: [redhat-3.8] logs: audit logs on manual build triggers and build cancellations (PROJQUAY-4726)

quay/quay#1705: logs: Add repository information for build audit logs (PROJQUAY-4726)

quay/quay#1720: [redhat-3.8] logs: Add repository information for build audit logs (PROJQUAY-4726)

mentioned on

Merge request - Updated 2 upstream sources

Merge request - Updated US source to: 1ab53c3 build(deps): bump pillow from 9.0.1 to 9.3.0 (#1739)

Merge request - Updated US source to: 8c56290 logs: Add repository information for build audit logs (PROJQUAY-4726) (#1720)

Merge request - Updated US source to: 68ec057 superusers: gives superusers access to team invite api (PROJQUAY-4765) (#1702)

Merge request - Updated US source to: 7547f6f chore: Remove appr dependencies (PROJQUAY-4992) (#1743)

Merge request - Updated US source to: 33451ca logs: audit logs on manual build triggers and build cancellations (PROJQUAY-4726) (#1682)

Merge request - Updated US source to: ce694e0 chore: remove deprecated appr code (PROJQUAY-4992) (#1729)

(6 mentioned on)

Activity

People

Assignee:: Kenny Lee Sin Cheong

Reporter:: luffy zhang

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2022/11/09 8:16 AM

Updated:: 2023/02/15 5:39 PM

Resolved:: 2023/02/15 5:39 PM